Skip to content
@ossf

Open Source Security Foundation (OpenSSF)

OpenSSF is a community of software developers and security engineers who are working together to secure open source software for the greater public good.
README.md

OpenSSFLogo

OpenSSF is committed to working both upstream and with existing communities to advance open source security for all.

We foster collaboration, establish best practices, and develop innovative solutions to secure the development, maintenance, and consumption of open source software. OpenSSF is part of the nonprofit Linux Foundation.

For any questions, concerns, reports, etc., please email operations@openssf.org.

Get Involved

Membership

We encourage all individual contributors to work with their employers to become members. We aim to grow an active, healthy community of contributors, reviewers, and code owners. Learn more about the requirements and responsibilities of membership in our Membership page or see current members.

Pinned Loading

  1. wg-best-practices-os-developers wg-best-practices-os-developers Public

    The Best Practices for OSS Developers working group is dedicated to raising awareness and education of secure code best practices for open source developers.

    JavaScript 807 140

  2. ai-ml-security ai-ml-security Public

    Potential WG on Artificial Intelligence and Machine Learning (AI/ML)

    59 10

  3. wg-securing-critical-projects wg-securing-critical-projects Public

    Helping allocate resources to secure the critical open source projects we all depend on.

    339 40

  4. wg-securing-software-repos wg-securing-software-repos Public

    OpenSSF Working Group on Securing Software Repositories

    95 19

  5. tac tac Public

    Technical Advisory Council

    114 59

  6. foundation foundation Public

    OpenSSF Governance and Legal Docs

    70 19

Repositories

Showing 10 of 67 repositories
  • scorecard-webapp Public

    Website and API for OpenSSF Scorecard

    ossf/scorecard-webapp’s past year of commit activity
    HTML 23 Apache-2.0 27 31 (1 issue needs help) 5 Updated Jan 26, 2025
  • malicious-packages Public

    A repository of reports of malicious packages identified in Open Source package repositories, consumable via the Open Source Vulnerability (OSV) format.

    ossf/malicious-packages’s past year of commit activity
    Go 283 Apache-2.0 26 10 1 Updated Jan 26, 2025
  • allstar Public

    GitHub App to set and enforce security policies

    ossf/allstar’s past year of commit activity
    Go 1,271 Apache-2.0 124 68 (21 issues need help) 2 Updated Jan 26, 2025
  • fuzz-introspector Public

    Fuzz Introspector -- introspect, extend and optimise fuzzers

    ossf/fuzz-introspector’s past year of commit activity
    Python 392 Apache-2.0 60 97 (1 issue needs help) 2 Updated Jan 26, 2025
  • security-baseline Public
    ossf/security-baseline’s past year of commit activity
    Go 12 Apache-2.0 12 29 (4 issues need help) 7 Updated Jan 25, 2025
  • scorecard-visualizer Public

    Tool for visualizing the Open SSF Scorecard Api data in a human friendly way

    ossf/scorecard-visualizer’s past year of commit activity
    TypeScript 13 Apache-2.0 4 1 6 Updated Jan 25, 2025
  • scorecard Public

    OpenSSF Scorecard - Security health metrics for Open Source

    ossf/scorecard’s past year of commit activity
    Go 4,737 Apache-2.0 510 344 (11 issues need help) 5 Updated Jan 25, 2025
  • scorecard-monitor Public

    Simplify OpenSSF Scorecard tracking in your organization with automated markdown and JSON reports, plus optional GitHub issue alerts

    ossf/scorecard-monitor’s past year of commit activity
    JavaScript 32 Apache-2.0 13 13 4 Updated Jan 25, 2025
  • tac Public

    Technical Advisory Council

    ossf/tac’s past year of commit activity
    114 59 24 (6 issues need help) 7 Updated Jan 24, 2025
  • criticality_score Public

    Gives criticality score for an open source project

    ossf/criticality_score’s past year of commit activity
    Go 1,350 Apache-2.0 120 41 33 Updated Jan 24, 2025
View all repositories