ossf / wg-metrics-and-metadataView external linksLinks
The purpose of the Metrics & Metadata (formerly Identifying Security Threats) working group is to enable stakeholders to have informed confidence in the security of open source projects. We do this by collecting, curating, and communicating relevant metrics and metadata from open source projects and the ecosystems of which they are a part.
☆223Apr 23, 2024Updated last year
Alternatives and similar repositories for wg-metrics-and-metadata
Users that are interested in wg-metrics-and-metadata are comparing it to the libraries listed below
Sorting:
- OpenSSF Security Tooling Working Group☆320Jul 6, 2025Updated 7 months ago
- The OpenSSF Vulnerability Disclosures Working Group seeks to help improve the overall security of the open source software ecosystem by h…☆211Feb 4, 2026Updated last week
- Our objective is to enable open source maintainers, contributors and end-users to understand and make decisions on the provenance of the …☆196Jan 15, 2026Updated last month
- Collect, curate, and communicate relevant security metrics for open source projects.☆63Mar 13, 2024Updated last year
- Helping allocate resources to secure the critical open source projects we all depend on.☆383May 8, 2025Updated 9 months ago
- The Best Practices for OSS Developers working group is dedicated to raising awareness and education of secure code best practices for ope…☆989Updated this week
- A community collection of security reviews of open source software components.☆96Feb 29, 2024Updated last year
- Technical Advisory Council☆134Feb 9, 2026Updated last week
- OpenSSF Endusers Working Group☆28Mar 21, 2024Updated last year
- OpenSSF Working Group on Securing Software Repositories☆127Dec 18, 2025Updated last month
- OpenSSF Governance and Legal Docs☆74Sep 9, 2025Updated 5 months ago
- Report missing advisories and corrections on OSS Index☆17Jan 19, 2023Updated 3 years ago
- ☆26Jun 10, 2025Updated 8 months ago
- Supply Chain Query Tool☆13May 25, 2022Updated 3 years ago
- Kilt is a project that defines how to inject foreign apps into containers☆13Dec 15, 2023Updated 2 years ago
- OpenSSF Scorecard - Security health metrics for Open Source☆5,263Updated this week
- A guide on coordinated vulnerability disclosure for open source projects. Includes templates for security policies (security.md) and disc…☆135Nov 15, 2025Updated 3 months ago
- AIBOM Workshop RSA 2024☆15May 20, 2024Updated last year
- This is a POC repository showing how a Kubernetes Admission Controller can be made irrelevant when verifying container image signatures☆12Dec 21, 2022Updated 3 years ago
- OpenSSF Project Template☆22Nov 29, 2023Updated 2 years ago
- Go client and SDK for Falco☆55Jan 19, 2026Updated 3 weeks ago
- THOR APT Scanner User Manual☆20Jan 30, 2026Updated 2 weeks ago
- Secure Software Development Fundamentals courses (from the OpenSSF Best Practices WG)☆200Dec 22, 2025Updated last month
- ☆30Feb 2, 2026Updated 2 weeks ago
- Software Component Verification Standard (SCVS)☆155Apr 1, 2025Updated 10 months ago
- DPE - Default Password Enumeration☆36Jun 3, 2013Updated 12 years ago
- Supply-chain Levels for Software Artifacts☆1,809Updated this week
- Knative common scripts.☆24Updated this week
- Open Source Vulnerability schema.☆232Feb 9, 2026Updated last week
- Feed parsing for language package manager updates☆81Dec 4, 2024Updated last year
- Implementation of draft-irtf-cfrg-hpke☆30May 11, 2023Updated 2 years ago
- Witness is a pluggable framework for software supply chain risk management. It automates, normalizes, and verifies software artifact pro…☆514Updated this week
- TUF repository for Sigstore trust root☆118Updated this week
- GitHub App to set and enforce security policies☆1,391Feb 9, 2026Updated last week
- ☆44Aug 26, 2025Updated 5 months ago
- The Great Multi-Factor Authentication (MFA) Distribution Project of the Open Source Security Foundation (OpenSSF). We work to distribute …☆55Dec 28, 2021Updated 4 years ago
- Evangelizing the mission and work of the OpenSSF and building strong community outreach around end-users, open-source maintainers, and co…☆23May 2, 2024Updated last year
- Open Source Package Analysis☆863Apr 16, 2025Updated 10 months ago
- Sigstore OIDC PKI☆798Feb 10, 2026Updated last week