Repositories list

• malicious-packages

  Public
  A repository of reports of malicious packages identified in Open Source package repositories, consumable via the Open Source Vulnerability (OSV) format.

  Go

  •

  Apache License 2.0

  •20•230•11•7•Updated Oct 3, 2024Oct 3, 2024

• wg-best-practices-os-developers

  Public
  The Best Practices for OSS Developers working group is dedicated to raising awareness and education of secure code best practices for open source developers.

  JavaScript

  •

  Apache License 2.0

  •128•735•47•13•Updated Oct 3, 2024Oct 3, 2024

• package-feeds

  Public
  Feed parsing for language package manager updates

  Go

  •

  Apache License 2.0

  •24•71•21•12•Updated Oct 3, 2024Oct 3, 2024

• allstar

  Public
  GitHub App to set and enforce security policies

  Go

  •

  Apache License 2.0

  •123•1.2k•65•6•Updated Oct 3, 2024Oct 3, 2024

• scorecard

  Public
  OpenSSF Scorecard - Security health metrics for Open Source

  scorecardopenssf-scorecard

  Go

  •

  Apache License 2.0

  •489•4.5k•341•10•Updated Oct 3, 2024Oct 3, 2024

• ossf-landscape

  Public
  Apache License 2.0

  •27•26•1•15•Updated Oct 3, 2024Oct 3, 2024

• criticality_score

  Public
  Gives criticality score for an open source project

  Go

  •

  Apache License 2.0

  •119•1.3k•41•29•Updated Oct 3, 2024Oct 3, 2024

• scorecard-webapp

  Public
  Website and API for OpenSSF Scorecard

  openssf-scorecard

  HTML

  •

  Apache License 2.0

  •27•22•30•4•Updated Oct 2, 2024Oct 2, 2024

• package-analysis

  Public
  Open Source Package Analysis

  Go

  •

  Apache License 2.0

  •48•722•57•12•Updated Oct 1, 2024Oct 1, 2024

• tac

  Public
  Technical Advisory Council

  Other

  •53•108•28•3•Updated Oct 1, 2024Oct 1, 2024

• Memory-Safety

  Public
  Apache License 2.0

  •12•18•5•0•Updated Oct 1, 2024Oct 1, 2024

• scorecard-visualizer

  Public
  Tool for visualizing the Open SSF Scorecard Api data in a human friendly way

  openssfopenssf-scorecard

  TypeScript

  •

  Apache License 2.0

  •2•12•1•17•Updated Oct 1, 2024Oct 1, 2024

• scorecard-action

  Public
  Official GitHub Action for OpenSSF Scorecard.

  githubsecuritysupply-chain+ 2github-actionsopenssf-scorecard

  Go

  •

  Apache License 2.0

  •70•254•24•2•Updated Sep 30, 2024Sep 30, 2024

• secure-sw-dev-fundamentals

  Public
  Secure Software Development Fundamentals courses (from the OpenSSF Best Practices WG)

  CSS

  •

  Creative Commons Attribution 4.0 International

  •47•177•32•5•Updated Sep 30, 2024Sep 30, 2024

• fuzz-introspector

  Public
  Fuzz Introspector -- introspect, extend and optimise fuzzers

  testingsecurityfuzz-testing+ 3vulnerability-analysissecurity-researchfuzzing

  Python

  •

  Apache License 2.0

  •54•371•95•5•Updated Sep 30, 2024Sep 30, 2024

• osv-schema

  Public
  Open Source Vulnerability schema.

  Python

  •

  Apache License 2.0

  •75•177•26•9•Updated Sep 27, 2024Sep 27, 2024

• artwork

  Public
  OpenSSF Artwork

  Apache License 2.0

  •8•7•0•1•Updated Sep 24, 2024Sep 24, 2024

• sbom-everywhere

  Public
  Improve Software Bill of Materials (SBOM) tooling and training to encourage adoption

  Vue

  •

  Apache License 2.0

  •25•70•25•0•Updated Sep 24, 2024Sep 24, 2024

• alpha-omega

  Public
  Our mission is to catalyze sustainable improvements to critical open source software projects and ecosystems.

  securityopensourceopen-source-security

  Open Policy Agent

  •

  Apache License 2.0

  •49•80•51•9•Updated Sep 8, 2024Sep 8, 2024

• security-insights-spec

  Public
  OPENSSF SECURITY INSIGHTS: Repository for development of the draft standard, where requests for modification should be made via Github Issues.

  Other

  •10•49•14•4•Updated Sep 5, 2024Sep 5, 2024

• ai-ml-security

  Public
  Potential WG on Artificial Intelligence and Machine Learning (AI/ML)

  Apache License 2.0

  •8•50•5•0•Updated Aug 28, 2024Aug 28, 2024

• s2c2f

  Public
  The S2C2F Project is a group working within the OpenSSF's Supply Chain Integrity Working Group formed to further develop and continuously improve the S2C2F guide which outlines and defines how to securely consume Open Source Software (OSS) dependencies into the developer’s workflow.

  Other

  •24•179•5•1•Updated Aug 27, 2024Aug 27, 2024

• security-baseline

  Public
  Apache License 2.0

  •1•0•15•0•Updated Aug 14, 2024Aug 14, 2024

• wg-securing-critical-projects

  Public
  Helping allocate resources to secure the critical open source projects we all depend on.

  Apache License 2.0

  •36•328•21•0•Updated Aug 1, 2024Aug 1, 2024

• .github

  Public
  Github configuration

  2•1•0•2•Updated Aug 1, 2024Aug 1, 2024

• staff

  Public
  Repository to keep track of staff operations

  Shell

  •

  Apache License 2.0

  •1•0•3•0•Updated Jul 31, 2024Jul 31, 2024

• community

  Public
  Creative Commons Attribution 4.0 International

  •5•7•2•1•Updated Jul 31, 2024Jul 31, 2024

• wg-vulnerability-disclosures

  Public
  The OpenSSF Vulnerability Disclosures Working Group seeks to help improve the overall security of the open source software ecosystem by helping mature and advocate well-managed vulnerability reporting and communication.

  Apache License 2.0

  •40•178•24•0•Updated Jul 24, 2024Jul 24, 2024

• wg-securing-software-repos

  Public
  OpenSSF Working Group on Securing Software Repositories

  Other

  •18•90•6•3•Updated Jul 11, 2024Jul 11, 2024

• scorecard-monitor

  Public
  Simplify OpenSSF Scorecard tracking in your organization with automated markdown and JSON reports, plus optional GitHub issue alerts

  securitysecurity-auditsecurity-tools+ 3github-actionsopen-source-managementopenssf-scorecard

  JavaScript

  •

  Apache License 2.0

  •6•32•12•2•Updated Jun 27, 2024Jun 27, 2024