17 projects
Security Standards & Guidelines
Standards and guidelines that define security requirements and best practices for application development. This collection can include frameworks, specifications, and documents that help developers design, verify, and achieve secure applications.
16,403 contributors
$4.3B
Most contributors
Cloud Native Computing Foundation (CNCF)
The Cloud Native Computing Foundation (CNCF) hosts critical components of the global technology infrastructure. CNCF brings together the world’s top developers, end users, and vendors and runs the largest open source developer conferences.
Contributors
12,436
Organizations
3,508
Software value
$3.4B
Open Source Security Foundation (OpenSSF)
The OpenSSF is a cross-industry collaboration that brings together leaders to improve the security of open source software (OSS) by building a broader community, targeted initiatives, and best practices, including addressing vulnerability disclosures, security tooling and more.
Contributors
2,207
Organizations
666
Software value
$670M
ComplianceAsCode
ComplianceAsCode is an open source project that provides tools and content for security compliance automation. It includes SCAP security guides and automated security scanning tools to help organizations assess and maintain compliance with various security standards and benchmarks.
Contributors
1,156
Organizations
158
Software value
$47M
Trust Over IP Project (ToIP)
Trust Over IP (ToIP) is an open source project and foundation focused on creating a complete architecture for Internet-scale digital trust that combines cryptographic assurance at the technical layer with human accountability at the governance layer. It aims to establish specifications, standards, and tools for digital trust infrastructure.
Contributors
422
Organizations
110
Software value
$79M
SLSA
Supply-chain Levels for Software Artifacts ("SLSA", pronounced "salsa") is a security framework from source to service, giving anyone working with software a common language for increasing levels of software security and supply chain integrity.
Contributors
176
Organizations
65
Software value
$42M
SBOM for Mainframe Applications Working Group
A working group focused on developing Software Bill of Materials (SBOM) standards and practices specifically for mainframe applications, aiming to improve software supply chain security and transparency in the mainframe ecosystem
Contributors
6
Organizations
3
Software value
$4.3K
ASVS
Application Security Verification Standard
This project hasn't been onboarded to LFX Insights.
CVE List Pilot Program
Pilot program for CVE submission through GitHub. CVE Record Submission via Pilot PRs ending 6/30/2023
This project hasn't been onboarded to LFX Insights.
CycloneDX Core Java
CycloneDX SBOM Model and Utils for Creating and Validating BOMs
This project hasn't been onboarded to LFX Insights.
OWASP Cheat Sheet Series
The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
This project hasn't been onboarded to LFX Insights.
OWASP Community Pages
OWASP Community Pages are a place where OWASP can accept community contributions for security-related content.
This project hasn't been onboarded to LFX Insights.
OWASP Mobile Application Security Testing Guide
The Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the controls listed in the OWASP Mobile Application Security Verification Standard (MASVS).
This project hasn't been onboarded to LFX Insights.
OWASP Web Security Testing Guide
The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
This project hasn't been onboarded to LFX Insights.
Web Application Security Working Group
Web Application Security Working Group repo
This project hasn't been onboarded to LFX Insights.