Skip to content

@ossf Open Source Security Foundation (OpenSSF)

Change the repository type filter

All

    Repositories list

    75 repositories

    • gemara

      Public
      Minimizing rework for governance activities.
      Go
      Apache License 2.0
      1734304Updated Dec 17, 2025Dec 17, 2025

    • scorecard

      Public
      OpenSSF Scorecard - Security health metrics for Open Source
      scorecardopenssf-scorecard
      Go
      Apache License 2.0
      5935.2k36113Updated Dec 16, 2025Dec 16, 2025

    • alpha-omega

      Public
      Our mission is to catalyze sustainable improvements to critical open source software projects and ecosystems.
      securityopensourceopen-source-security
      Open Policy Agent
      Apache License 2.0
      6111000Updated Dec 16, 2025Dec 16, 2025

    • malicious-packages

      Public
      A repository of reports of malicious packages identified in Open Source package repositories, consumable via the Open Source Vulnerability (OSV) format.
      Go
      Apache License 2.0
      70425127Updated Dec 16, 2025Dec 16, 2025

    • ossf-landscape

      Public
      Apache License 2.0
      273001Updated Dec 15, 2025Dec 15, 2025

    • scorecard-action

      Public
      Official GitHub Action for OpenSSF Scorecard.
      githubsecuritysupply-chaingithub-actionsopenssf-scorecard
      Go
      Apache License 2.0
      80341287Updated Dec 15, 2025Dec 15, 2025

    • scorecard-webapp

      Public
      Website and API for OpenSSF Scorecard
      openssf-scorecard
      Go
      Apache License 2.0
      31293116Updated Dec 15, 2025Dec 15, 2025

    • fuzz-introspector

      Public
      Fuzz Introspector -- introspect, extend and optimise fuzzers
      testingsecurityfuzzingfuzz-testingvulnerability-analysissecurity-research
      Python
      Apache License 2.0
      774381065Updated Dec 15, 2025Dec 15, 2025

    • security-baseline

      Public
      Go
      Apache License 2.0
      331235611Updated Dec 15, 2025Dec 15, 2025

    • allstar

      Public
      GitHub App to set and enforce security policies
      Go
      Apache License 2.0
      1441.4k602Updated Dec 15, 2025Dec 15, 2025

    • cve-bin-tool

      Public
      The CVE Binary Tool helps you determine if your system includes known vulnerabilities. You can scan binaries for over 350 common, vulnerable components (openssl, libpng, libxml2, expat and others), or if you know the components used, you can get a list of known vulnerabilities associated with an SBOM or a list of components and versions.
      pythonsecurityvulnerabilityvulnerabilitiescvehacktoberfestcvsssecurity-automationsecurity-toolsdevsecops
      Python
      GNU General Public License v3.0
      5831.6k15460Updated Dec 10, 2025Dec 10, 2025

    • wg-best-practices-os-developers

      Public
      The Best Practices for OSS Developers working group is dedicated to raising awareness and education of secure code best practices for open source developers.
      JavaScript
      Apache License 2.0
      185959667Updated Dec 10, 2025Dec 10, 2025

    • osv-schema

      Public
      Open Source Vulnerability schema.
      Go
      Apache License 2.0
      1092173513Updated Dec 9, 2025Dec 9, 2025

    • tac

      Public
      Technical Advisory Council
      Other
      74133379Updated Dec 8, 2025Dec 8, 2025

    • ai-ml-security

      Public
      Working Group on Artificial Intelligence and Machine Learning (AI/ML) Security
      Apache License 2.0
      22127100Updated Dec 5, 2025Dec 5, 2025

    • wg-globalcyberpolicy

      Public
      Global Cyber Policy Working Group
      Apache License 2.0
      1896111Updated Dec 3, 2025Dec 3, 2025

    • wg-supply-chain-integrity

      Public
      Our objective is to enable open source maintainers, contributors and end-users to understand and make decisions on the provenance of the code they maintain, produce and use.
      Apache License 2.0
      35195101Updated Dec 3, 2025Dec 3, 2025

    • wg-bear

      Public
      The BEAR (Belonging, Empowerment, Allyship, and Representation) WG, formerly DEI, was formed in December 2023 to enhance representation and cybersecurity workforce effectiveness.
      Apache License 2.0
      4971Updated Dec 2, 2025Dec 2, 2025

    • sbom-everywhere

      Public
      Improve Software Bill of Materials (SBOM) tooling and training to encourage adoption
      Vue
      Apache License 2.0
      38111227Updated Dec 2, 2025Dec 2, 2025

    • criticality_score

      Public
      Gives criticality score for an open source project
      Go
      Apache License 2.0
      1291.4k4535Updated Dec 2, 2025Dec 2, 2025

    • scorecard-visualizer

      Public
      Tool for visualizing the Open SSF Scorecard Api data in a human friendly way
      openssfopenssf-scorecard
      TypeScript
      Apache License 2.0
      618112Updated Nov 27, 2025Nov 27, 2025

    • SIRT

      Public
      The OSS-SIRT SIG (Open Source Software Security Incident Response Team Special Interest Group) is a group working within the OSSF's Vulnerability Disclosure Working Group that is focused on creating secure vulnerability management capabilities within the open source ecosystem to ensure effective coordinated vulnerability disclosure practices (CVD)
      Apache License 2.0
      61020Updated Nov 20, 2025Nov 20, 2025

    • glossary

      Public
      A reference for common terms when talking about OpenSSF and open source software security.
      JavaScript
      Apache License 2.0
      4529Updated Nov 19, 2025Nov 19, 2025

    • scorecard-monitor

      Public
      Simplify OpenSSF Scorecard tracking in your organization with automated markdown and JSON reports, plus optional GitHub issue alerts
      securitysecurity-auditsecurity-toolsgithub-actionsopen-source-managementopenssf-scorecard
      JavaScript
      Apache License 2.0
      1440138Updated Nov 18, 2025Nov 18, 2025

    • education

      Public
      OpenSSF Education SIG
      Apache License 2.0
      171842Updated Nov 15, 2025Nov 15, 2025

    • oss-vulnerability-guide

      Public
      A guide on coordinated vulnerability disclosure for open source projects. Includes templates for security policies (security.md) and disclosure notifications.
      Creative Commons Attribution 4.0 International
      4113151Updated Nov 15, 2025Nov 15, 2025

    • wg-securing-software-repos

      Public
      OpenSSF Working Group on Securing Software Repositories
      Other
      27123114Updated Nov 13, 2025Nov 13, 2025

    • wg-vulnerability-disclosures

      Public
      The OpenSSF Vulnerability Disclosures Working Group seeks to help improve the overall security of the open source software ecosystem by helping mature and advocate well-managed vulnerability reporting and communication.
      Apache License 2.0
      43204350Updated Oct 1, 2025Oct 1, 2025

    • wg-orbit

      Public
      ORBIT: Open Resources for Baselines, Interoperability, and Tooling
      Apache License 2.0
      420110Updated Sep 29, 2025Sep 29, 2025

    • artwork

      Public
      OpenSSF Artwork
      Apache License 2.0
      10900Updated Sep 18, 2025Sep 18, 2025