🏆Open Source Security Foundation (OpenSSF) Best Practices Badge (formerly Core Infrastructure Initiative (CII) Best Practices Badge)
-
Updated
Jul 9, 2026 - Ruby
🏆Open Source Security Foundation (OpenSSF) Best Practices Badge (formerly Core Infrastructure Initiative (CII) Best Practices Badge)
GitGoat is an open source tool that was built to enable DevOps and Engineering teams to design and implement a sustainable misconfiguration prevention strategy. It can be used to test products with access to GitHub repositories without a risk to your production environment.
Format agnostic SBOM tooling
A compilation of Software Supply Chain Security resources including initiatives, standards, regulations, organizations, vendors, tooling, books, articles and a plethora of learning resources from the web.
From the Linux Foundation office in New York City, welcome to "The Untold Stories of Open Source". Each week we explore the people who are supporting Open Source projects, how they became involved with it, and the problems they faced along the way.
Approvable, local-first AI coding agent for regulated teams: policy controls, governed MCP, evidence packs, audit trails, secure remediation, and any OpenAI-compatible model.
Tool for visualizing the Open SSF Scorecard Api data in a human friendly way
Hawkeye Agent is an enterprise-grade, AI-native security guardrail that evaluates open-source packages in milliseconds. It gives you a definitive verdict on license compliance, known vulnerabilities (CVE/CVSS), OpenSSF Scorecard health, and deep transitive dependencies (SBOM).
OpenSSF Dashboard allows you to check the OpenSSF scorecards for entire organisations and users on GitHub or Gitlab.
Agent Skill for enterprise readiness assessment - security, quality, and automation | Claude Code compatible
Track NodeSecure organization issues
90-tool MCP server for software supply chain security — OSV, GHSA, NVD, EPSS, CISA KEV, npm, PyPI, crates.io, RubyGems, NuGet, Packagist, Go, deps.dev, Scorecard, Rekor, ClearlyDefined, Repology, typosquatting detection
Open-source cryptographic substrate for AI Decision Receipts. Every AI invocation produces a signed, hash-chained, regulator-verifiable receipt. Apache-2.0.
Azure Pipelines Task for OpenSSF Scorecard
Compliance gateway for AI-generated code. Signed AIBOMs per PR, tamper-evident ledger, policy-as-code gates that block changes violating your rules before they merge.
Secure-by-default governance bundle for GitHub Spec Kit.
Add a description, image, and links to the openssf topic page so that developers can more easily learn about it.
To associate your repository with the openssf topic, visit your repo's landing page and select "manage topics."