Guest blog opportunities are open to members, with limited exceptions for active contributors and thought leaders. Share your insights on open source security with our community.
OpenSSF Blog
Aug 15, 2024 |
In Blog
GUAC v0.8.0 Released
GUAC v0.8.0 is now available. This release brings support for license information, node deletion, and many other improvements. Read more.
Aug 14, 2024 |
In Blog
Announcing SigstoreCon: Supply Chain Day!
Join us for SigstoreCon: Supply Chain Day! Co-located with Kubecon NA 2024 in Salt Lake City, attendees will learn about simplifying signing and verification for digital artifacts using Sigstore, as well as related software supply chain efforts such as SLSA, The Update Framework, binary transparency, and more! CFP deadline is September 13. Read more.
Aug 12, 2024 |
In Blog
Mitigating Attack Vectors in GitHub Workflows
GitHub Actions are commonly used to automate processes in repositories, by running CI (continuous integration) tests on pull requests for example. It can also be used to make a package release process more secure just by making it automated. But, it is important to be careful to ensure that they… Read more.
Aug 8, 2024 |
In Blog
Call for Proposals: SOSS Community Day Japan 2024
We are excited to announce that the OpenSSF is hosting Security of Open Source Software (SOSS) Community Day Japan 2024, scheduled for Wednesday, October 30, 2024. This one-day event will take place in Tokyo, Japan, and the call for proposals (CFP) is now open. Read more.
Aug 8, 2024 |
In Blog
What’s Next for Open Source? Workshop Highlights and Calls to Action to Inspire Progress for Global Sustainability
In July, a historic moment took place for open source, where it took center stage at the two-day "OSPOs for Good" symposium at the United Nations. Co-hosted by Kenya and Germany, experts from the worlds of open source, government, and NGOs came together to learn and share how open source is… Read more.
Aug 6, 2024 |
In Blog
OSS Security Adventure: Recap of Recent Security-Focused Events Featuring OpenSSF
In July, Open Source Security Foundation (OpenSSF) participated in three key events that highlight its dedication to enhancing open source software security for the global public good: the United Nations OSPOs for Good 2024 Conference and the What’s Next for Open Source? Workshops both in New York City, as well… Read more.
Aug 5, 2024 |
New Guide for Package Repositories to Adopt Trusted Publishers
By Seth Michael Larson The Open Source Security Foundation (OpenSSF) Securing Software Repositories Working Group (WG) has just released a new guide for maintainers of open source software repositories. The guide details a new security capability named “Trusted Publishers” which utilizes the OpenID Connect standard (OIDC) to authenticate with a… Read more.
Jul 31, 2024 |
Neo Malware: Malicious Open Source Packages
Malware is at the top of the list among things that keep security and development organizations on edge. Read more.
Jul 31, 2024 |
How to Make Programming Language Package Repositories More Secure
Open source package repositories (like npm, PyPI, RubyGems, and others) serve out billions of packages per day. Most of the software we all use includes packages from these repositories, making them a critical part of securing software. Read more.
Jul 30, 2024 |
Datadog Joins Open Source Security Foundation (OpenSSF)
OpenSSF Welcomes Datadog as Premier Member Read more.