Skip to content
Change the repository type filter

All

    Repositories list

    • A repository of reports of malicious packages identified in Open Source package repositories, consumable via the Open Source Vulnerability (OSV) format.
      Go
      Apache License 2.0
      242731210Updated Dec 26, 2024Dec 26, 2024
    • Gives criticality score for an open source project
      Go
      Apache License 2.0
      1201.3k4133Updated Dec 25, 2024Dec 25, 2024
    • Website and API for OpenSSF Scorecard
      HTML
      Apache License 2.0
      27233113Updated Dec 24, 2024Dec 24, 2024
    • Official GitHub Action for OpenSSF Scorecard.
      Go
      Apache License 2.0
      72272274Updated Dec 23, 2024Dec 23, 2024
    • Fuzz Introspector -- introspect, extend and optimise fuzzers
      Python
      Apache License 2.0
      59387963Updated Dec 23, 2024Dec 23, 2024
    • scorecard

      Public
      OpenSSF Scorecard - Security health metrics for Open Source
      Go
      Apache License 2.0
      5084.7k3404Updated Dec 23, 2024Dec 23, 2024
    • allstar

      Public
      GitHub App to set and enforce security policies
      Go
      Apache License 2.0
      1241.3k672Updated Dec 23, 2024Dec 23, 2024
    • Tool for visualizing the Open SSF Scorecard Api data in a human friendly way
      TypeScript
      Apache License 2.0
      313121Updated Dec 23, 2024Dec 23, 2024
    • Go
      Apache License 2.0
      11102917Updated Dec 20, 2024Dec 20, 2024
    • Open Source Package Analysis
      Go
      Apache License 2.0
      517675912Updated Dec 20, 2024Dec 20, 2024
    • Global Cyber Policy Working Group
      Apache License 2.0
      3320Updated Dec 19, 2024Dec 19, 2024
    • wg-dei

      Public
      The Diversity, Equity, and Inclusion Working Group mission is to increase representation and strengthen the overall effectiveness of the cybersecurity workforce.
      Apache License 2.0
      1662Updated Dec 18, 2024Dec 18, 2024
    • The Best Practices for OSS Developers working group is dedicated to raising awareness and education of secure code best practices for open source developers.
      JavaScript
      Apache License 2.0
      1397915614Updated Dec 17, 2024Dec 17, 2024
    • Apache License 2.0
      262710Updated Dec 17, 2024Dec 17, 2024
    • Improve Software Bill of Materials (SBOM) tooling and training to encourage adoption
      Vue
      Apache License 2.0
      2676252Updated Dec 15, 2024Dec 15, 2024
    • tac

      Public
      Technical Advisory Council
      Other
      60111247Updated Dec 12, 2024Dec 12, 2024
    • Open Source Vulnerability schema.
      Python
      Apache License 2.0
      851892811Updated Dec 10, 2024Dec 10, 2024
    • Secure Software Development Fundamentals courses (from the OpenSSF Best Practices WG)
      CSS
      Creative Commons Attribution 4.0 International
      48185341Updated Dec 10, 2024Dec 10, 2024
    • Our mission is to catalyze sustainable improvements to critical open source software projects and ecosystems.
      Open Policy Agent
      Apache License 2.0
      5286511Updated Dec 9, 2024Dec 9, 2024
    • census

      Public
      📜Automated review of open source software projects
      HTML
      Other
      30116251Updated Dec 6, 2024Dec 6, 2024
    • glossary

      Public
      JavaScript
      Apache License 2.0
      1101Updated Dec 5, 2024Dec 5, 2024
    • Apache License 2.0
      122160Updated Dec 4, 2024Dec 4, 2024
    • Feed parsing for language package manager updates
      Go
      Apache License 2.0
      24752112Updated Dec 4, 2024Dec 4, 2024
    • The OpenSSF Vulnerability Disclosures Working Group seeks to help improve the overall security of the open source software ecosystem by helping mature and advocate well-managed vulnerability reporting and communication.
      Apache License 2.0
      41183260Updated Nov 25, 2024Nov 25, 2024
    • artwork

      Public
      OpenSSF Artwork
      Apache License 2.0
      8801Updated Nov 5, 2024Nov 5, 2024
    • OpenSSF Working Group on Securing Software Repositories
      Other
      199464Updated Oct 28, 2024Oct 28, 2024
    • Potential WG on Artificial Intelligence and Machine Learning (AI/ML)
      Apache License 2.0
      105730Updated Oct 23, 2024Oct 23, 2024
    • Helping allocate resources to secure the critical open source projects we all depend on.
      Apache License 2.0
      40334220Updated Oct 10, 2024Oct 10, 2024
    • OPENSSF SECURITY INSIGHTS: Repository for development of the draft standard, where requests for modification should be made via Github Issues.
      Other
      1052143Updated Sep 5, 2024Sep 5, 2024
    • s2c2f

      Public
      The S2C2F Project is a group working within the OpenSSF's Supply Chain Integrity Working Group formed to further develop and continuously improve the S2C2F guide which outlines and defines how to securely consume Open Source Software (OSS) dependencies into the developer’s workflow.
      Other
      2519451Updated Aug 27, 2024Aug 27, 2024