ossf / Project-Security-Metrics
Collect, curate, and communicate relevant security metrics for open source projects.
☆63Updated last year
Alternatives and similar repositories for Project-Security-Metrics:
Users that are interested in Project-Security-Metrics are comparing it to the libraries listed below
- A community collection of security reviews of open source software components.☆93Updated last year
- Technical Advisory Council☆122Updated last week
- The OpenSSF Vulnerability Disclosures Working Group seeks to help improve the overall security of the open source software ecosystem by h…☆187Updated 3 weeks ago
- The purpose of the Metrics & Metadata (formerly Identifying Security Threats) working group is to enable stakeholders to have informed co…☆222Updated last year
- Our objective is to enable open source maintainers, contributors and end-users to understand and make decisions on the provenance of the …☆181Updated last year
- OpenSSF Security Tooling Working Group☆308Updated 11 months ago
- OpenVEX Specification☆145Updated 3 weeks ago
- A guide on coordinated vulnerability disclosure for open source projects. Includes templates for security policies (security.md) and disc…☆120Updated 3 months ago
- ☆29Updated this week
- Machine-readable specification for the attestation of security-relevant data.☆59Updated last week
- A Python library and command line interface for CVE Services.☆65Updated last month
- Markdown Version of the DHS/CISA Secure Software Development Self Attestation Form.☆21Updated last year
- A tool to check the security settings of Github Organizations.☆71Updated last year
- OpenSSF Working Group on Securing Software Repositories☆103Updated last week
- This project is deprecated. Use https://github.com/returntocorp/semgrep instead☆73Updated last year
- Open Source Vulnerability schema.☆198Updated 2 weeks ago
- A repository with examples of CycloneDX BOMs (SBOM, SaaSBOM, OBOM, VEX, etc)☆193Updated last week
- ☆100Updated 3 weeks ago
- Software Component Verification Standard (SCVS)☆143Updated 3 weeks ago
- VINCE is the Vulnerability Information and Coordination Environment developed and used by the CERT Coordination Center to improve coordin…☆64Updated 3 weeks ago
- Working Group on Artificial Intelligence and Machine Learning (AI/ML) Security☆75Updated 6 months ago
- Feed parsing for language package manager updates☆78Updated 4 months ago
- A standard API specification for exchanging supply chain artifacts and intelligence☆78Updated last week
- ☆63Updated 2 years ago
- Security scanning & static analysis tool☆94Updated 6 months ago
- Securing Alice's, Bob's and Carl's software supply chain using in-toto☆92Updated last month
- Website for OmniBOR, reproducible identifiers & fine-grained build dependency tracking for software artifacts.☆21Updated 2 months ago
- Global Security Database Tools☆42Updated last year
- The Open Threat Modeling Format (OTM) defines a platform independent way to define the threat model of any system.☆171Updated 5 months ago
- A place to systematically store software bill of materials (SBOM) documents.☆46Updated last year