Repositories list

• malicious-packages

  Public

  ossf/malicious-packages’s past year of commit activity
  A repository of reports of malicious packages identified in Open Source package repositories, consumable via the Open Source Vulnerability (OSV) format.

  Go

  •

  Apache License 2.0

  •64•391•14•6•Updated Nov 1, 2025Nov 1, 2025

• scorecard

  Public

  ossf/scorecard’s past year of commit activity
  OpenSSF Scorecard - Security health metrics for Open Source

  scorecardopenssf-scorecard

  Go

  •

  Apache License 2.0

  •579•5.1k•364•4•Updated Oct 31, 2025Oct 31, 2025

• tac

  Public

  ossf/tac’s past year of commit activity
  Technical Advisory Council

  Other

  •73•132•34•10•Updated Oct 31, 2025Oct 31, 2025

• wg-best-practices-os-developers

  Public

  ossf/wg-best-practices-os-developers’s past year of commit activity
  The Best Practices for OSS Developers working group is dedicated to raising awareness and education of secure code best practices for open source developers.

  JavaScript

  •

  Apache License 2.0

  •185•940•67•12•Updated Oct 31, 2025Oct 31, 2025

• alpha-omega

  Public

  ossf/alpha-omega’s past year of commit activity
  Our mission is to catalyze sustainable improvements to critical open source software projects and ecosystems.

  securityopensourceopen-source-security

  Open Policy Agent

  •

  Apache License 2.0

  •61•110•0•6•Updated Oct 30, 2025Oct 30, 2025

• wg-securing-software-repos

  Public

  ossf/wg-securing-software-repos’s past year of commit activity
  OpenSSF Working Group on Securing Software Repositories

  Other

  •25•122•21•3•Updated Oct 30, 2025Oct 30, 2025

• gemara

  Public

  ossf/gemara’s past year of commit activity
  Minimizing rework for governance activities.

  Go

  •

  Apache License 2.0

  •14•26•26•1•Updated Oct 29, 2025Oct 29, 2025

• scorecard-webapp

  Public

  ossf/scorecard-webapp’s past year of commit activity
  Website and API for OpenSSF Scorecard

  openssf-scorecard

  Go

  •

  Apache License 2.0

  •29•25•35•15•Updated Oct 29, 2025Oct 29, 2025

• osv-schema

  Public

  ossf/osv-schema’s past year of commit activity
  Open Source Vulnerability schema.

  Go

  •

  Apache License 2.0

  •105•213•34•11•Updated Oct 29, 2025Oct 29, 2025

• security-baseline

  Public
  Go

  •

  Apache License 2.0

  •32•114•51•2•Updated Oct 28, 2025Oct 28, 2025

• scorecard-action

  Public
  Official GitHub Action for OpenSSF Scorecard.

  githubsecuritysupply-chain+ 2github-actionsopenssf-scorecard

  Go

  •

  Apache License 2.0

  •78•338•26•3•Updated Oct 27, 2025Oct 27, 2025

• fuzz-introspector

  Public
  Fuzz Introspector -- introspect, extend and optimise fuzzers

  testingsecurityfuzzing+ 3fuzz-testingvulnerability-analysissecurity-research

  Python

  •

  Apache License 2.0

  •76•431•103•0•Updated Oct 27, 2025Oct 27, 2025

• allstar

  Public
  GitHub App to set and enforce security policies

  Go

  •

  Apache License 2.0

  •141•1.4k•59•0•Updated Oct 27, 2025Oct 27, 2025

• glossary

  Public

  ossf/glossary’s past year of commit activity
  A reference for common terms when talking about OpenSSF and open source software security.

  JavaScript

  •

  Apache License 2.0

  •4•5•2•6•Updated Oct 27, 2025Oct 27, 2025

• scorecard-visualizer

  Public
  Tool for visualizing the Open SSF Scorecard Api data in a human friendly way

  openssfopenssf-scorecard

  TypeScript

  •

  Apache License 2.0

  •6•18•1•11•Updated Oct 27, 2025Oct 27, 2025

• ossf-landscape

  Public

  ossf/ossf-landscape’s past year of commit activity
  Apache License 2.0

  •27•30•0•1•Updated Oct 22, 2025Oct 22, 2025

• sbom-everywhere

  Public
  Improve Software Bill of Materials (SBOM) tooling and training to encourage adoption

  Vue

  •

  Apache License 2.0

  •38•105•22•5•Updated Oct 21, 2025Oct 21, 2025

• ai-ml-security

  Public

  ossf/ai-ml-security’s past year of commit activity
  Working Group on Artificial Intelligence and Machine Learning (AI/ML) Security

  Apache License 2.0

  •21•116•6•1•Updated Oct 17, 2025Oct 17, 2025

• education

  Public
  OpenSSF Education SIG

  Apache License 2.0

  •16•18•4•1•Updated Oct 17, 2025Oct 17, 2025

• wg-vulnerability-disclosures

  Public
  The OpenSSF Vulnerability Disclosures Working Group seeks to help improve the overall security of the open source software ecosystem by helping mature and advocate well-managed vulnerability reporting and communication.

  Apache License 2.0

  •42•202•34•0•Updated Oct 1, 2025Oct 1, 2025

• wg-orbit

  Public
  ORBIT: Open Resources for Baselines, Interoperability, and Tooling

  Apache License 2.0

  •4•20•9•0•Updated Sep 29, 2025Sep 29, 2025

• artwork

  Public

  ossf/artwork’s past year of commit activity
  OpenSSF Artwork

  Apache License 2.0

  •10•9•0•0•Updated Sep 18, 2025Sep 18, 2025

• security-insights

  Public
  Machine-readable specification for the attestation of security-relevant data.

  CUE

  •

  Other

  •14•63•10•1•Updated Sep 16, 2025Sep 16, 2025

• foundation

  Public

  ossf/foundation’s past year of commit activity
  OpenSSF Governance and Legal Docs

  Apache License 2.0

  •18•73•0•0•Updated Sep 9, 2025Sep 9, 2025

• security-assessments

  Public
  Apache License 2.0

  •4•15•6•2•Updated Aug 28, 2025Aug 28, 2025

• wg-globalcyberpolicy

  Public
  Global Cyber Policy Working Group

  Apache License 2.0

  •16•91•9•0•Updated Aug 20, 2025Aug 20, 2025

• .github

  Public

  ossf/.github’s past year of commit activity
  Github configuration

  6•2•0•1•Updated Aug 14, 2025Aug 14, 2025

• Memory-Safety

  Public
  Apache License 2.0

  •17•31•12•0•Updated Aug 14, 2025Aug 14, 2025

• global-cybersecurity-skills-framework

  Public
  Global CyberSecurity Skills Framework

  Apache License 2.0

  •1•4•2•0•Updated Aug 13, 2025Aug 13, 2025

• secure-sw-dev-fundamentals

  Public
  Secure Software Development Fundamentals courses (from the OpenSSF Best Practices WG)

  CSS

  •

  Creative Commons Attribution 4.0 International

  •52•197•34•3•Updated Jul 30, 2025Jul 30, 2025