🏆Open Source Security Foundation (OpenSSF) Best Practices Badge (formerly Core Infrastructure Initiative (CII) Best Practices Badge)
-
Updated
Apr 17, 2026 - Ruby
#
openssf
Here are 23 public repositories matching this topic...
GitGoat is an open source tool that was built to enable DevOps and Engineering teams to design and implement a sustainable misconfiguration prevention strategy. It can be used to test products with access to GitHub repositories without a risk to your production environment.
-
Updated
Jan 24, 2025 - Python
A compilation of Software Supply Chain Security resources including initiatives, standards, regulations, organizations, vendors, tooling, books, articles and a plethora of learning resources from the web.
cncf owasp vex vulnerability-management software-security dependency-management sbom attestations slsa open-source-security supply-chain-security supply-chain-attacks software-supply-chain-security openssf software-bill-of-material software-transparency
-
Updated
Jan 28, 2024
Format agnostic SBOM tooling
-
Updated
Nov 20, 2025 - Go
From the Linux Foundation office in New York City, welcome to "The Untold Stories of Open Source". Each week we explore the people who are supporting Open Source projects, how they became involved with it, and the problems they faced along the way.
-
Updated
Aug 15, 2024 - JavaScript
Tool for visualizing the Open SSF Scorecard Api data in a human friendly way
-
Updated
Nov 27, 2025 - TypeScript
OpenSSF Dashboard allows you to check the OpenSSF scorecards for entire organisations and users on GitHub or Gitlab.
-
Updated
May 30, 2025 - TypeScript
Track NodeSecure organization issues
-
Updated
Jul 3, 2023 - TypeScript
Agent Skill for enterprise readiness assessment - security, quality, and automation | Claude Code compatible
enterprise security skill devsecops open-standard slsa supply-chain-security ai-agent openssf agent-skills claude-code-skill
-
Updated
Apr 19, 2026 - Shell
Azure Pipelines Task for OpenSSF Scorecard
security azure-devops azure-devops-extension azure-pipelines azure-pipelines-task openssf openssf-scorecard
-
Updated
Apr 13, 2026 - TypeScript
Predict the next supply chain attack.
-
Updated
Apr 17, 2026 - Go
A minimal, security-first starter kit that adds pre-commit and CI/CD guardrails to any codebase — catch secrets, scan dependencies, and generate SBOMs before bad code ships.
-
Updated
Jan 18, 2026 - Makefile
OpenSSF `criticality_score` tool in a container.
-
Updated
Jun 25, 2022 - Dockerfile
Stage273: Structured Review Context — binding review records to SBOM and vulnerability scan artifacts as verifiable evidence.
cryptography ci verification ed25519 sha256 qsp sbom vulnerability-scan supply-chain-security openssf
-
Updated
Apr 17, 2026 - Python
Advanced Repository Security Posture Engine (DevSecOps CLI)
-
Updated
Feb 27, 2026 - TypeScript
Project to generate statistics about OpenSSF Compliance in the BEAM ecosystem.
-
Updated
Apr 13, 2026 - Elixir
Stage271: External Review Linked Proof — signed, hash-linked, CI-verifiable review records on top of Stage270.
cryptography ci verification ed25519 sha256 qsp transparency supply-chain-security openssf external-review
-
Updated
Apr 16, 2026 - Python
Improve this page
Add a description, image, and links to the openssf topic page so that developers can more easily learn about it.
Add this topic to your repo
To associate your repository with the openssf topic, visit your repo's landing page and select "manage topics."