Projects in Awesome Lists by ossf
A curated list of projects in awesome lists by ossf .
https://github.com/ossf/scorecard
OpenSSF Scorecard - Security health metrics for Open Source
Last synced: 12 May 2025
https://github.com/ossf/cve-bin-tool
The CVE Binary Tool helps you determine if your system includes known vulnerabilities. You can scan binaries for over 350 common, vulnerable components (openssl, libpng, libxml2, expat and others), or if you know the components used, you can get a list of known vulnerabilities associated with an SBOM or a list of components and versions.
cve cvss devsecops hacktoberfest python sbom sbom-tool security security-automation security-tools swrepo system-tools vulnerabilities vulnerability
Last synced: 03 Mar 2026
https://github.com/ossf/criticality_score
Gives criticality score for an open source project
Last synced: 14 May 2025
https://github.com/ossf/allstar
GitHub App to set and enforce security policies
Last synced: 14 May 2025
https://github.com/ossf/wg-best-practices-os-developers
The Best Practices for OSS Developers working group is dedicated to raising awareness and education of secure code best practices for open source developers.
Last synced: 14 May 2025
https://github.com/ossf/fuzz-introspector
Fuzz Introspector -- introspect, extend and optimise fuzzers
fuzz-testing fuzzing security security-research testing vulnerability-analysis
Last synced: 15 May 2025
https://github.com/ossf/wg-securing-critical-projects
Helping allocate resources to secure the critical open source projects we all depend on.
Last synced: 26 Jan 2026
https://github.com/ossf/malicious-packages
A repository of reports of malicious packages identified in Open Source package repositories, consumable via the Open Source Vulnerability (OSV) format.
Last synced: 16 May 2025
https://github.com/ossf/wg-security-tooling
OpenSSF Security Tooling Working Group
Last synced: 25 Jan 2026
https://github.com/ossf/scorecard-action
Official GitHub Action for OpenSSF Scorecard.
github github-actions openssf-scorecard security supply-chain
Last synced: 15 May 2025
https://github.com/ossf/wg-metrics-and-metadata
The purpose of the Metrics & Metadata (formerly Identifying Security Threats) working group is to enable stakeholders to have informed confidence in the security of open source projects. We do this by collecting, curating, and communicating relevant metrics and metadata from open source projects and the ecosystems of which they are a part.
Last synced: 01 Feb 2026
https://github.com/ossf/s2c2f
The S2C2F Project is a group working within the OpenSSF's Supply Chain Integrity Working Group formed to further develop and continuously improve the S2C2F guide which outlines and defines how to securely consume Open Source Software (OSS) dependencies into the developer’s workflow.
Last synced: 27 Jan 2026
https://github.com/ossf/wg-supply-chain-integrity
Our objective is to enable open source maintainers, contributors and end-users to understand and make decisions on the provenance of the code they maintain, produce and use.
Last synced: 25 Feb 2026
https://github.com/ossf/secure-sw-dev-fundamentals
Secure Software Development Fundamentals courses (from the OpenSSF Best Practices WG)
Last synced: 12 Apr 2025
https://github.com/ossf/wg-vulnerability-disclosures
The OpenSSF Vulnerability Disclosures Working Group seeks to help improve the overall security of the open source software ecosystem by helping mature and advocate well-managed vulnerability reporting and communication.
Last synced: 25 Jan 2026
https://github.com/ossf/package-manager-best-practices
Collection of security best practices for package managers.
Last synced: 10 Apr 2025
https://github.com/ossf/wg-securing-software-repos
OpenSSF Working Group on Securing Software Repositories
Last synced: 06 Feb 2026
https://github.com/ossf/census
📜Automated review of open source software projects
analysis census metrics oss statistics
Last synced: 23 Aug 2025
https://github.com/ossf/alpha-omega
Our mission is to catalyze sustainable improvements to critical open source software projects and ecosystems.
open-source-security opensource security
Last synced: 28 Jan 2026
https://github.com/ossf/sbom-everywhere
Improve Software Bill of Materials (SBOM) tooling and training to encourage adoption
Last synced: 26 Jan 2026
https://github.com/ossf/security-reviews
A community collection of security reviews of open source software components.
security-audit security-reviews
Last synced: 27 Feb 2026
https://github.com/ossf/package-feeds
Feed parsing for language package manager updates
Last synced: 22 Jul 2025
https://github.com/ossf/wg-globalcyberpolicy
Global Cyber Policy Working Group
Last synced: 13 Feb 2026
https://github.com/ossf/project-security-metrics
Collect, curate, and communicate relevant security metrics for open source projects.
Last synced: 09 Apr 2025
https://github.com/ossf/ai-ml-security
Potential WG on Artificial Intelligence and Machine Learning (AI/ML)
Last synced: 12 Jun 2025
https://github.com/ossf/security-insights
Machine-readable specification for the attestation of security-relevant data.
Last synced: 08 Aug 2025
https://github.com/ossf/security-insights-spec
OPENSSF SECURITY INSIGHTS: Repository for development of the draft standard, where requests for modification should be made via Github Issues.
Last synced: 10 Jun 2025
https://github.com/ossf/great-mfa-project
The Great Multi-Factor Authentication (MFA) Distribution Project of the Open Source Security Foundation (OpenSSF). We work to distribute hardware MFA tokens to critical open source software (OSS) projects.
Last synced: 09 Apr 2025
https://github.com/ossf/scorecard-monitor
Simplify OpenSSF Scorecard tracking in your organization with automated markdown and JSON reports, plus optional GitHub issue alerts
github-actions open-source-management openssf-scorecard security security-audit security-tools
Last synced: 09 Oct 2025
https://github.com/ossf/scorecard-webapp
Website and API for OpenSSF Scorecard
Last synced: 28 Oct 2025
https://github.com/ossf/pvtr-github-repo-scanner
Privateer plugin for scanning the security hygiene of a GitHub repository.
Last synced: 07 Apr 2026
https://github.com/ossf/wg-orbit
ORBIT: Open Resources for Baselines, Interoperability, and Tooling
Last synced: 15 Feb 2026
https://github.com/ossf/scorecard-visualizer
Tool for visualizing the Open SSF Scorecard Api data in a human friendly way
Last synced: 09 Apr 2025
https://github.com/ossf/devrel-community
Evangelizing the mission and work of the OpenSSF and building strong community outreach around end-users, open-source maintainers, and contributors.
Last synced: 24 Jan 2026
https://github.com/ossf/gemara
Minimizing rework for governance activities.
Last synced: 06 Jan 2026
https://github.com/ossf/wg-bear
The BEAR (Belonging, Empowerment, Allyship, and Representation) WG, formerly DEI, was formed in December 2023 to enhance representation and cybersecurity workforce effectiveness.
Last synced: 19 Mar 2026
https://github.com/ossf/sirt
The OSS-SIRT SIG (Open Source Software Security Incident Response Team Special Interest Group) is a group working within the OSSF's Vulnerability Disclosure Working Group that is focused on creating secure vulnerability management capabilities within the open source ecosystem to ensure effective coordinated vulnerability disclosure practices (CVD)
Last synced: 30 Jan 2026
https://github.com/ossf/gb-planning-committee
The Governing Board Planning Committee guides OpenSSF vision and planning including mission, roadmap, milestones and key metrics for success of the overall organization.
Last synced: 09 Apr 2025
https://github.com/ossf/s2c2f-attestation-schema-and-tool
Secure Supply Chain Consumption Framework (S2C2F) OSCAL Catalog and tool
oscal s2c2f software-transparency
Last synced: 11 Jun 2025
https://github.com/ossf/oss-compromises
Archive of various open source security compromises
Last synced: 07 May 2025
https://github.com/ossf/github-org-access-scraper
GitHub lacks an API for listing an org's repos' access for non-team-based individuals, so, scrape it.
Last synced: 27 Oct 2025
https://github.com/ossf/glossary
A reference for common terms when talking about OpenSSF and open source software security.
Last synced: 14 Sep 2025
https://github.com/ossf/oss-analysis-census2-prototype
Prototype of Census 2 of open source software (NOT MAINTAINED)
Last synced: 09 Apr 2025
https://github.com/ossf/reliable-software-decomposition
Reliable Software Decomposition SIG
Last synced: 15 Feb 2026
https://github.com/ossf/secure-sw-dev-videos
Secure Software Development Fundamentals Courses
Last synced: 24 Jan 2026