The purpose of the Metrics & Metadata (formerly Identifying Security Threats) working group is to enable stakeholders to have informed confidence in the security of open source projects. We do this by collecting, curating, and communicating relevant metrics and metadata from open source projects and the ecosystems of which they are a part.
☆223Apr 23, 2024Updated last year
Alternatives and similar repositories for wg-metrics-and-metadata
Users that are interested in wg-metrics-and-metadata are comparing it to the libraries listed below
Sorting:
- OpenSSF Security Tooling Working Group☆320Jul 6, 2025Updated 8 months ago
- The OpenSSF Vulnerability Disclosures Working Group seeks to help improve the overall security of the open source software ecosystem by h…☆213Feb 4, 2026Updated last month
- Our objective is to enable open source maintainers, contributors and end-users to understand and make decisions on the provenance of the …☆197Jan 15, 2026Updated last month
- Collect, curate, and communicate relevant security metrics for open source projects.☆63Mar 13, 2024Updated last year
- Helping allocate resources to secure the critical open source projects we all depend on.☆389May 8, 2025Updated 10 months ago
- The Best Practices for OSS Developers working group is dedicated to raising awareness and education of secure code best practices for ope…☆994Updated this week
- A community collection of security reviews of open source software components.☆97Feb 29, 2024Updated 2 years ago
- Technical Advisory Council☆135Updated this week
- OpenSSF Endusers Working Group☆28Mar 21, 2024Updated last year
- OpenSSF Working Group on Securing Software Repositories☆128Dec 18, 2025Updated 2 months ago
- OpenSSF Governance and Legal Docs☆75Sep 9, 2025Updated 6 months ago
- Report missing advisories and corrections on OSS Index☆17Jan 19, 2023Updated 3 years ago
- Build, edit, validate, and export CycloneDX BOMs through an intuitive browser-based interface☆14Updated this week
- ☆26Jun 10, 2025Updated 8 months ago
- ☆41Jul 9, 2020Updated 5 years ago
- Kilt is a project that defines how to inject foreign apps into containers☆13Dec 15, 2023Updated 2 years ago
- Supply Chain Query Tool☆13May 25, 2022Updated 3 years ago
- OpenSSF Scorecard - Security health metrics for Open Source☆5,290Updated this week
- A guide on coordinated vulnerability disclosure for open source projects. Includes templates for security policies (security.md) and disc…☆135Nov 15, 2025Updated 3 months ago
- OpenSSF Project Template☆23Nov 29, 2023Updated 2 years ago
- This is a POC repository showing how a Kubernetes Admission Controller can be made irrelevant when verifying container image signatures☆12Dec 21, 2022Updated 3 years ago
- AIBOM Workshop RSA 2024☆15May 20, 2024Updated last year
- Go client and SDK for Falco☆55Jan 19, 2026Updated last month
- Secure Software Development Fundamentals courses (from the OpenSSF Best Practices WG)☆200Dec 22, 2025Updated 2 months ago
- ☆31Mar 2, 2026Updated last week
- Software Component Verification Standard (SCVS)☆156Apr 1, 2025Updated 11 months ago
- DPE - Default Password Enumeration☆37Jun 3, 2013Updated 12 years ago
- Supply-chain Levels for Software Artifacts☆1,816Updated this week
- Knative common scripts.☆24Feb 12, 2026Updated 3 weeks ago
- Open Source Vulnerability schema.☆237Updated this week
- Presentations, training modules, and other education materials from Duo Security's Application Security team.☆76Jul 15, 2021Updated 4 years ago
- Implementation of draft-irtf-cfrg-hpke☆30May 11, 2023Updated 2 years ago
- QSOS repository (Method, Formats, Tools)☆27Feb 12, 2024Updated 2 years ago
- Witness is a pluggable framework for software supply chain risk management. It automates, normalizes, and verifies software artifact pro…☆518Updated this week
- Feed parsing for language package manager updates☆82Dec 4, 2024Updated last year
- TUF repository for Sigstore trust root☆120Updated this week
- GitHub App to set and enforce security policies☆1,392Mar 2, 2026Updated last week
- ☆45Aug 26, 2025Updated 6 months ago
- The Great Multi-Factor Authentication (MFA) Distribution Project of the Open Source Security Foundation (OpenSSF). We work to distribute …☆55Dec 28, 2021Updated 4 years ago