Skip to content

@ossf Open Source Security Foundation (OpenSSF)

Change the repository type filter

All

    Repositories list

    78 repositories

    • malicious-packages

      Public
      A repository of reports of malicious packages identified in Open Source package repositories, consumable via the Open Source Vulnerability (OSV) format.
      Go
      Apache License 2.0
      844922113Updated Apr 18, 2026Apr 18, 2026

    • pvtr-github-repo-scanner

      Public
      Privateer plugin for scanning the security hygiene of a GitHub repository.
      Go
      Apache License 2.0
      1223214Updated Apr 18, 2026Apr 18, 2026

    • allstar

      Public
      GitHub App to set and enforce security policies
      Go
      Apache License 2.0
      1451.4k580Updated Apr 18, 2026Apr 18, 2026

    • scorecard-action

      Public
      Official GitHub Action for OpenSSF Scorecard.
      githubsecuritysupply-chain
      githubsecuritysupply-chaingithub-actionsopenssf-scorecard
      Go
      Apache License 2.0
      853723016Updated Apr 17, 2026Apr 17, 2026

    • scorecard

      Public
      OpenSSF Scorecard - Security health metrics for Open Source
      scorecardopenssf-scorecard
      scorecardopenssf-scorecard
      Go
      Apache License 2.0
      6275.4k36832Updated Apr 17, 2026Apr 17, 2026

    • wg-best-practices-os-developers

      Public
      The Best Practices for OSS Developers working group is dedicated to raising awareness and education of secure code best practices for open source developers.
      JavaScript
      Apache License 2.0
      1921k8317Updated Apr 17, 2026Apr 17, 2026

    • si-tooling

      Public
      Python
      Apache License 2.0
      4820Updated Apr 17, 2026Apr 17, 2026

    • security-insights

      Public
      Machine-readable specification for the attestation of security-relevant data.
      Go
      Other
      167462Updated Apr 17, 2026Apr 17, 2026

    • oss-vulnerability-guide

      Public
      A guide on coordinated vulnerability disclosure for open source projects. Includes templates for security policies (security.md) and disclosure notifications.
      Creative Commons Attribution 4.0 International
      4313751Updated Apr 17, 2026Apr 17, 2026

    • security-baseline

      Public
      Go
      Apache License 2.0
      38151571Updated Apr 17, 2026Apr 17, 2026

    • cve-bin-tool

      Public
      The CVE Binary Tool helps you determine if your system includes known vulnerabilities. You can scan binaries for over 350 common, vulnerable components (openssl…
      pythonsecurityvulnerability
      pythonsecurityvulnerabilityvulnerabilitiescvehacktoberfestcvsssecurity-automationsecurity-toolsdevsecops
      Python
      GNU General Public License v3.0
      6161.7k14750Updated Apr 17, 2026Apr 17, 2026

    • oss-crs

      Public
      oss-crs
      Python
      MIT License
      654268Updated Apr 17, 2026Apr 17, 2026

    • ossf-landscape

      Public
      Apache License 2.0
      283102Updated Apr 16, 2026Apr 16, 2026

    • scorecard-webapp

      Public
      Website and API for OpenSSF Scorecard
      openssf-scorecard
      openssf-scorecard
      Go
      Apache License 2.0
      30283230Updated Apr 15, 2026Apr 15, 2026

    • osv-schema

      Public
      Open Source Vulnerability schema.
      Go
      Apache License 2.0
      1152454911Updated Apr 14, 2026Apr 14, 2026

    • glossary

      Public
      A reference for common terms when talking about OpenSSF and open source software security.
      JavaScript
      Apache License 2.0
      6441Updated Apr 14, 2026Apr 14, 2026

    • tac

      Public
      Technical Advisory Council
      Other
      781413921Updated Apr 14, 2026Apr 14, 2026

    • fuzz-introspector

      Public
      Fuzz Introspector -- introspect, extend and optimise fuzzers
      testingsecurityfuzzing
      testingsecurityfuzzingfuzz-testingvulnerability-analysissecurity-research
      Python
      Apache License 2.0
      8345310910Updated Apr 13, 2026Apr 13, 2026

    • alpha-omega

      Public
      Our mission is to catalyze sustainable improvements to critical open source software projects and ecosystems.
      securityopensourceopen-source-security
      securityopensourceopen-source-security
      Open Policy Agent
      Apache License 2.0
      6312501Updated Apr 10, 2026Apr 10, 2026

    • secure-sw-dev-fundamentals

      Public
      Secure Software Development Fundamentals courses (from the OpenSSF Best Practices WG)
      CSS
      Creative Commons Attribution 4.0 International
      51202343Updated Apr 10, 2026Apr 10, 2026

    • scorecard-monitor

      Public
      Simplify OpenSSF Scorecard tracking in your organization with automated markdown and JSON reports, plus optional GitHub issue alerts
      securitysecurity-auditsecurity-tools
      securitysecurity-auditsecurity-toolsgithub-actionsopen-source-managementopenssf-scorecard
      JavaScript
      Apache License 2.0
      15491311Updated Apr 10, 2026Apr 10, 2026

    • wg-securing-software-repos

      Public
      OpenSSF Working Group on Securing Software Repositories
      Other
      30128114Updated Apr 6, 2026Apr 6, 2026

    • wg-globalcyberpolicy

      Public
      Global Cyber Policy Working Group
      Apache License 2.0
      20112151Updated Apr 2, 2026Apr 2, 2026

    • wg-orbit

      Public
      ORBIT: Open Resources for Baselines, Interoperability, and Tooling
      Apache License 2.0
      42471Updated Mar 19, 2026Mar 19, 2026

    • artwork

      Public
      OpenSSF Artwork
      Apache License 2.0
      10800Updated Mar 17, 2026Mar 17, 2026

    • toolbelt

      Public
      Apache License 2.0
      62600Updated Mar 17, 2026Mar 17, 2026

    • orbit-launchpad

      Public
      Apache License 2.0
      1221Updated Mar 8, 2026Mar 8, 2026

    • SIRT

      Public
      The OSS-SIRT SIG (Open Source Software Security Incident Response Team Special Interest Group) is a group working within the OSSF's Vulnerability Disclosure Wor…
      Apache License 2.0
      61021Updated Mar 1, 2026Mar 1, 2026

    • sbom-everywhere

      Public
      Improve Software Bill of Materials (SBOM) tooling and training to encourage adoption
      Vue
      Apache License 2.0
      411132314Updated Feb 28, 2026Feb 28, 2026

    • package-analysis

      Public
      Open Source Package Analysis
      Go
      Apache License 2.0
      648756617Updated Feb 27, 2026Feb 27, 2026
    ProTip! When viewing an organization's repositories, you can use the props. filter to filter by custom property.