Skip to content
@ossf

Open Source Security Foundation (OpenSSF)

OpenSSF is a community of software developers and security engineers who are working together to secure open source software for the greater public good.
OpenSSF Logo

OpenSSF is committed to working both upstream and with existing communities to advance open source security for all.

We foster collaboration, establish best practices, and develop innovative solutions to secure the development, maintenance, and consumption of open source software. OpenSSF is part of the nonprofit Linux Foundation.

Working Groups:

For any questions, concerns, reports, etc., please email [email protected].

Get Involved

Membership

We encourage all individual contributors to work with their employers to become members. We aim to grow an active, healthy community of contributors, reviewers, and code owners. Learn more about the requirements and responsibilities of membership in our Membership page or see current members.

Pinned Loading

  1. wg-best-practices-os-developers wg-best-practices-os-developers Public

    The Best Practices for OSS Developers working group is dedicated to raising awareness and education of secure code best practices for open source developers.

    JavaScript 861 155

  2. ai-ml-security ai-ml-security Public

    Working Group on Artificial Intelligence and Machine Learning (AI/ML) Security

    73 12

  3. wg-securing-critical-projects wg-securing-critical-projects Public

    Helping allocate resources to secure the critical open source projects we all depend on.

    352 40

  4. wg-securing-software-repos wg-securing-software-repos Public

    OpenSSF Working Group on Securing Software Repositories

    103 20

  5. tac tac Public

    Technical Advisory Council

    120 65

  6. foundation foundation Public

    OpenSSF Governance and Legal Docs

    73 19

Repositories

Showing 10 of 68 repositories
  • malicious-packages Public

    A repository of reports of malicious packages identified in Open Source package repositories, consumable via the Open Source Vulnerability (OSV) format.

    ossf/malicious-packages’s past year of commit activity
    Go 300 Apache-2.0 36 10 8 Updated Apr 12, 2025
  • glossary Public

    A reference for common terms when talking about OpenSSF and open source software security.

    ossf/glossary’s past year of commit activity
    JavaScript 2 Apache-2.0 1 2 1 Updated Apr 11, 2025
  • wg-best-practices-os-developers Public

    The Best Practices for OSS Developers working group is dedicated to raising awareness and education of secure code best practices for open source developers.

    ossf/wg-best-practices-os-developers’s past year of commit activity
    JavaScript 861 Apache-2.0 155 63 (3 issues need help) 13 Updated Apr 11, 2025
  • ossf/security-baseline’s past year of commit activity
    Go 78 Apache-2.0 20 20 (2 issues need help) 1 Updated Apr 11, 2025
  • scorecard Public

    OpenSSF Scorecard - Security health metrics for Open Source

    ossf/scorecard’s past year of commit activity
    Go 4,846 Apache-2.0 527 351 (12 issues need help) 4 Updated Apr 11, 2025
  • scorecard-webapp Public

    Website and API for OpenSSF Scorecard

    ossf/scorecard-webapp’s past year of commit activity
    HTML 24 Apache-2.0 27 33 (1 issue needs help) 10 Updated Apr 11, 2025
  • sbom-everywhere Public

    Improve Software Bill of Materials (SBOM) tooling and training to encourage adoption

    ossf/sbom-everywhere’s past year of commit activity
    Vue 88 Apache-2.0 30 27 (2 issues need help) 4 Updated Apr 11, 2025
  • fuzz-introspector Public

    Fuzz Introspector -- introspect, extend and optimise fuzzers

    ossf/fuzz-introspector’s past year of commit activity
    Python 409 Apache-2.0 66 98 (1 issue needs help) 0 Updated Apr 11, 2025
  • ossf/security-assessments’s past year of commit activity
    14 Apache-2.0 3 0 1 Updated Apr 10, 2025
  • scorecard-visualizer Public

    Tool for visualizing the Open SSF Scorecard Api data in a human friendly way

    ossf/scorecard-visualizer’s past year of commit activity
    TypeScript 16 Apache-2.0 5 1 11 Updated Apr 10, 2025

Top languages

Loading…

Most used topics

Loading…