There are no reviews yet. Be the first to send feedback to the community and the maintainers!
scorecard
OpenSSF Scorecard - Security health metrics for Open Sourcecriticality_score
Gives criticality score for an open source projectallstar
GitHub App to set and enforce security policiespackage-analysis
Open Source Package Analysiswg-best-practices-os-developers
The Best Practices for OSS Developers working group is dedicated to raising awareness and education of secure code best practices for open source developers.fuzz-introspector
Fuzz Introspector -- introspect, extend and optimise fuzzerswg-securing-critical-projects
Helping allocate resources to secure the critical open source projects we all depend on.wg-security-tooling
OpenSSF Security Tooling Working Groupscorecard-action
Official GitHub Action for OpenSSF Scorecard.malicious-packages
A repository of reports of malicious packages identified in Open Source package repositories, consumable via the Open Source Vulnerability (OSV) format.wg-metrics-and-metadata
The purpose of the Metrics & Metadata (formerly Identifying Security Threats) working group is to enable stakeholders to have informed confidence in the security of open source projects. We do this by collecting, curating, and communicating relevant metrics and metadata from open source projects and the ecosystems of which they are a part.wg-vulnerability-disclosures
The OpenSSF Vulnerability Disclosures Working Group seeks to help improve the overall security of the open source software ecosystem by helping mature and advocate well-managed vulnerability reporting and communication.wg-supply-chain-integrity
Our objective is to enable open source maintainers, contributors and end-users to understand and make decisions on the provenance of the code they maintain, produce and use.s2c2f
The S2C2F Project is a group working within the OpenSSF's Supply Chain Integrity Working Group formed to further develop and continuously improve the S2C2F guide which outlines and defines how to securely consume Open Source Software (OSS) dependencies into the developer’s workflow.osv-schema
Open Source Vulnerability schema.secure-sw-dev-fundamentals
Secure Software Development Fundamentals courses (from the OpenSSF Best Practices WG)package-manager-best-practices
Collection of security best practices for package managers.census
📜Automated review of open source software projectstac
Technical Advisory Councilsecurity-reviews
A community collection of security reviews of open source software components.wg-securing-software-repos
OpenSSF Working Group on Securing Software Repositoriesalpha-omega
Our mission is to catalyze sustainable improvements to critical open source software projects and ecosystems.package-feeds
Feed parsing for language package manager updatessbom-everywhere
Improve Software Bill of Materials (SBOM) tooling and training to encourage adoptionfoundation
OpenSSF Governance and Legal DocsProject-Security-Metrics
Collect, curate, and communicate relevant security metrics for open source projects.great-mfa-project
The Great Multi-Factor Authentication (MFA) Distribution Project of the Open Source Security Foundation (OpenSSF). We work to distribute hardware MFA tokens to critical open source software (OSS) projects.security-insights-spec
OPENSSF SECURITY INSIGHTS: Repository for development of the draft standard, where requests for modification should be made via Github Issues.ai-ml-security
Potential WG on Artificial Intelligence and Machine Learning (AI/ML)scorecard-monitor
Simplify OpenSSF Scorecard tracking in your organization with automated markdown and JSON reports, plus optional GitHub issue alertswg-endusers
OpenSSF Endusers Working Groupossf-landscape
scorecard-webapp
Website and API for OpenSSF ScorecardDevRel-community
Evangelizing the mission and work of the OpenSSF and building strong community outreach around end-users, open-source maintainers, and contributors.toolbelt
education
OpenSSF Education SIGMemory-Safety
omega-triage-portal
scorecard-visualizer
Tool for visualizing the Open SSF Scorecard Api data in a human friendly wayDiagrammers-Society
OpenSSF Diagrammers SocietyOpenVEX
Vuln Disclosure WG's new SIGSIRT
The OSS-SIRT SIG (Open Source Software Security Incident Response Team Special Interest Group) is a group working within the OSSF's Vulnerability Disclosure Working Group that is focused on creating secure vulnerability management capabilities within the open source ecosystem to ensure effective coordinated vulnerability disclosure practices (CVD)community
artwork
OpenSSF Artworkgb-planning-committee
The Governing Board Planning Committee guides OpenSSF vision and planning including mission, roadmap, milestones and key metrics for success of the overall organization.oss-researcher-vulnerability-guide
oss-compromises
Archive of various open source security compromisesgithub-org-access-scraper
GitHub lacks an API for listing an org's repos' access for non-team-based individuals, so, scrape it.vulnerability-disclosures-whitepaper
S2C2F-attestation-schema-and-tool
Secure Supply Chain Consumption Framework (S2C2F) OSCAL Catalog and toolGovernance-Committee
Governance Committeedisclosure-check
disclosure-checkwg-dei
The Diversity, Equity, and Inclusion Working Group was formed in December 2023 to help increase representation and strengthen the overall effectiveness of the cybersecurity workforce.si-tooling
security-metrics-dashboard
homebrew-tap
open-auto-vuln-disclose
open-auto-vuln-discloseomega-moderne-client
outreach
A place to connect about event and conference engagementsaction-web-defn-check
GitHub action for checking a Web Application Definition file.github
Github configurationoss-analysis-census2-prototype
Prototype of Census 2 of open source software (NOT MAINTAINED)scorecard-dependencyanalysis
Scorecard action for checking when new dependencies are added to the repository.Love Open Source and this site? Check out how you can help us