Repositories list

• malicious-packages

  Public

  ossf/malicious-packages’s past year of commit activity
  A repository of reports of malicious packages identified in Open Source package repositories, consumable via the Open Source Vulnerability (OSV) format.

  Go

  •

  Apache License 2.0

  •100100 forks•524524 stars•2323 issues•66 pull requests•Updated May 30, 2026May 30, 2026

• pvtr-github-repo-scanner

  Public
  Privateer plugin for scanning the security hygiene of a GitHub repository.

  Go

  •

  Apache License 2.0

  •1414 forks•2323 stars•2424 issues•88 pull requests•Updated May 30, 2026May 30, 2026

• package-analysis

  Public
  Open Source Package Analysis

  Go

  •

  Apache License 2.0

  •6969 forks•890890 stars•6565 issues•1111 pull requests•Updated May 30, 2026May 30, 2026

• gpu-hashlib

  Public
  Rust

  •

  Apache License 2.0

  •11 fork•22 stars•00 issues•11 pull request•Updated May 29, 2026May 29, 2026

• tac

  Public

  ossf/tac’s past year of commit activity
  Technical Advisory Council

  Other

  •8383 forks•144144 stars•3838 issues•1414 pull requests•Updated May 29, 2026May 29, 2026

• cve-bin-tool

  Public
  The CVE Binary Tool helps you determine if your system includes known vulnerabilities. You can scan binaries for over 350 common, vulnerable components (openssl…

  pythonsecurityvulnerability+ 11

  pythonsecurityvulnerabilityvulnerabilitiescvehacktoberfestcvsssecurity-automationsecurity-toolsdevsecops+ 4

  Python

  •

  GNU General Public License v3.0

  •620620 forks•1.7k1.7k stars•147147 issues•5252 pull requests•Updated May 29, 2026May 29, 2026

• oss-crs

  Public
  Cyber Reasoning Systems for Bug-Finding and Patching in Open Source Software

  Python

  •

  MIT License

  •1212 forks•8989 stars•2929 issues•1212 pull requests•Updated May 28, 2026May 28, 2026

• education

  Public
  OpenSSF Education SIG

  Apache License 2.0

  •1717 forks•1818 stars•44 issues•11 pull request•Updated May 28, 2026May 28, 2026

• security-assessments

  Public

  ossf/security-assessments’s past year of commit activity
  Apache License 2.0

  •77 forks•1818 stars•55 issues•00 pull requests•Updated May 28, 2026May 28, 2026

• scorecard-visualizer

  Public
  Tool for visualizing the Open SSF Scorecard Api data in a human friendly way

  openssfopenssf-scorecard

  openssfopenssf-scorecard

  TypeScript

  •

  Apache License 2.0

  •77 forks•1919 stars•11 issue•1616 pull requests•Updated May 28, 2026May 28, 2026

• fuzz-introspector

  Public
  Fuzz Introspector -- introspect, extend and optimise fuzzers

  testingsecurityfuzzing+ 3

  testingsecurityfuzzingfuzz-testingvulnerability-analysissecurity-research

  Python

  •

  Apache License 2.0

  •8585 forks•456456 stars•109109 issues•99 pull requests•Updated May 27, 2026May 27, 2026

• security-baseline

  Public
  Go

  •

  Apache License 2.0

  •4141 forks•155155 stars•5757 issues•33 pull requests•Updated May 27, 2026May 27, 2026

• si-tooling

  Public
  Python

  •

  Apache License 2.0

  •44 forks•99 stars•22 issues•00 pull requests•Updated May 27, 2026May 27, 2026

• scorecard-action

  Public
  Official GitHub Action for OpenSSF Scorecard.

  githubsecuritysupply-chain+ 2

  githubsecuritysupply-chaingithub-actionsopenssf-scorecard

  Go

  •

  Apache License 2.0

  •8585 forks•380380 stars•3030 issues•1818 pull requests•Updated May 26, 2026May 26, 2026

• allstar

  Public
  GitHub App to set and enforce security policies

  Go

  •

  Apache License 2.0

  •147147 forks•1.4k1.4k stars•5858 issues•55 pull requests•Updated May 25, 2026May 25, 2026

• glossary

  Public
  A reference for common terms when talking about OpenSSF and open source software security.

  JavaScript

  •

  Apache License 2.0

  •77 forks•44 stars•44 issues•44 pull requests•Updated May 25, 2026May 25, 2026

• scorecard

  Public
  OpenSSF Scorecard - Security health metrics for Open Source

  scorecardopenssf-scorecard

  scorecardopenssf-scorecard

  Go

  •

  Apache License 2.0

  •652652 forks•5.5k5.5k stars•371371 issues•4242 pull requests•Updated May 25, 2026May 25, 2026

• osv-schema

  Public
  Open Source Vulnerability schema.

  Go

  •

  Apache License 2.0

  •116116 forks•252252 stars•5050 issues•77 pull requests•Updated May 25, 2026May 25, 2026

• scorecard-webapp

  Public
  Website and API for OpenSSF Scorecard

  openssf-scorecard

  openssf-scorecard

  Go

  •

  Apache License 2.0

  •3030 forks•2828 stars•3232 issues•3333 pull requests•Updated May 23, 2026May 23, 2026

• secure-sw-dev-fundamentals

  Public
  Secure Software Development Fundamentals courses (from the OpenSSF Best Practices WG)

  CSS

  •

  Creative Commons Attribution 4.0 International

  •5151 forks•203203 stars•3434 issues•44 pull requests•Updated May 22, 2026May 22, 2026

• wg-best-practices-os-developers

  Public
  The Best Practices for OSS Developers working group is dedicated to raising awareness and education of secure code best practices for open source developers.

  JavaScript

  •

  Apache License 2.0

  •199199 forks•1k1k stars•8282 issues•1515 pull requests•Updated May 20, 2026May 20, 2026

• ossf-landscape

  Public
  Apache License 2.0

  •2828 forks•3131 stars•00 issues•00 pull requests•Updated May 20, 2026May 20, 2026

• sig-basejump

  Public
  Python

  •

  Apache License 2.0

  •00 forks•22 stars•00 issues•66 pull requests•Updated May 19, 2026May 19, 2026

• wg-bear

  Public
  The BEAR (Belonging, Empowerment, Allyship, and Representation) WG, formerly DEI, was formed in December 2023 to enhance representation and cybersecurity workfo…

  Apache License 2.0

  •77 forks•1313 stars•1010 issues•22 pull requests•Updated May 18, 2026May 18, 2026

• model-signing-spec

  Public
  Model Signing Specification

  Python

  •

  Apache License 2.0

  •44 forks•1616 stars•33 issues•33 pull requests•Updated May 15, 2026May 15, 2026

• alpha-omega

  Public
  Our mission is to catalyze sustainable improvements to critical open source software projects and ecosystems.

  securityopensourceopen-source-security

  securityopensourceopen-source-security

  Open Policy Agent

  •

  Apache License 2.0

  •6464 forks•129129 stars•00 issues•22 pull requests•Updated May 12, 2026May 12, 2026

• scorecard-monitor

  Public
  Simplify OpenSSF Scorecard tracking in your organization with automated markdown and JSON reports, plus optional GitHub issue alerts

  securitysecurity-auditsecurity-tools+ 3

  securitysecurity-auditsecurity-toolsgithub-actionsopen-source-managementopenssf-scorecard

  JavaScript

  •

  Apache License 2.0

  •1515 forks•4848 stars•1414 issues•66 pull requests•Updated May 11, 2026May 11, 2026

• security-insights

  Public
  Machine-readable specification for the attestation of security-relevant data.

  Go

  •

  Other

  •1717 forks•7575 stars•88 issues•22 pull requests•Updated May 11, 2026May 11, 2026

• ai-ml-security

  Public
  Working Group on Artificial Intelligence and Machine Learning (AI/ML) Security

  Apache License 2.0

  •2727 forks•171171 stars•1111 issues•00 pull requests•Updated May 1, 2026May 1, 2026

• .github

  Public
  Github configuration

  77 forks•22 stars•00 issues•11 pull request•Updated Apr 27, 2026Apr 27, 2026