Skip to content

@ossf Open Source Security Foundation (OpenSSF)

Change the repository type filter

All

    Repositories list

    72 repositories

    • malicious-packages

      Public
      A repository of reports of malicious packages identified in Open Source package repositories, consumable via the Open Source Vulnerability (OSV) format.
      Go
      Apache License 2.0
      45321144Updated Jul 27, 2025Jul 27, 2025

    • wg-vulnerability-disclosures

      Public
      The OpenSSF Vulnerability Disclosures Working Group seeks to help improve the overall security of the open source software ecosystem by helping mature and advocate well-managed vulnerability reporting and communication.
      Apache License 2.0
      42194312Updated Jul 24, 2025Jul 24, 2025

    • scorecard

      Public
      OpenSSF Scorecard - Security health metrics for Open Source
      scorecardopenssf-scorecard
      Go
      Apache License 2.0
      5605k36025Updated Jul 24, 2025Jul 24, 2025

    • scorecard-action

      Public
      Official GitHub Action for OpenSSF Scorecard.
      githubsecuritysupply-chaingithub-actionsopenssf-scorecard
      Go
      Apache License 2.0
      77321262Updated Jul 24, 2025Jul 24, 2025

    • scorecard-visualizer

      Public
      Tool for visualizing the Open SSF Scorecard Api data in a human friendly way
      openssfopenssf-scorecard
      TypeScript
      Apache License 2.0
      516111Updated Jul 24, 2025Jul 24, 2025

    • wg-best-practices-os-developers

      Public
      The Best Practices for OSS Developers working group is dedicated to raising awareness and education of secure code best practices for open source developers.
      JavaScript
      Apache License 2.0
      1728946212Updated Jul 24, 2025Jul 24, 2025

    • scorecard-webapp

      Public
      Website and API for OpenSSF Scorecard
      openssf-scorecard
      HTML
      Apache License 2.0
      29243412Updated Jul 23, 2025Jul 23, 2025

    • sbom-everywhere

      Public
      Improve Software Bill of Materials (SBOM) tooling and training to encourage adoption
      Vue
      Apache License 2.0
      3795223Updated Jul 22, 2025Jul 22, 2025

    • fuzz-introspector

      Public
      Fuzz Introspector -- introspect, extend and optimise fuzzers
      testingsecurityfuzz-testingvulnerability-analysissecurity-researchfuzzing
      Python
      Apache License 2.0
      734241021Updated Jul 21, 2025Jul 21, 2025

    • allstar

      Public
      GitHub App to set and enforce security policies
      Go
      Apache License 2.0
      1301.3k704Updated Jul 21, 2025Jul 21, 2025

    • security-baseline

      Public
      Go
      Apache License 2.0
      2798427Updated Jul 21, 2025Jul 21, 2025

    • security-insights

      Public
      Machine-readable specification for the attestation of security-relevant data.
      CUE
      Other
      145991Updated Jul 19, 2025Jul 19, 2025

    • global-cybersecurity-skills-framework

      Public
      Global CyberSecurity Skills Framework
      Apache License 2.0
      0000Updated Jul 18, 2025Jul 18, 2025

    • osv-schema

      Public
      Open Source Vulnerability schema.
      Go
      Apache License 2.0
      97205339Updated Jul 18, 2025Jul 18, 2025

    • tac

      Public
      Technical Advisory Council
      Other
      721282713Updated Jul 16, 2025Jul 16, 2025

    • ossf-landscape

      Public
      Apache License 2.0
      273000Updated Jul 14, 2025Jul 14, 2025

    • Memory-Safety

      Public
      Apache License 2.0
      1528121Updated Jul 10, 2025Jul 10, 2025

    • ai-ml-security

      Public
      Working Group on Artificial Intelligence and Machine Learning (AI/ML) Security
      Apache License 2.0
      159740Updated Jul 9, 2025Jul 9, 2025

    • alpha-omega

      Public
      Our mission is to catalyze sustainable improvements to critical open source software projects and ecosystems.
      securityopensourceopen-source-security
      Open Policy Agent
      Apache License 2.0
      58107524Updated Jul 7, 2025Jul 7, 2025

    • wg-security-tooling

      Public
      OpenSSF Security Tooling Working Group
      Apache License 2.0
      52312180Updated Jul 6, 2025Jul 6, 2025

    • artwork

      Public
      OpenSSF Artwork
      Apache License 2.0
      10900Updated Jul 1, 2025Jul 1, 2025

    • wg-globalcyberpolicy

      Public
      Global Cyber Policy Working Group
      Apache License 2.0
      117791Updated Jul 1, 2025Jul 1, 2025

    • model-signing-spec

      Public
      Model Signing Specification
      Apache License 2.0
      1110Updated Jun 24, 2025Jun 24, 2025

    • glossary

      Public
      A reference for common terms when talking about OpenSSF and open source software security.
      JavaScript
      Apache License 2.0
      3423Updated Jun 23, 2025Jun 23, 2025

    • secure-sw-dev-fundamentals

      Public
      Secure Software Development Fundamentals courses (from the OpenSSF Best Practices WG)
      CSS
      Creative Commons Attribution 4.0 International
      52196342Updated Jun 14, 2025Jun 14, 2025

    • toolbelt

      Public
      Apache License 2.0
      52100Updated Jun 10, 2025Jun 10, 2025

    • si-tooling

      Public
      Python
      Apache License 2.0
      3511Updated Jun 10, 2025Jun 10, 2025

    • wg-orbit

      Public
      ORBIT: Open Resources for Baselines, Interoperability, and Tooling
      Apache License 2.0
      41661Updated Jun 7, 2025Jun 7, 2025

    • education

      Public
      OpenSSF Education SIG
      Apache License 2.0
      151730Updated May 28, 2025May 28, 2025

    • SIRT

      Public
      The OSS-SIRT SIG (Open Source Software Security Incident Response Team Special Interest Group) is a group working within the OSSF's Vulnerability Disclosure Working Group that is focused on creating secure vulnerability management capabilities within the open source ecosystem to ensure effective coordinated vulnerability disclosure practices (CVD)
      Apache License 2.0
      61020Updated May 27, 2025May 27, 2025