All

78 repositories

malicious-packages
Public
A repository of reports of malicious packages identified in Open Source package repositories, consumable via the Open Source Vulnerability (OSV) format.
Go
•
Apache License 2.0
•83•486•21•5•Updated Apr 10, 2026Apr 10, 2026
pvtr-github-repo-scanner
Public
Privateer plugin for scanning the security hygiene of a GitHub repository.
Go
•
Apache License 2.0
•12•21•21•4•Updated Apr 9, 2026Apr 9, 2026
oss-crs
Public
oss-crs
Python
•
MIT License
•4•43•30•6•Updated Apr 9, 2026Apr 9, 2026
scorecard-action
Public
Official GitHub Action for OpenSSF Scorecard.
github security supply-chain
github security supply-chain github-actions openssf-scorecard
Go
•
Apache License 2.0
•84•369•30•16•Updated Apr 9, 2026Apr 9, 2026
security-baseline
Public
Go
•
Apache License 2.0
•38•149•57•7•Updated Apr 9, 2026Apr 9, 2026
tac
Public
Technical Advisory Council
Other
•77•140•39•19•Updated Apr 9, 2026Apr 9, 2026
cve-bin-tool
Public
The CVE Binary Tool helps you determine if your system includes known vulnerabilities. You can scan binaries for over 350 common, vulnerable components (openssl…
python security vulnerability
python security vulnerability vulnerabilities cve hacktoberfest cvss security-automation security-tools devsecops
Python
•
GNU General Public License v3.0
•613•1.7k•143•50•Updated Apr 9, 2026Apr 9, 2026
scorecard-webapp
Public
Website and API for OpenSSF Scorecard
openssf-scorecard
openssf-scorecard
Go
•
Apache License 2.0
•30•28•32•28•Updated Apr 8, 2026Apr 8, 2026
osv-schema
Public
Open Source Vulnerability schema.
Go
•
Apache License 2.0
•115•243•49•10•Updated Apr 8, 2026Apr 8, 2026
allstar
Public
GitHub App to set and enforce security policies
Go
•
Apache License 2.0
•144•1.4k•61•2•Updated Apr 8, 2026Apr 8, 2026
scorecard
Public
OpenSSF Scorecard - Security health metrics for Open Source
scorecard openssf-scorecard
scorecard openssf-scorecard
Go
•
Apache License 2.0
•623•5.4k•365•36•Updated Apr 8, 2026Apr 8, 2026
alpha-omega
Public
Our mission is to catalyze sustainable improvements to critical open source software projects and ecosystems.
security opensource open-source-security
security opensource open-source-security
Open Policy Agent
•
Apache License 2.0
•63•121•0•2•Updated Apr 8, 2026Apr 8, 2026
security-insights
Public
Machine-readable specification for the attestation of security-relevant data.
Go
•
Other
•16•73•5•2•Updated Apr 8, 2026Apr 8, 2026
secure-sw-dev-fundamentals
Public
Secure Software Development Fundamentals courses (from the OpenSSF Best Practices WG)
CSS
•
Creative Commons Attribution 4.0 International
•51•202•34•2•Updated Apr 7, 2026Apr 7, 2026
wg-best-practices-os-developers
Public
The Best Practices for OSS Developers working group is dedicated to raising awareness and education of secure code best practices for open source developers.
JavaScript
•
Apache License 2.0
•192•1k•83•15•Updated Apr 7, 2026Apr 7, 2026
ossf-landscape
Public
Apache License 2.0
•28•31•0•1•Updated Apr 6, 2026Apr 6, 2026
wg-securing-software-repos
Public
OpenSSF Working Group on Securing Software Repositories
Other
•30•128•11•4•Updated Apr 6, 2026Apr 6, 2026
glossary
Public
A reference for common terms when talking about OpenSSF and open source software security.
JavaScript
•
Apache License 2.0
•6•4•4•2•Updated Apr 6, 2026Apr 6, 2026
wg-globalcyberpolicy
Public
Global Cyber Policy Working Group
Apache License 2.0
•20•109•15•0•Updated Apr 2, 2026Apr 2, 2026
si-tooling
Public
Python
•
Apache License 2.0
•4•8•2•2•Updated Mar 30, 2026Mar 30, 2026
fuzz-introspector
Public
Fuzz Introspector -- introspect, extend and optimise fuzzers
testing security fuzzing
testing security fuzzing fuzz-testing vulnerability-analysis security-research
Python
•
Apache License 2.0
•83•454•108•10•Updated Mar 30, 2026Mar 30, 2026
scorecard-monitor
Public
Simplify OpenSSF Scorecard tracking in your organization with automated markdown and JSON reports, plus optional GitHub issue alerts
security security-audit security-tools
security security-audit security-tools github-actions open-source-management openssf-scorecard
JavaScript
•
Apache License 2.0
•14•47•13•10•Updated Mar 28, 2026Mar 28, 2026
wg-orbit
Public
ORBIT: Open Resources for Baselines, Interoperability, and Tooling
Apache License 2.0
•4•22•7•1•Updated Mar 19, 2026Mar 19, 2026
artwork
Public
OpenSSF Artwork
Apache License 2.0
•10•8•0•0•Updated Mar 17, 2026Mar 17, 2026
toolbelt
Public
Apache License 2.0
•6•26•0•0•Updated Mar 17, 2026Mar 17, 2026
orbit-launchpad
Public
Apache License 2.0
•1•2•2•1•Updated Mar 8, 2026Mar 8, 2026
SIRT
Public
The OSS-SIRT SIG (Open Source Software Security Incident Response Team Special Interest Group) is a group working within the OSSF's Vulnerability Disclosure Wor…
Apache License 2.0
•6•10•2•1•Updated Mar 1, 2026Mar 1, 2026
sbom-everywhere
Public
Improve Software Bill of Materials (SBOM) tooling and training to encourage adoption
Vue
•
Apache License 2.0
•41•113•23•14•Updated Feb 28, 2026Feb 28, 2026
package-analysis
Public
Open Source Package Analysis
Go
•
Apache License 2.0
•64•873•66•17•Updated Feb 27, 2026Feb 27, 2026
security-assessments
Public
Apache License 2.0
•7•18•7•2•Updated Feb 26, 2026Feb 26, 2026

ProTip! When viewing an organization's repositories, you can use the props. filter to filter by custom property.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Open Source Security Foundation (OpenSSF)

All

All

78 repositories

malicious-packages

pvtr-github-repo-scanner

oss-crs

scorecard-action

security-baseline

tac

cve-bin-tool

scorecard-webapp

osv-schema

allstar

scorecard

alpha-omega

security-insights

secure-sw-dev-fundamentals

wg-best-practices-os-developers

ossf-landscape

wg-securing-software-repos

glossary

wg-globalcyberpolicy

si-tooling

fuzz-introspector

scorecard-monitor

wg-orbit

artwork

toolbelt

orbit-launchpad

SIRT

sbom-everywhere

package-analysis

security-assessments

All

All

Repositories list

78 repositories