Repositories list

• fuzz-introspector

  Public

  ossf/fuzz-introspector’s past year of commit activity
  Fuzz Introspector -- introspect, extend and optimise fuzzers

  testingsecurityfuzzing+ 3fuzz-testingvulnerability-analysissecurity-research

  Python

  •

  Apache License 2.0

  •81•447•107•8•Updated Feb 23, 2026Feb 23, 2026

• malicious-packages

  Public

  ossf/malicious-packages’s past year of commit activity
  A repository of reports of malicious packages identified in Open Source package repositories, consumable via the Open Source Vulnerability (OSV) format.

  Go

  •

  Apache License 2.0

  •75•459•17•9•Updated Feb 23, 2026Feb 23, 2026

• allstar

  Public

  ossf/allstar’s past year of commit activity
  GitHub App to set and enforce security policies

  Go

  •

  Apache License 2.0

  •144•1.4k•61•3•Updated Feb 23, 2026Feb 23, 2026

• ossf-landscape

  Public

  ossf/ossf-landscape’s past year of commit activity
  Apache License 2.0

  •28•31•0•0•Updated Feb 23, 2026Feb 23, 2026

• orbit-launchpad

  Public

  ossf/orbit-launchpad’s past year of commit activity
  Apache License 2.0

  •1•1•1•0•Updated Feb 23, 2026Feb 23, 2026

• scorecard

  Public

  ossf/scorecard’s past year of commit activity
  OpenSSF Scorecard - Security health metrics for Open Source

  scorecardopenssf-scorecard

  Go

  •

  Apache License 2.0

  •604•5.3k•361•23•Updated Feb 23, 2026Feb 23, 2026

• wg-orbit

  Public

  ossf/wg-orbit’s past year of commit activity
  ORBIT: Open Resources for Baselines, Interoperability, and Tooling

  Apache License 2.0

  •4•21•6•1•Updated Feb 23, 2026Feb 23, 2026

• cve-bin-tool

  Public

  ossf/cve-bin-tool’s past year of commit activity
  The CVE Binary Tool helps you determine if your system includes known vulnerabilities. You can scan binaries for over 350 common, vulnerable components (openssl…

  pythonsecurityvulnerability+ 11vulnerabilitiescvehacktoberfestcvsssecurity-automationsecurity-toolsdevsecops+ 4

  Python

  •

  GNU General Public License v3.0

  •600•1.6k•152•64•Updated Feb 23, 2026Feb 23, 2026

• pvtr-github-repo-scanner

  Public

  ossf/pvtr-github-repo-scanner’s past year of commit activity
  Privateer plugin for scanning the security hygiene of a GitHub repository.

  Go

  •

  Apache License 2.0

  •11•20•21•4•Updated Feb 21, 2026Feb 21, 2026

• wg-globalcyberpolicy

  Public

  ossf/wg-globalcyberpolicy’s past year of commit activity
  Global Cyber Policy Working Group

  Apache License 2.0

  •19•103•14•2•Updated Feb 20, 2026Feb 20, 2026

• scorecard-webapp

  Public

  ossf/scorecard-webapp’s past year of commit activity
  Website and API for OpenSSF Scorecard

  openssf-scorecard

  Go

  •

  Apache License 2.0

  •30•28•31•25•Updated Feb 20, 2026Feb 20, 2026

• scorecard-monitor

  Public

  ossf/scorecard-monitor’s past year of commit activity
  Simplify OpenSSF Scorecard tracking in your organization with automated markdown and JSON reports, plus optional GitHub issue alerts

  securitysecurity-auditsecurity-tools+ 3github-actionsopen-source-managementopenssf-scorecard

  JavaScript

  •

  Apache License 2.0

  •14•42•13•11•Updated Feb 20, 2026Feb 20, 2026

• osv-schema

  Public

  ossf/osv-schema’s past year of commit activity
  Open Source Vulnerability schema.

  Go

  •

  Apache License 2.0

  •111•234•50•8•Updated Feb 20, 2026Feb 20, 2026

• security-baseline

  Public

  ossf/security-baseline’s past year of commit activity
  Go

  •

  Apache License 2.0

  •35•141•57•2•Updated Feb 19, 2026Feb 19, 2026

• security-assessments

  Public

  ossf/security-assessments’s past year of commit activity
  Apache License 2.0

  •5•18•7•2•Updated Feb 19, 2026Feb 19, 2026

• wg-best-practices-os-developers

  Public

  ossf/wg-best-practices-os-developers’s past year of commit activity
  The Best Practices for OSS Developers working group is dedicated to raising awareness and education of secure code best practices for open source developers.

  JavaScript

  •

  Apache License 2.0

  •188•990•72•9•Updated Feb 19, 2026Feb 19, 2026

• tac

  Public

  ossf/tac’s past year of commit activity
  Technical Advisory Council

  Other

  •76•135•40•18•Updated Feb 17, 2026Feb 17, 2026

• si-tooling

  Public

  ossf/si-tooling’s past year of commit activity
  Python

  •

  Apache License 2.0

  •4•7•2•1•Updated Feb 17, 2026Feb 17, 2026

• gpu-hashlib

  Public

  ossf/gpu-hashlib’s past year of commit activity
  Apache License 2.0

  •0•0•0•0•Updated Feb 13, 2026Feb 13, 2026

• sbom-everywhere

  Public
  Improve Software Bill of Materials (SBOM) tooling and training to encourage adoption

  Vue

  •

  Apache License 2.0

  •41•110•23•11•Updated Feb 11, 2026Feb 11, 2026

• alpha-omega

  Public
  Our mission is to catalyze sustainable improvements to critical open source software projects and ecosystems.

  securityopensourceopen-source-security

  Open Policy Agent

  •

  Apache License 2.0

  •62•112•0•1•Updated Feb 10, 2026Feb 10, 2026

• scorecard-action

  Public
  Official GitHub Action for OpenSSF Scorecard.

  githubsecuritysupply-chain+ 2github-actionsopenssf-scorecard

  Go

  •

  Apache License 2.0

  •82•360•28•13•Updated Feb 10, 2026Feb 10, 2026

• wg-vulnerability-disclosures

  Public

  ossf/wg-vulnerability-disclosures’s past year of commit activity
  The OpenSSF Vulnerability Disclosures Working Group seeks to help improve the overall security of the open source software ecosystem by helping mature and advoc…

  Apache License 2.0

  •43•213•43•0•Updated Feb 4, 2026Feb 4, 2026

• security-insights

  Public
  Machine-readable specification for the attestation of security-relevant data.

  Go

  •

  Other

  •16•72•5•2•Updated Feb 2, 2026Feb 2, 2026

• wg-bear

  Public
  The BEAR (Belonging, Empowerment, Allyship, and Representation) WG, formerly DEI, was formed in December 2023 to enhance representation and cybersecurity workfo…

  Apache License 2.0

  •5•12•8•2•Updated Jan 26, 2026Jan 26, 2026

• wg-supply-chain-integrity

  Public
  Our objective is to enable open source maintainers, contributors and end-users to understand and make decisions on the provenance of the code they maintain, pro…

  Apache License 2.0

  •36•197•10•1•Updated Jan 15, 2026Jan 15, 2026

• secure-sw-dev-fundamentals

  Public
  Secure Software Development Fundamentals courses (from the OpenSSF Best Practices WG)

  CSS

  •

  Creative Commons Attribution 4.0 International

  •51•200•34•3•Updated Dec 22, 2025Dec 22, 2025

• ai-ml-security

  Public
  Working Group on Artificial Intelligence and Machine Learning (AI/ML) Security

  Apache License 2.0

  •22•145•9•0•Updated Dec 19, 2025Dec 19, 2025

• wg-securing-software-repos

  Public

  ossf/wg-securing-software-repos’s past year of commit activity
  OpenSSF Working Group on Securing Software Repositories

  Other

  •29•129•11•4•Updated Dec 18, 2025Dec 18, 2025

• criticality_score

  Public
  Gives criticality score for an open source project

  Go

  •

  Apache License 2.0

  •130•1.4k•45•35•Updated Dec 2, 2025Dec 2, 2025