Repositories list

• scorecard-action

  Public
  Official GitHub Action for OpenSSF Scorecard.

  githubsecuritysupply-chain+ 2

  githubsecuritysupply-chaingithub-actionsopenssf-scorecard

  Go

  •

  Apache License 2.0

  •8484 forks•369369 stars•3030 issues•1515 pull requests•Updated Apr 7, 2026Apr 7, 2026

• pvtr-github-repo-scanner

  Public

  ossf/pvtr-github-repo-scanner’s past year of commit activity
  Privateer plugin for scanning the security hygiene of a GitHub repository.

  Go

  •

  Apache License 2.0

  •1212 forks•2121 stars•2121 issues•44 pull requests•Updated Apr 7, 2026Apr 7, 2026

• osv-schema

  Public

  ossf/osv-schema’s past year of commit activity
  Open Source Vulnerability schema.

  Go

  •

  Apache License 2.0

  •115115 forks•243243 stars•4949 issues•99 pull requests•Updated Apr 7, 2026Apr 7, 2026

• secure-sw-dev-fundamentals

  Public

  ossf/secure-sw-dev-fundamentals’s past year of commit activity
  Secure Software Development Fundamentals courses (from the OpenSSF Best Practices WG)

  CSS

  •

  Creative Commons Attribution 4.0 International

  •5151 forks•202202 stars•3434 issues•22 pull requests•Updated Apr 7, 2026Apr 7, 2026

• malicious-packages

  Public

  ossf/malicious-packages’s past year of commit activity
  A repository of reports of malicious packages identified in Open Source package repositories, consumable via the Open Source Vulnerability (OSV) format.

  Go

  •

  Apache License 2.0

  •8282 forks•486486 stars•2121 issues•99 pull requests•Updated Apr 7, 2026Apr 7, 2026

• wg-best-practices-os-developers

  Public

  ossf/wg-best-practices-os-developers’s past year of commit activity
  The Best Practices for OSS Developers working group is dedicated to raising awareness and education of secure code best practices for open source developers.

  JavaScript

  •

  Apache License 2.0

  •191191 forks•1k1k stars•8282 issues•1414 pull requests•Updated Apr 7, 2026Apr 7, 2026

• tac

  Public

  ossf/tac’s past year of commit activity
  Technical Advisory Council

  Other

  •7777 forks•139139 stars•3939 issues•1919 pull requests•Updated Apr 7, 2026Apr 7, 2026

• cve-bin-tool

  Public

  ossf/cve-bin-tool’s past year of commit activity
  The CVE Binary Tool helps you determine if your system includes known vulnerabilities. You can scan binaries for over 350 common, vulnerable components (openssl…

  pythonsecurityvulnerability+ 11

  pythonsecurityvulnerabilityvulnerabilitiescvehacktoberfestcvsssecurity-automationsecurity-toolsdevsecops+ 4

  Python

  •

  GNU General Public License v3.0

  •613613 forks•1.7k1.7k stars•143143 issues•4949 pull requests•Updated Apr 7, 2026Apr 7, 2026

• oss-crs

  Public

  ossf/oss-crs’s past year of commit activity
  oss-crs

  Python

  •

  MIT License

  •44 forks•4040 stars•3030 issues•77 pull requests•Updated Apr 7, 2026Apr 7, 2026

• ossf-landscape

  Public

  ossf/ossf-landscape’s past year of commit activity
  Apache License 2.0

  •2828 forks•3131 stars•00 issues•11 pull request•Updated Apr 6, 2026Apr 6, 2026

• alpha-omega

  Public

  ossf/alpha-omega’s past year of commit activity
  Our mission is to catalyze sustainable improvements to critical open source software projects and ecosystems.

  securityopensourceopen-source-security

  securityopensourceopen-source-security

  Open Policy Agent

  •

  Apache License 2.0

  •6262 forks•121121 stars•00 issues•22 pull requests•Updated Apr 6, 2026Apr 6, 2026

• wg-securing-software-repos

  Public

  ossf/wg-securing-software-repos’s past year of commit activity
  OpenSSF Working Group on Securing Software Repositories

  Other

  •2929 forks•128128 stars•1111 issues•44 pull requests•Updated Apr 6, 2026Apr 6, 2026

• scorecard

  Public

  ossf/scorecard’s past year of commit activity
  OpenSSF Scorecard - Security health metrics for Open Source

  scorecardopenssf-scorecard

  scorecardopenssf-scorecard

  Go

  •

  Apache License 2.0

  •619619 forks•5.4k5.4k stars•364364 issues•3737 pull requests•Updated Apr 6, 2026Apr 6, 2026

• glossary

  Public

  ossf/glossary’s past year of commit activity
  A reference for common terms when talking about OpenSSF and open source software security.

  JavaScript

  •

  Apache License 2.0

  •66 forks•44 stars•44 issues•22 pull requests•Updated Apr 6, 2026Apr 6, 2026

• security-baseline

  Public

  ossf/security-baseline’s past year of commit activity
  Go

  •

  Apache License 2.0

  •3737 forks•149149 stars•5858 issues•66 pull requests•Updated Apr 6, 2026Apr 6, 2026

• allstar

  Public
  GitHub App to set and enforce security policies

  Go

  •

  Apache License 2.0

  •144144 forks•1.4k1.4k stars•6161 issues•11 pull request•Updated Apr 6, 2026Apr 6, 2026

• scorecard-webapp

  Public
  Website and API for OpenSSF Scorecard

  openssf-scorecard

  openssf-scorecard

  Go

  •

  Apache License 2.0

  •3030 forks•2828 stars•3131 issues•2727 pull requests•Updated Apr 3, 2026Apr 3, 2026

• wg-globalcyberpolicy

  Public
  Global Cyber Policy Working Group

  Apache License 2.0

  •1919 forks•109109 stars•1515 issues•00 pull requests•Updated Apr 2, 2026Apr 2, 2026

• si-tooling

  Public
  Python

  •

  Apache License 2.0

  •44 forks•88 stars•22 issues•22 pull requests•Updated Mar 30, 2026Mar 30, 2026

• fuzz-introspector

  Public
  Fuzz Introspector -- introspect, extend and optimise fuzzers

  testingsecurityfuzzing+ 3

  testingsecurityfuzzingfuzz-testingvulnerability-analysissecurity-research

  Python

  •

  Apache License 2.0

  •8383 forks•454454 stars•108108 issues•1010 pull requests•Updated Mar 30, 2026Mar 30, 2026

• scorecard-monitor

  Public
  Simplify OpenSSF Scorecard tracking in your organization with automated markdown and JSON reports, plus optional GitHub issue alerts

  securitysecurity-auditsecurity-tools+ 3

  securitysecurity-auditsecurity-toolsgithub-actionsopen-source-managementopenssf-scorecard

  JavaScript

  •

  Apache License 2.0

  •1414 forks•4747 stars•1313 issues•1010 pull requests•Updated Mar 28, 2026Mar 28, 2026

• wg-orbit

  Public
  ORBIT: Open Resources for Baselines, Interoperability, and Tooling

  Apache License 2.0

  •44 forks•2222 stars•77 issues•11 pull request•Updated Mar 19, 2026Mar 19, 2026

• security-insights

  Public
  Machine-readable specification for the attestation of security-relevant data.

  Go

  •

  Other

  •1616 forks•7373 stars•55 issues•22 pull requests•Updated Mar 19, 2026Mar 19, 2026

• artwork

  Public
  OpenSSF Artwork

  Apache License 2.0

  •1010 forks•88 stars•00 issues•00 pull requests•Updated Mar 17, 2026Mar 17, 2026

• toolbelt

  Public
  Apache License 2.0

  •66 forks•2626 stars•00 issues•00 pull requests•Updated Mar 17, 2026Mar 17, 2026

• orbit-launchpad

  Public
  Apache License 2.0

  •11 fork•22 stars•22 issues•11 pull request•Updated Mar 8, 2026Mar 8, 2026

• SIRT

  Public
  The OSS-SIRT SIG (Open Source Software Security Incident Response Team Special Interest Group) is a group working within the OSSF's Vulnerability Disclosure Wor…

  Apache License 2.0

  •66 forks•1010 stars•22 issues•11 pull request•Updated Mar 1, 2026Mar 1, 2026

• sbom-everywhere

  Public
  Improve Software Bill of Materials (SBOM) tooling and training to encourage adoption

  Vue

  •

  Apache License 2.0

  •4141 forks•112112 stars•2323 issues•1414 pull requests•Updated Feb 28, 2026Feb 28, 2026

• package-analysis

  Public
  Open Source Package Analysis

  Go

  •

  Apache License 2.0

  •6464 forks•872872 stars•6666 issues•1717 pull requests•Updated Feb 27, 2026Feb 27, 2026

• security-assessments

  Public
  Apache License 2.0

  •77 forks•1818 stars•77 issues•22 pull requests•Updated Feb 26, 2026Feb 26, 2026