28 projects
Open Source Security Foundation (OpenSSF)
The Open Source Security Foundation (OpenSSF) is a collaborative initiative under the Linux Foundation, dedicated to improving security in open-source software. It brings together industry leaders, developers, and security experts to address vulnerabilities and enhance the supply chain security of open-source projects.
Most contributors
Sigstore
Software Supply Chain Security
Contributors
4,187
Organizations
576
Open Source Security Foundation (OpenSSF)
OpenSSF is a community of software developers and security engineers who are working together to secure open source software for the greater public good.
Contributors
2,029
Organizations
310
Zarf
Zarf is a Linux Foundation project focused on creating tools for air-gapped environments, enabling secure package management and deployment of containerized applications without requiring direct internet connectivity.
Contributors
1,567
Organizations
83
OpenSSF Scorecard
OpenSSF Scorecard is a Linux Foundation project that automatically evaluates open source software security practices, providing metrics and insights to help identify vulnerabilities and improve security posture across projects.
Contributors
748
Organizations
254
GUAC
GUAC (Graph for Understanding Artifact Composition) is a Linux Foundation project that creates a knowledge graph of software security metadata to help improve software supply chain security through comprehensive vulnerability analysis.
Contributors
444
Organizations
92
Repository Service for TUF
Repository Service for TUF
Contributors
374
Organizations
119
Allstar
Allstar is a Linux Foundation project that provides automated security policy enforcement for GitHub repositories, helping developers maintain consistent security practices across their codebases.
Contributors
329
Organizations
52
Vulnerability Disclosures Working Group
A Linux Foundation initiative that establishes best practices and standards for responsible disclosure of security vulnerabilities, fostering collaboration between security researchers, software vendors, and users to enhance cybersecurity across open source ecosystems.
Contributors
262
Organizations
103
Best Practices For OSS Developers Working Group
A Linux Foundation initiative establishing standardized guidelines and recommended practices for open source software developers to improve code quality, security, and collaboration across OSS projects.
Contributors
237
Organizations
99
Security Software Repositories Working Group
A Linux Foundation initiative focused on establishing best practices, standards, and tools for securing software repositories to enhance the integrity and trustworthiness of open-source software supply chains.
Contributors
206
Organizations
62
SLSA
SLSA (Supply-chain Levels for Software Artifacts) is a Linux Foundation security framework that establishes standards to prevent tampering, improve integrity, and secure packages and infrastructure in the software supply chain.
Contributors
204
Organizations
55
Alpha-Omega
Alpha-Omega is a Linux Foundation initiative focused on improving open-source software security through systematic vulnerability identification and remediation in critical projects, enhancing the overall security posture of the open-source ecosystem.
Contributors
160
Organizations
39
Security Tooling Working Group
A Linux Foundation initiative focused on developing, standardizing, and improving security tools and methodologies for open source software ecosystems, enhancing vulnerability detection, management, and overall security posture across projects.
Contributors
104
Organizations
63
Criticality Score
Criticality Score is a Linux Foundation project that quantitatively assesses open source projects' criticality to help identify which projects require security investments and support based on their importance to the ecosystem.
Contributors
101
Organizations
39
Protobom
A format-neutral SBOM data represatation and I/O library
Contributors
62
Organizations
27
Edu.sig
Edu.sig is a Linux Foundation project focused on advancing open source educational technologies and standards to improve digital learning environments and promote collaborative development in educational software.
Contributors
52
Organizations
20
CTi
CTi is a Linux Foundation project focused on developing open-source tools and standards for cloud-native technologies, enhancing interoperability, security, and scalability across distributed computing environments.
Contributors
41
Organizations
1
gittuf
Gittuf is a Linux Foundation project focused on enhancing Git repository security through cryptographic verification and supply chain integrity protection mechanisms.
Contributors
35
Organizations
1
Supply Chain Integrity Working Group
A Linux Foundation initiative that collaborates to enhance supply chain security through standards, best practices, and tools, addressing vulnerabilities and ensuring integrity across software development and distribution ecosystems.
Contributors
35
Organizations
20
Metrics and Metadata Working Group
A Linux Foundation initiative focused on establishing standardized metrics and metadata frameworks for open source projects, enabling consistent measurement, evaluation, and reporting of project health, contributions, and impact across the ecosystem.
Contributors
34
Organizations
21
S2C2F
S2C2F is a Linux Foundation project focused on enhancing software supply chain security through collaborative frameworks, tools, and standards to protect development pipelines and ensure software integrity across ecosystems.
Contributors
31
Organizations
17
SIRT
SIRT (Security Incident Response Team) is a Linux Foundation project focused on coordinating vulnerability management and incident response across open source ecosystems, providing security expertise and standardized protocols to address cybersecurity threats effectively.
Contributors
19
Organizations
6
Security Metrics
Security Metrics is a Linux Foundation project focused on developing standardized measurements and benchmarks to evaluate software security posture, enabling organizations to quantify security effectiveness and make data-driven improvements to their security programs.
Contributors
17
Organizations
1
Package Analysis/Feeds
A Linux Foundation initiative that analyzes software packages and provides data feeds to enhance open-source software security, dependency tracking, and ecosystem transparency.
Contributors
12
Organizations
2
OSV Schema
OSV Schema is a Linux Foundation project that standardizes vulnerability reporting formats across open source ecosystems, enabling consistent security information exchange and automated vulnerability management.
Contributors
1
Organizations
1
Security Insights Spec
Security Insights Spec is a Linux Foundation project that standardizes security documentation formats, enabling automated security information sharing and analysis across software ecosystems.
This project hasn't been onboarded to LFX Insights.
SBOMit
A tool that adds in-toto attestations to Software Bills of Materials (SBOMs), providing verification information to improve software supply chain security.
This project hasn't been onboarded to LFX Insights.
Fuzz Introspector
Fuzz Introspector is a Linux Foundation project that enhances fuzzing efficiency by analyzing code coverage and structure to identify under-tested areas, helping developers improve security testing and vulnerability detection in software applications.
This project hasn't been onboarded to LFX Insights.