Projects are OpenSSF Technical Initiatives that support the innovative delivery of security tooling and best practices to secure critical open source software.

The OpenSSF Technical Advisory Council is responsible for the oversight of the various Technical Initiatives (TI) and maintains a project lifecycle for hosted projects. Interested in hosting a project?

๐Ÿ‘ Image

Best Practices Badge

Best practices for Free/Libre and Open Source Software.

Learn More
๐Ÿ‘ Image

Bomctl

Bridging the gap between SBOM generation and SBOM analysis tools.

Learn More
๐Ÿ‘ Image

Criticality Score

Assigning a score to create a list of critical open source projects.

Learn More
๐Ÿ‘ Image

Fuzz introspector

Improving the fuzzing experience of a project.

Learn More
๐Ÿ‘ Image

Gemara

A model for the categorical layers of activities related to automated governance.

Learn More
๐Ÿ‘ Image

gittuf

Protect the contents of a Git repository from unauthorized or malicious changes.

Learn More
๐Ÿ‘ Image

GUAC

Directed, actionable insights into the security of your software supply chain.

Learn More
๐Ÿ‘ Image

Minder

Proactively manage security posture by providing a set of checks and policies.

Learn More
๐Ÿ‘ Image

OpenBao

Manage, store, and distribute sensitive data including secrets, certificates, and keys

Learn More
๐Ÿ‘ Image

OpenSSF Model Signing (OMS)

A library and CLI for signing and verification of ML models.

Learn More
๐Ÿ‘ Image

OpenSSF Scorecard

Assess open source projects for security risks through a series of automated checks.

Learn More
๐Ÿ‘ Image

OpenVEX

A simplified Vulnerability Exploitability eXchange implementation.

Learn More
๐Ÿ‘ Image

OSPS Baseline

Structured security requirements aligned with international frameworks, standards, and regulations.

Learn More
๐Ÿ‘ Image

OSS-CRS

A standard orchestration framework for LLM-based bug-finding and bug-fixing systems (Cyber Reasoning Systems)

Learn More
๐Ÿ‘ Image

OSV Schema

Better vulnerability triage for open source.

Learn More
๐Ÿ‘ Image

Package Analysis

Improving the security of open source software by detecting malicious behavior.

Learn More
๐Ÿ‘ Image

Protobom

A format-neutral SBOM data representation and I/O library.

Learn More
๐Ÿ‘ Image

Repository Service for TUF

Securing content downloads from tampering between repository and client.

Learn More
๐Ÿ‘ Image

SBOMit

Specification of an SBOM format independent method for attesting components.

Learn More
๐Ÿ‘ Image

Security Insights

Machine-processable project security information reporting.

Learn More
๐Ÿ‘ Image

Sigstore

Sigstore is a standard for signing, verifying, and protecting software.

Learn More
๐Ÿ‘ Image

SLSA

Safeguarding artifact integrity across any software supply chain.

Learn More
๐Ÿ‘ Image

Zarf

Enable continuous software delivery on systems disconnected from the internet.

Learn More
๐Ÿ‘ Image

Best Practices Badge

Best practices for Free/Libre and Open Source Software.

Learn More
๐Ÿ‘ Image

Sigstore

Sigstore is a standard for signing, verifying, and protecting software.

Learn More
๐Ÿ‘ Image

SLSA

Safeguarding artifact integrity across any software supply chain.

Learn More
๐Ÿ‘ Image

gittuf

Protect the contents of a Git repository from unauthorized or malicious changes.

Learn More
๐Ÿ‘ Image

GUAC

Directed, actionable insights into the security of your software supply chain.

Learn More
๐Ÿ‘ Image

OpenSSF Scorecard

Assess open source projects for security risks through a series of automated checks.

Learn More
๐Ÿ‘ Image

OSPS Baseline

Structured security requirements aligned with international frameworks, standards, and regulations.

Learn More
๐Ÿ‘ Image

Repository Service for TUF

Securing content downloads from tampering between repository and client.

Learn More
๐Ÿ‘ Image

Bomctl

Bridging the gap between SBOM generation and SBOM analysis tools.

Learn More
๐Ÿ‘ Image

Gemara

A model for the categorical layers of activities related to automated governance.

Learn More
๐Ÿ‘ Image

Minder

Proactively manage security posture by providing a set of checks and policies.

Learn More
๐Ÿ‘ Image

OpenBao

Manage, store, and distribute sensitive data including secrets, certificates, and keys

Learn More
๐Ÿ‘ Image

OpenSSF Model Signing (OMS)

A library and CLI for signing and verification of ML models.

Learn More
๐Ÿ‘ Image

OpenVEX

A simplified Vulnerability Exploitability eXchange implementation.

Learn More
๐Ÿ‘ Image

OSS-CRS

A standard orchestration framework for LLM-based bug-finding and bug-fixing systems (Cyber Reasoning Systems)

Learn More
๐Ÿ‘ Image

Protobom

A format-neutral SBOM data representation and I/O library.

Learn More
๐Ÿ‘ Image

SBOMit

Specification of an SBOM format independent method for attesting components.

Learn More
๐Ÿ‘ Image

Security Insights

Machine-processable project security information reporting.

Learn More
๐Ÿ‘ Image

Zarf

Enable continuous software delivery on systems disconnected from the internet.

Learn More
๐Ÿ‘ Image

Criticality Score

Assigning a score to create a list of critical open source projects.

Learn More
๐Ÿ‘ Image

Fuzz introspector

Improving the fuzzing experience of a project.

Learn More
๐Ÿ‘ Image

OSV Schema

Better vulnerability triage for open source.

Learn More
๐Ÿ‘ Image

Package Analysis

Improving the security of open source software by detecting malicious behavior.

Learn More