Open Source Security Foundation (OpenSSF)'s repositories
criticality_score
Gives criticality score for an open source project
wg-best-practices-os-developers
The Best Practices for OSS Developers working group is dedicated to raising awareness and education of secure code best practices for open source developers.
package-analysis
Open Source Package Analysis
fuzz-introspector
Fuzz Introspector -- introspect, extend and optimise fuzzers
wg-securing-critical-projects
Helping allocate resources to secure the critical open source projects we all depend on.
scorecard-action
Official GitHub Action for OpenSSF Scorecard.
malicious-packages
A repository of reports of malicious packages identified in Open Source package repositories, consumable via the Open Source Vulnerability (OSV) format.
s2c2f
The S2C2F Project is a group working within the OpenSSF's Supply Chain Integrity Working Group formed to further develop and continuously improve the S2C2F guide which outlines and defines how to securely consume Open Source Software (OSS) dependencies into the developer’s workflow.
osv-schema
Open Source Vulnerability schema.
secure-sw-dev-fundamentals
Secure Software Development Fundamentals courses (from the OpenSSF Best Practices WG)
wg-vulnerability-disclosures
The OpenSSF Vulnerability Disclosures Working Group seeks to help improve the overall security of the open source software ecosystem by helping mature and advocate well-managed vulnerability reporting and communication.
wg-securing-software-repos
OpenSSF Working Group on Securing Software Repositories
alpha-omega
Our mission is to catalyze sustainable improvements to critical open source software projects and ecosystems.
package-feeds
Feed parsing for language package manager updates
sbom-everywhere
Improve Software Bill of Materials (SBOM) tooling and training to encourage adoption
ai-ml-security
Potential WG on Artificial Intelligence and Machine Learning (AI/ML)
security-insights-spec
OPENSSF SECURITY INSIGHTS: Repository for development of the draft standard, where requests for modification should be made via Github Issues.
scorecard-monitor
Simplify OpenSSF Scorecard tracking in your organization with automated markdown and JSON reports, plus optional GitHub issue alerts
scorecard-webapp
Website and API for OpenSSF Scorecard
scorecard-visualizer
Tool for visualizing the Open SSF Scorecard Api data in a human friendly way
disclosure-check
disclosure-check