Giters
Open Source Security Foundation (OpenSSF) (ossf)

Open Source Security Foundation (OpenSSF)

ossf

Geek Repo

OpenSSF is a community of software developers and security engineers who are working together to secure open source software for the greater public good.

Location:San Francisco, CA

Home Page:https://openssf.org

Twitter:@openssf

Github PK Tool:Github PK Tool

Open Source Security Foundation (OpenSSF)'s repositories

scorecard

OpenSSF Scorecard - Security health metrics for Open Source

Language:GoLicense:Apache-2.0Stargazers:4192Issues:64Issues:1076

criticality_score

Gives criticality score for an open source project

Language:GoLicense:Apache-2.0Stargazers:1288Issues:34Issues:87

allstar

GitHub App to set and enforce security policies

Language:GoLicense:Apache-2.0Stargazers:1203Issues:29Issues:154

package-analysis

Open Source Package Analysis

Language:GoLicense:Apache-2.0Stargazers:710Issues:20Issues:183

wg-best-practices-os-developers

The Best Practices for OSS Developers working group is dedicated to raising awareness and education of secure code best practices for open source developers.

Language:JavaScriptLicense:Apache-2.0Stargazers:660Issues:52Issues:117

fuzz-introspector

Fuzz Introspector -- introspect, extend and optimise fuzzers

Language:PythonLicense:Apache-2.0Stargazers:355Issues:21Issues:227

wg-securing-critical-projects

Helping allocate resources to secure the critical open source projects we all depend on.

License:Apache-2.0Stargazers:315Issues:61Issues:40

wg-security-tooling

OpenSSF Security Tooling Working Group

License:Apache-2.0Stargazers:293Issues:67Issues:22

scorecard-action

Official GitHub Action for OpenSSF Scorecard.

Language:GoLicense:Apache-2.0Stargazers:228Issues:17Issues:822

wg-metrics-and-metadata

The purpose of the Metrics & Metadata (formerly Identifying Security Threats) working group is to enable stakeholders to have informed confidence in the security of open source projects. We do this by collecting, curating, and communicating relevant metrics and metadata from open source projects and the ecosystems of which they are a part.

License:Apache-2.0Stargazers:221Issues:57Issues:15

malicious-packages

A repository of reports of malicious packages identified in Open Source package repositories, consumable via the Open Source Vulnerability (OSV) format.

Language:GoLicense:Apache-2.0Stargazers:200Issues:12Issues:8

osv-schema

Open Source Vulnerability schema.

Language:PythonLicense:Apache-2.0Stargazers:170Issues:28Issues:77

wg-vulnerability-disclosures

The OpenSSF Vulnerability Disclosures Working Group seeks to help improve the overall security of the open source software ecosystem by helping mature and advocate well-managed vulnerability reporting and communication.

License:Apache-2.0Stargazers:170Issues:61Issues:70

secure-sw-dev-fundamentals

Secure Software Development Fundamentals courses (from the OpenSSF Best Practices WG)

Language:CSSLicense:CC-BY-4.0Stargazers:160Issues:27Issues:40

s2c2f

The S2C2F Project is a group working within the OpenSSF's Supply Chain Integrity Working Group formed to further develop and continuously improve the S2C2F guide which outlines and defines how to securely consume Open Source Software (OSS) dependencies into the developer’s workflow.

License:NOASSERTIONStargazers:157Issues:24Issues:19

oss-vulnerability-guide

A guide on coordinated vulnerability disclosure for open source projects. Includes templates for security policies (security.md) and disclosure notifications.

License:CC-BY-4.0Stargazers:113Issues:8Issues:13

tac

Technical Advisory Council

License:NOASSERTIONStargazers:103Issues:40Issues:149

alpha-omega

Our mission is to catalyze sustainable improvements to critical open source software projects and ecosystems.

Language:Open Policy AgentLicense:Apache-2.0Stargazers:70Issues:16Issues:66

package-feeds

Feed parsing for language package manager updates

Language:GoLicense:Apache-2.0Stargazers:70Issues:14Issues:58

sbom-everywhere

Improve Software Bill of Materials (SBOM) tooling and training to encourage adoption

Language:VueLicense:Apache-2.0Stargazers:56Issues:30Issues:24

security-insights-spec

OPENSSF SECURITY INSIGHTS: Repository for development of the draft standard, where requests for modification should be made via Github Issues.

License:NOASSERTIONStargazers:45Issues:12Issues:25

ossf-landscape

License:Apache-2.0Stargazers:26Issues:11Issues:1

scorecard-webapp

Website and API for OpenSSF Scorecard

Language:HTMLLicense:Apache-2.0Stargazers:21Issues:15Issues:44

DevRel-community

Evangelizing the mission and work of the OpenSSF and building strong community outreach around end-users, open-source maintainers, and contributors.

License:CC0-1.0Stargazers:17Issues:10Issues:22

toolbelt

License:Apache-2.0Stargazers:16Issues:0Issues:0

Memory-Safety

License:Apache-2.0Stargazers:12Issues:22Issues:5

S2C2F-attestation-schema-and-tool

Secure Supply Chain Consumption Framework (S2C2F) OSCAL Catalog and tool

Language:PythonLicense:MITStargazers:3Issues:10Issues:8

disclosure-check

disclosure-check

Language:PythonLicense:Apache-2.0Stargazers:2Issues:15Issues:5

.github

Github configuration

Stargazers:1Issues:13Issues:1

si-tooling

Language:PythonLicense:Apache-2.0Stargazers:1Issues:6Issues:2