Open Source Security Foundation (OpenSSF)'s repositories
criticality_score
Gives criticality score for an open source project
package-analysis
Open Source Package Analysis
wg-best-practices-os-developers
The Best Practices for OSS Developers working group is dedicated to raising awareness and education of secure code best practices for open source developers.
fuzz-introspector
Fuzz Introspector -- introspect, extend and optimise fuzzers
wg-securing-critical-projects
Helping allocate resources to secure the critical open source projects we all depend on.
wg-security-tooling
OpenSSF Security Tooling Working Group
scorecard-action
Official GitHub Action for OpenSSF Scorecard.
wg-metrics-and-metadata
The purpose of the Metrics & Metadata (formerly Identifying Security Threats) working group is to enable stakeholders to have informed confidence in the security of open source projects. We do this by collecting, curating, and communicating relevant metrics and metadata from open source projects and the ecosystems of which they are a part.
malicious-packages
A repository of reports of malicious packages identified in Open Source package repositories, consumable via the Open Source Vulnerability (OSV) format.
osv-schema
Open Source Vulnerability schema.
wg-vulnerability-disclosures
The OpenSSF Vulnerability Disclosures Working Group seeks to help improve the overall security of the open source software ecosystem by helping mature and advocate well-managed vulnerability reporting and communication.
secure-sw-dev-fundamentals
Secure Software Development Fundamentals courses (from the OpenSSF Best Practices WG)
s2c2f
The S2C2F Project is a group working within the OpenSSF's Supply Chain Integrity Working Group formed to further develop and continuously improve the S2C2F guide which outlines and defines how to securely consume Open Source Software (OSS) dependencies into the developer’s workflow.
oss-vulnerability-guide
A guide on coordinated vulnerability disclosure for open source projects. Includes templates for security policies (security.md) and disclosure notifications.
alpha-omega
Our mission is to catalyze sustainable improvements to critical open source software projects and ecosystems.
package-feeds
Feed parsing for language package manager updates
sbom-everywhere
Improve Software Bill of Materials (SBOM) tooling and training to encourage adoption
security-insights-spec
OPENSSF SECURITY INSIGHTS: Repository for development of the draft standard, where requests for modification should be made via Github Issues.
scorecard-webapp
Website and API for OpenSSF Scorecard
DevRel-community
Evangelizing the mission and work of the OpenSSF and building strong community outreach around end-users, open-source maintainers, and contributors.
S2C2F-attestation-schema-and-tool
Secure Supply Chain Consumption Framework (S2C2F) OSCAL Catalog and tool
disclosure-check
disclosure-check