Skip to content
@ossf

Open Source Security Foundation (OpenSSF)

OpenSSF is a community of software developers and security engineers who are working together to secure open source software for the greater public good.
OpenSSF Logo

OpenSSF is committed to working both upstream and with existing communities to advance open source security for all.

We foster collaboration, establish best practices, and develop innovative solutions to secure the development, maintenance, and consumption of open source software. OpenSSF is part of the nonprofit Linux Foundation.

Working Groups:

For any questions, concerns, reports, etc., please email [email protected].

Get Involved

Membership

We encourage all individual contributors to work with their employers to become members. We aim to grow an active, healthy community of contributors, reviewers, and code owners. Learn more about the requirements and responsibilities of membership in our Membership page or see current members.

Pinned Loading

  1. wg-best-practices-os-developers Public

    The Best Practices for OSS Developers working group is dedicated to raising awareness and education of secure code best practices for open source developers.

    JavaScript 834 152

  2. ai-ml-security Public

    Potential WG on Artificial Intelligence and Machine Learning (AI/ML)

    69 12

  3. wg-securing-critical-projects Public

    Helping allocate resources to secure the critical open source projects we all depend on.

    348 39

  4. wg-securing-software-repos Public

    OpenSSF Working Group on Securing Software Repositories

    100 20

  5. tac Public

    Technical Advisory Council

    118 61

  6. foundation Public

    OpenSSF Governance and Legal Docs

    72 19

Repositories

Showing 10 of 67 repositories
  • wg-best-practices-os-developers Public

    The Best Practices for OSS Developers working group is dedicated to raising awareness and education of secure code best practices for open source developers.

    JavaScript 834 Apache-2.0 152 56 (2 issues need help) 11 Updated Mar 20, 2025
  • malicious-packages Public

    A repository of reports of malicious packages identified in Open Source package repositories, consumable via the Open Source Vulnerability (OSV) format.

    Go 296 Apache-2.0 34 10 8 Updated Mar 20, 2025
  • scorecard-visualizer Public

    Tool for visualizing the Open SSF Scorecard Api data in a human friendly way

    TypeScript 14 Apache-2.0 5 1 11 Updated Mar 20, 2025
  • criticality_score Public

    Gives criticality score for an open source project

    Go 1,365 Apache-2.0 120 42 36 Updated Mar 20, 2025
  • scorecard-webapp Public

    Website and API for OpenSSF Scorecard

    HTML 23 Apache-2.0 27 32 (1 issue needs help) 6 Updated Mar 19, 2025
  • wg-vulnerability-disclosures Public

    The OpenSSF Vulnerability Disclosures Working Group seeks to help improve the overall security of the open source software ecosystem by helping mature and advocate well-managed vulnerability reporting and communication.

    186 Apache-2.0 41 25 0 Updated Mar 19, 2025
  • allstar Public

    GitHub App to set and enforce security policies

    Go 1,292 Apache-2.0 127 70 (21 issues need help) 8 Updated Mar 19, 2025
  • Go 69 Apache-2.0 19 21 (2 issues need help) 4 Updated Mar 19, 2025
  • tac Public

    Technical Advisory Council

    118 61 24 (6 issues need help) 11 Updated Mar 18, 2025
  • osv-schema Public

    Open Source Vulnerability schema.

    Python 197 Apache-2.0 93 28 9 Updated Mar 18, 2025