🎙️ Submit your talk for: OpenSSF Community Day Europe by July 12

OpenSSF

OpenSSF Securing Software Repositories Working Group: Repositories, Registries, and Tools

The OpenSSF Securing Software Repositories Working Group focuses on the maintainers of software repositories, software registries, and the tools that rely on them. By repositories, we include all platforms where software is developed, including GitHub and other platforms. By registries, we include platforms such as package registries and other ways to distribute software artifacts. We…

Submit to Speak at OpenSSF Day Japan

We are pleased to announce that OpenSSF Day Japan will be taking place on December 4, 2023 at the Ariake Central Tower Hall & Conference, colocated with Open Source Summit Japan in Tokyo, Japan. Registration is now open, and you are invited to submit your talk to the call for proposals (CFP) for OpenSSF Day…

OpenSSF Scorecard Launches v4.12 with Support for GitLab

Today, we are excited to announce OpenSSF Scorecard v4.12. This release adds support for GitLab and brings the project closer to its longer-term goal of supporting all types of hosted repositories. Previously, Scorecard has been limited to GitHub-based repositories along with some support for local Git repositories. 

Join Us in Adopting the Open Source Consumption Manifesto

By adopting a few common principles, software organizations can achieve real, measurable change in the security and health of their software supply chains. You are invited to adopt the new Open Source Consumption Manifesto (OSCM) developed by the OpenSSF’s End Users Working Group and to sign the Manifesto by adding your name and submitting a…

OpenSSF to Support DARPA on New AI Cyber Challenge (AIxCC)

The Open Source Security Foundation (OpenSSF) announced today at Black Hat 2023 its collaboration with the Defense Advanced Research Projects Agency (DARPA) on the AI Cyber Challenge (AIxCC) – a two-year competition aimed at driving innovation at the nexus of AI and cybersecurity to create a new generation of cybersecurity tools. 

OpenSSF Vulnerability Disclosures Working Group Helps Guide and Automate Handling Risk

The OpenSSF Vulnerability Disclosures Working Group aims to improve open source security by developing and advocating well-managed vulnerability reporting and communication. We do so by documenting and supporting best vulnerability disclosure and coordination practices and help share information on vulnerability information. The group is highly involved with the ecosystem and with the standards and tools…

Manage how you protect your assets at scale with SBOMs

While many in the industry realize the value of having a software bill of materials, creators still need to generate high-fidelity SBOMs, and software consumers must ingest and enforce actions based on a given SBOM for it to be a useful endeavor. Otherwise, we’re just adding more to the pile of potentially useful but not…