Skip to content

@ossf Open Source Security Foundation (OpenSSF)

Change the repository type filter

All

    Repositories list

    74 repositories

    • glossary

      Public
      A reference for common terms when talking about OpenSSF and open source software security.
      JavaScript
      Apache License 2.0
      4527Updated Nov 16, 2025Nov 16, 2025

    • scorecard-webapp

      Public
      Website and API for OpenSSF Scorecard
      openssf-scorecard
      Go
      Apache License 2.0
      31283111Updated Nov 15, 2025Nov 15, 2025

    • scorecard-action

      Public
      Official GitHub Action for OpenSSF Scorecard.
      githubsecuritysupply-chaingithub-actionsopenssf-scorecard
      Go
      Apache License 2.0
      79340261Updated Nov 15, 2025Nov 15, 2025

    • malicious-packages

      Public
      A repository of reports of malicious packages identified in Open Source package repositories, consumable via the Open Source Vulnerability (OSV) format.
      Go
      Apache License 2.0
      64401116Updated Nov 15, 2025Nov 15, 2025

    • sbom-everywhere

      Public
      Improve Software Bill of Materials (SBOM) tooling and training to encourage adoption
      Vue
      Apache License 2.0
      38105226Updated Nov 15, 2025Nov 15, 2025

    • education

      Public
      OpenSSF Education SIG
      Apache License 2.0
      161842Updated Nov 15, 2025Nov 15, 2025

    • SIRT

      Public
      The OSS-SIRT SIG (Open Source Software Security Incident Response Team Special Interest Group) is a group working within the OSSF's Vulnerability Disclosure Working Group that is focused on creating secure vulnerability management capabilities within the open source ecosystem to ensure effective coordinated vulnerability disclosure practices (CVD)
      Apache License 2.0
      61021Updated Nov 15, 2025Nov 15, 2025

    • oss-vulnerability-guide

      Public
      A guide on coordinated vulnerability disclosure for open source projects. Includes templates for security policies (security.md) and disclosure notifications.
      Creative Commons Attribution 4.0 International
      4213051Updated Nov 15, 2025Nov 15, 2025

    • wg-best-practices-os-developers

      Public
      The Best Practices for OSS Developers working group is dedicated to raising awareness and education of secure code best practices for open source developers.
      JavaScript
      Apache License 2.0
      1839486610Updated Nov 15, 2025Nov 15, 2025

    • security-baseline

      Public
      Go
      Apache License 2.0
      32117504Updated Nov 14, 2025Nov 14, 2025

    • scorecard

      Public
      OpenSSF Scorecard - Security health metrics for Open Source
      scorecardopenssf-scorecard
      Go
      Apache License 2.0
      5815.1k3612Updated Nov 14, 2025Nov 14, 2025

    • gemara

      Public
      Minimizing rework for governance activities.
      Go
      Apache License 2.0
      1528274Updated Nov 14, 2025Nov 14, 2025

    • scorecard-visualizer

      Public
      Tool for visualizing the Open SSF Scorecard Api data in a human friendly way
      openssfopenssf-scorecard
      TypeScript
      Apache License 2.0
      618110Updated Nov 14, 2025Nov 14, 2025

    • wg-securing-software-repos

      Public
      OpenSSF Working Group on Securing Software Repositories
      Other
      25122214Updated Nov 13, 2025Nov 13, 2025

    • osv-schema

      Public
      Open Source Vulnerability schema.
      Go
      Apache License 2.0
      1052153510Updated Nov 12, 2025Nov 12, 2025

    • tac

      Public
      Technical Advisory Council
      Other
      72133349Updated Nov 12, 2025Nov 12, 2025

    • ossf-landscape

      Public
      Apache License 2.0
      273001Updated Nov 11, 2025Nov 11, 2025

    • allstar

      Public
      GitHub App to set and enforce security policies
      Go
      Apache License 2.0
      1431.4k590Updated Nov 10, 2025Nov 10, 2025

    • alpha-omega

      Public
      Our mission is to catalyze sustainable improvements to critical open source software projects and ecosystems.
      securityopensourceopen-source-security
      Open Policy Agent
      Apache License 2.0
      6111003Updated Nov 3, 2025Nov 3, 2025

    • fuzz-introspector

      Public
      Fuzz Introspector -- introspect, extend and optimise fuzzers
      testingsecurityfuzzingfuzz-testingvulnerability-analysissecurity-research
      Python
      Apache License 2.0
      764331032Updated Nov 3, 2025Nov 3, 2025

    • ai-ml-security

      Public
      Working Group on Artificial Intelligence and Machine Learning (AI/ML) Security
      Apache License 2.0
      2012071Updated Oct 17, 2025Oct 17, 2025

    • wg-vulnerability-disclosures

      Public
      The OpenSSF Vulnerability Disclosures Working Group seeks to help improve the overall security of the open source software ecosystem by helping mature and advocate well-managed vulnerability reporting and communication.
      Apache License 2.0
      42203340Updated Oct 1, 2025Oct 1, 2025

    • wg-orbit

      Public
      ORBIT: Open Resources for Baselines, Interoperability, and Tooling
      Apache License 2.0
      42090Updated Sep 29, 2025Sep 29, 2025

    • artwork

      Public
      OpenSSF Artwork
      Apache License 2.0
      10900Updated Sep 18, 2025Sep 18, 2025

    • security-insights

      Public
      Machine-readable specification for the attestation of security-relevant data.
      CUE
      Other
      1463101Updated Sep 16, 2025Sep 16, 2025

    • foundation

      Public
      OpenSSF Governance and Legal Docs
      Apache License 2.0
      177300Updated Sep 9, 2025Sep 9, 2025

    • security-assessments

      Public
      Apache License 2.0
      41562Updated Aug 28, 2025Aug 28, 2025

    • wg-globalcyberpolicy

      Public
      Global Cyber Policy Working Group
      Apache License 2.0
      1794101Updated Aug 20, 2025Aug 20, 2025

    • .github

      Public
      Github configuration
      5201Updated Aug 14, 2025Aug 14, 2025

    • Memory-Safety

      Public
      Apache License 2.0
      1731130Updated Aug 14, 2025Aug 14, 2025