Repositories list

• malicious-packages

  Public
  A repository of reports of malicious packages identified in Open Source package repositories, consumable via the Open Source Vulnerability (OSV) format.

  Go

  •

  Apache License 2.0

  •8888 forks•499499 stars•2222 issues•77 pull requests•Updated May 4, 2026May 4, 2026

• cve-bin-tool

  Public
  The CVE Binary Tool helps you determine if your system includes known vulnerabilities. You can scan binaries for over 350 common, vulnerable components (openssl…

  pythonsecurityvulnerability+ 11

  pythonsecurityvulnerabilityvulnerabilitiescvehacktoberfestcvsssecurity-automationsecurity-toolsdevsecops+ 4

  Python

  •

  GNU General Public License v3.0

  •619619 forks•1.7k1.7k stars•147147 issues•5757 pull requests•Updated May 4, 2026May 4, 2026

• pvtr-github-repo-scanner

  Public
  Privateer plugin for scanning the security hygiene of a GitHub repository.

  Go

  •

  Apache License 2.0

  •1212 forks•2323 stars•2121 issues•77 pull requests•Updated May 4, 2026May 4, 2026

• security-assessments

  Public
  Apache License 2.0

  •77 forks•1818 stars•77 issues•11 pull request•Updated May 3, 2026May 3, 2026

• ossf-landscape

  Public
  Apache License 2.0

  •2828 forks•3131 stars•00 issues•33 pull requests•Updated May 3, 2026May 3, 2026

• alpha-omega

  Public
  Our mission is to catalyze sustainable improvements to critical open source software projects and ecosystems.

  securityopensourceopen-source-security

  securityopensourceopen-source-security

  Open Policy Agent

  •

  Apache License 2.0

  •6363 forks•125125 stars•00 issues•11 pull request•Updated May 1, 2026May 1, 2026

• ai-ml-security

  Public
  Working Group on Artificial Intelligence and Machine Learning (AI/ML) Security

  Apache License 2.0

  •2525 forks•167167 stars•1212 issues•00 pull requests•Updated May 1, 2026May 1, 2026

• scorecard

  Public
  OpenSSF Scorecard - Security health metrics for Open Source

  scorecardopenssf-scorecard

  scorecardopenssf-scorecard

  Go

  •

  Apache License 2.0

  •644644 forks•5.4k5.4k stars•364364 issues•2727 pull requests•Updated Apr 29, 2026Apr 29, 2026

• scorecard-webapp

  Public
  Website and API for OpenSSF Scorecard

  openssf-scorecard

  openssf-scorecard

  Go

  •

  Apache License 2.0

  •3030 forks•2828 stars•3232 issues•3030 pull requests•Updated Apr 29, 2026Apr 29, 2026

• oss-crs

  Public
  oss-crs

  Python

  •

  MIT License

  •66 forks•6060 stars•2828 issues•55 pull requests•Updated Apr 29, 2026Apr 29, 2026

• scorecard-action

  Public
  Official GitHub Action for OpenSSF Scorecard.

  githubsecuritysupply-chain+ 2

  githubsecuritysupply-chaingithub-actionsopenssf-scorecard

  Go

  •

  Apache License 2.0

  •8484 forks•376376 stars•3030 issues•1313 pull requests•Updated Apr 29, 2026Apr 29, 2026

• osv-schema

  Public
  Open Source Vulnerability schema.

  Go

  •

  Apache License 2.0

  •115115 forks•247247 stars•4949 issues•77 pull requests•Updated Apr 28, 2026Apr 28, 2026

• tac

  Public
  Technical Advisory Council

  Other

  •8080 forks•143143 stars•3939 issues•1515 pull requests•Updated Apr 28, 2026Apr 28, 2026

• allstar

  Public
  GitHub App to set and enforce security policies

  Go

  •

  Apache License 2.0

  •145145 forks•1.4k1.4k stars•5858 issues•00 pull requests•Updated Apr 28, 2026Apr 28, 2026

• si-tooling

  Public
  Python

  •

  Apache License 2.0

  •44 forks•99 stars•22 issues•00 pull requests•Updated Apr 28, 2026Apr 28, 2026

• .github

  Public
  Github configuration

  77 forks•22 stars•00 issues•11 pull request•Updated Apr 27, 2026Apr 27, 2026

• security-baseline

  Public
  Go

  •

  Apache License 2.0

  •4040 forks•153153 stars•5757 issues•33 pull requests•Updated Apr 27, 2026Apr 27, 2026

• scorecard-visualizer

  Public
  Tool for visualizing the Open SSF Scorecard Api data in a human friendly way

  openssfopenssf-scorecard

  openssfopenssf-scorecard

  TypeScript

  •

  Apache License 2.0

  •66 forks•1818 stars•11 issue•1313 pull requests•Updated Apr 27, 2026Apr 27, 2026

• scorecard-monitor

  Public
  Simplify OpenSSF Scorecard tracking in your organization with automated markdown and JSON reports, plus optional GitHub issue alerts

  securitysecurity-auditsecurity-tools+ 3

  securitysecurity-auditsecurity-toolsgithub-actionsopen-source-managementopenssf-scorecard

  JavaScript

  •

  Apache License 2.0

  •1414 forks•4848 stars•1414 issues•44 pull requests•Updated Apr 25, 2026Apr 25, 2026

• wg-best-practices-os-developers

  Public
  The Best Practices for OSS Developers working group is dedicated to raising awareness and education of secure code best practices for open source developers.

  JavaScript

  •

  Apache License 2.0

  •195195 forks•1k1k stars•7979 issues•1313 pull requests•Updated Apr 24, 2026Apr 24, 2026

• sig-basejump

  Public
  Python

  •

  Apache License 2.0

  •00 forks•22 stars•00 issues•44 pull requests•Updated Apr 21, 2026Apr 21, 2026

• fuzz-introspector

  Public
  Fuzz Introspector -- introspect, extend and optimise fuzzers

  testingsecurityfuzzing+ 3

  testingsecurityfuzzingfuzz-testingvulnerability-analysissecurity-research

  Python

  •

  Apache License 2.0

  •8585 forks•454454 stars•109109 issues•1010 pull requests•Updated Apr 21, 2026Apr 21, 2026

• wg-globalcyberpolicy

  Public
  Global Cyber Policy Working Group

  Apache License 2.0

  •2020 forks•112112 stars•1616 issues•00 pull requests•Updated Apr 21, 2026Apr 21, 2026

• oss-vulnerability-guide

  Public
  A guide on coordinated vulnerability disclosure for open source projects. Includes templates for security policies (security.md) and disclosure notifications.

  Creative Commons Attribution 4.0 International

  •4343 forks•137137 stars•55 issues•11 pull request•Updated Apr 20, 2026Apr 20, 2026

• security-insights

  Public
  Machine-readable specification for the attestation of security-relevant data.

  Go

  •

  Other

  •1717 forks•7474 stars•88 issues•33 pull requests•Updated Apr 17, 2026Apr 17, 2026

• glossary

  Public
  A reference for common terms when talking about OpenSSF and open source software security.

  JavaScript

  •

  Apache License 2.0

  •66 forks•44 stars•44 issues•11 pull request•Updated Apr 14, 2026Apr 14, 2026

• secure-sw-dev-fundamentals

  Public
  Secure Software Development Fundamentals courses (from the OpenSSF Best Practices WG)

  CSS

  •

  Creative Commons Attribution 4.0 International

  •5151 forks•202202 stars•3434 issues•33 pull requests•Updated Apr 10, 2026Apr 10, 2026

• wg-securing-software-repos

  Public
  OpenSSF Working Group on Securing Software Repositories

  Other

  •3030 forks•127127 stars•1010 issues•44 pull requests•Updated Apr 6, 2026Apr 6, 2026

• wg-orbit

  Public
  ORBIT: Open Resources for Baselines, Interoperability, and Tooling

  Apache License 2.0

  •44 forks•2424 stars•77 issues•11 pull request•Updated Mar 19, 2026Mar 19, 2026

• artwork

  Public
  OpenSSF Artwork

  Apache License 2.0

  •1010 forks•88 stars•00 issues•00 pull requests•Updated Mar 17, 2026Mar 17, 2026