Repositories list

• wg-best-practices-os-developers

  Public
  The Best Practices for OSS Developers working group is dedicated to raising awareness and education of secure code best practices for open source developers.

  JavaScript

  •

  Apache License 2.0

  •139•807•57•13•Updated Jan 22, 2025Jan 22, 2025

• malicious-packages

  Public
  A repository of reports of malicious packages identified in Open Source package repositories, consumable via the Open Source Vulnerability (OSV) format.

  Go

  •

  Apache License 2.0

  •26•283•11•1•Updated Jan 22, 2025Jan 22, 2025

• fuzz-introspector

  Public
  Fuzz Introspector -- introspect, extend and optimise fuzzers

  testingsecurityfuzz-testing+ 3vulnerability-analysissecurity-researchfuzzing

  Python

  •

  Apache License 2.0

  •59•391•97•3•Updated Jan 22, 2025Jan 22, 2025

• allstar

  Public
  GitHub App to set and enforce security policies

  Go

  •

  Apache License 2.0

  •124•1.3k•68•10•Updated Jan 22, 2025Jan 22, 2025

• scorecard-visualizer

  Public
  Tool for visualizing the Open SSF Scorecard Api data in a human friendly way

  openssfopenssf-scorecard

  TypeScript

  •

  Apache License 2.0

  •3•13•1•21•Updated Jan 22, 2025Jan 22, 2025

• sbom-everywhere

  Public
  Improve Software Bill of Materials (SBOM) tooling and training to encourage adoption

  Vue

  •

  Apache License 2.0

  •26•76•25•3•Updated Jan 22, 2025Jan 22, 2025

• criticality_score

  Public
  Gives criticality score for an open source project

  Go

  •

  Apache License 2.0

  •120•1.4k•41•33•Updated Jan 22, 2025Jan 22, 2025

• scorecard-monitor

  Public
  Simplify OpenSSF Scorecard tracking in your organization with automated markdown and JSON reports, plus optional GitHub issue alerts

  securitysecurity-auditsecurity-tools+ 3github-actionsopen-source-managementopenssf-scorecard

  JavaScript

  •

  Apache License 2.0

  •13•32•13•3•Updated Jan 21, 2025Jan 21, 2025

• scorecard-action

  Public
  Official GitHub Action for OpenSSF Scorecard.

  githubsecuritysupply-chain+ 2github-actionsopenssf-scorecard

  Go

  •

  Apache License 2.0

  •70•276•27•1•Updated Jan 21, 2025Jan 21, 2025

• security-baseline

  Public
  Go

  •

  Apache License 2.0

  •12•12•28•4•Updated Jan 21, 2025Jan 21, 2025

• .github

  Public
  Github configuration

  2•1•0•1•Updated Jan 21, 2025Jan 21, 2025

• glossary

  Public
  JavaScript

  •

  Apache License 2.0

  •1•1•0•2•Updated Jan 21, 2025Jan 21, 2025

• scorecard

  Public
  OpenSSF Scorecard - Security health metrics for Open Source

  scorecardopenssf-scorecard

  Go

  •

  Apache License 2.0

  •510•4.7k•342•3•Updated Jan 21, 2025Jan 21, 2025

• foundation

  Public
  OpenSSF Governance and Legal Docs

  Apache License 2.0

  •19•70•0•1•Updated Jan 21, 2025Jan 21, 2025

• tac

  Public
  Technical Advisory Council

  Other

  •59•114•24•8•Updated Jan 21, 2025Jan 21, 2025

• wg-globalcyberpolicy

  Public
  Global Cyber Policy Working Group

  Apache License 2.0

  •3•6•4•1•Updated Jan 21, 2025Jan 21, 2025

• ossf-landscape

  Public
  Apache License 2.0

  •26•27•1•0•Updated Jan 21, 2025Jan 21, 2025

• scorecard-webapp

  Public
  Website and API for OpenSSF Scorecard

  openssf-scorecard

  HTML

  •

  Apache License 2.0

  •27•23•31•12•Updated Jan 20, 2025Jan 20, 2025

• osv-schema

  Public
  Open Source Vulnerability schema.

  Python

  •

  Apache License 2.0

  •89•190•27•12•Updated Jan 20, 2025Jan 20, 2025

• oss-vulnerability-guide

  Public
  A guide on coordinated vulnerability disclosure for open source projects. Includes templates for security policies (security.md) and disclosure notifications.

  Creative Commons Attribution 4.0 International

  •47•119•4•0•Updated Jan 16, 2025Jan 16, 2025

• security-insights-spec

  Public
  OPENSSF SECURITY INSIGHTS: Repository for development of the draft standard, where requests for modification should be made via Github Issues.

  CUE

  •

  Other

  •10•56•3•2•Updated Jan 16, 2025Jan 16, 2025

• alpha-omega

  Public
  Our mission is to catalyze sustainable improvements to critical open source software projects and ecosystems.

  securityopensourceopen-source-security

  Open Policy Agent

  •

  Apache License 2.0

  •51•87•52•2•Updated Jan 15, 2025Jan 15, 2025

• wg-dei

  Public
  The Diversity, Equity, and Inclusion Working Group mission is to increase representation and strengthen the overall effectiveness of the cybersecurity workforce.

  Apache License 2.0

  •1•6•5•1•Updated Jan 14, 2025Jan 14, 2025

• package-analysis

  Public
  Open Source Package Analysis

  Go

  •

  Apache License 2.0

  •54•808•60•6•Updated Jan 14, 2025Jan 14, 2025

• si-tooling

  Public
  Python

  •

  Apache License 2.0

  •1•3•0•1•Updated Jan 4, 2025Jan 4, 2025

• secure-sw-dev-fundamentals

  Public
  Secure Software Development Fundamentals courses (from the OpenSSF Best Practices WG)

  CSS

  •

  Creative Commons Attribution 4.0 International

  •48•187•34•1•Updated Dec 10, 2024Dec 10, 2024

• census

  Public
  📜Automated review of open source software projects

  censusstatisticsoss+ 2analysismetrics

  HTML

  •

  Other

  •30•116•25•1•Updated Dec 6, 2024Dec 6, 2024

• Memory-Safety

  Public
  Apache License 2.0

  •12•21•6•0•Updated Dec 4, 2024Dec 4, 2024

• package-feeds

  Public
  Feed parsing for language package manager updates

  Go

  •

  Apache License 2.0

  •24•76•21•12•Updated Dec 4, 2024Dec 4, 2024

• wg-vulnerability-disclosures

  Public
  The OpenSSF Vulnerability Disclosures Working Group seeks to help improve the overall security of the open source software ecosystem by helping mature and advocate well-managed vulnerability reporting and communication.

  Apache License 2.0

  •41•183•26•0•Updated Nov 25, 2024Nov 25, 2024