Skip to content
@ossf

Open Source Security Foundation (OpenSSF)

OpenSSF is a community of software developers and security engineers who are working together to secure open source software for the greater public good.
OpenSSF Logo

OpenSSF is committed to working both upstream and with existing communities to advance open source security for all.

We foster collaboration, establish best practices, and develop innovative solutions to secure the development, maintenance, and consumption of open source software. OpenSSF is part of the nonprofit Linux Foundation.

Working Groups:

For any questions, concerns, reports, etc., please email [email protected].

Get Involved

Membership

We encourage all individual contributors to work with their employers to become members. We aim to grow an active, healthy community of contributors, reviewers, and code owners. Learn more about the requirements and responsibilities of membership in our Membership page or see current members.

Pinned Loading

  1. wg-best-practices-os-developers wg-best-practices-os-developers Public

    The Best Practices for OSS Developers working group is dedicated to raising awareness and education of secure code best practices for open source developers.

    JavaScript 896 173

  2. ai-ml-security ai-ml-security Public

    Working Group on Artificial Intelligence and Machine Learning (AI/ML) Security

    99 15

  3. wg-securing-critical-projects wg-securing-critical-projects Public

    Helping allocate resources to secure the critical open source projects we all depend on.

    359 42

  4. wg-securing-software-repos wg-securing-software-repos Public

    OpenSSF Working Group on Securing Software Repositories

    111 21

  5. tac tac Public

    Technical Advisory Council

    128 72

  6. foundation foundation Public

    OpenSSF Governance and Legal Docs

    72 17

Repositories

Showing 10 of 72 repositories
  • malicious-packages Public

    A repository of reports of malicious packages identified in Open Source package repositories, consumable via the Open Source Vulnerability (OSV) format.

    ossf/malicious-packages’s past year of commit activity
    Go 322 Apache-2.0 45 14 4 Updated Jul 31, 2025
  • ossf/security-baseline’s past year of commit activity
    Go 99 Apache-2.0 27 41 (6 issues need help) 4 Updated Jul 31, 2025
  • scorecard-visualizer Public

    Tool for visualizing the Open SSF Scorecard Api data in a human friendly way

    ossf/scorecard-visualizer’s past year of commit activity
    TypeScript 16 Apache-2.0 5 1 11 Updated Jul 31, 2025
  • osv-schema Public

    Open Source Vulnerability schema.

    ossf/osv-schema’s past year of commit activity
    Go 205 Apache-2.0 97 33 14 Updated Jul 31, 2025
  • secure-sw-dev-fundamentals Public

    Secure Software Development Fundamentals courses (from the OpenSSF Best Practices WG)

    ossf/secure-sw-dev-fundamentals’s past year of commit activity
    CSS 196 CC-BY-4.0 52 34 2 Updated Jul 31, 2025
  • artwork Public

    OpenSSF Artwork

    ossf/artwork’s past year of commit activity
    9 Apache-2.0 10 0 0 Updated Jul 30, 2025
  • ossf/ossf-landscape’s past year of commit activity
    30 Apache-2.0 27 0 0 Updated Jul 30, 2025
  • alpha-omega Public

    Our mission is to catalyze sustainable improvements to critical open source software projects and ecosystems.

    ossf/alpha-omega’s past year of commit activity
    Open Policy Agent 107 Apache-2.0 58 52 (11 issues need help) 0 Updated Jul 29, 2025
  • scorecard Public

    OpenSSF Scorecard - Security health metrics for Open Source

    ossf/scorecard’s past year of commit activity
    Go 5,009 Apache-2.0 561 363 (12 issues need help) 27 Updated Jul 29, 2025
  • foundation Public

    OpenSSF Governance and Legal Docs

    ossf/foundation’s past year of commit activity
    72 Apache-2.0 17 0 0 Updated Jul 29, 2025