The Open Source Security Foundation (OpenSSF) serves as the global hub for collaborative work on securing the software supply chain. Whether you’re an open-source maintainer, a security engineer, a student, or someone passionate about public digital infrastructure, OpenSSF invites you to participate. There are no gatekeepers, no matter where you work. This community is open,…
Earlier this summer, Eman Abu Ishgair had the privilege of attending the Open Source Summit North America 2025 in Denver — one of the largest gatherings of open source contributors, maintainers, researchers, and advocates. Even more exciting: I participated as a speaker, volunteer, and a new community member during the OpenSSF Community Day, the co-located…
Welcome to the July 2025 edition of the OpenSSF Newsletter! Here’s a roundup of the latest developments, key events, and upcoming opportunities in the Open Source Security community. TL;DR: Call...
At the Open Source Security Foundation (OpenSSF), our mission to secure open source software is global—and nowhere is this more vital than in India, home to one of the largest and fastest-growing developer populations in the world. As open source contributions surge across the subcontinent, so too must awareness of secure development practices. That’s why…
OpenSSF Community Day Japan returned to Tokyo for its third consecutive year in 2025, bringing together a diverse group of developers, researchers, government representatives, and industry experts to focus on securing the open source ecosystem.
The GUAC project is proud to announce the release of GUAC 1.0. GUAC — which stands for “Graph for Understanding Artifact Composition” is an OpenSSF incubating project that brings understanding and insights to the software supply chain. Started by Kusari, Google, and Purdue University, GUAC has contributions from over 400 people representing more than 90…
CI/CD pipelines are increasingly becoming high-value targets for attackers. With access to secrets, source code, and infrastructure, they offer a direct route to supply chain compromise. The recent breaches involving tj-actions/changed-files and reviewdog/action-setup are not just isolated events, they are harbingers of a new generation of CI/CD-targeted supply chain attacks.Â
We’re pleased to share that gittuf, a platform-agnostic Git security framework, has officially progressed to the Incubating Project stage under the Open Source Security Foundation (OpenSSF). This marks a major milestone in gittuf’s development and recognizes the project’s technical progress, community growth, and alignment with the broader mission of strengthening the open source software supply…
The Open Source Security Foundation (OpenSSF) is proud to share that the Repository Service for The Update Framework (RSTUF) has completed a successful third-party security audit—marking a key milestone on its path to a stable 1.0.0 release.
The Cloud Native Computing Foundation (CNCF) and the Open Source Security Foundation (OpenSSF) are thrilled to introduce Open Source SecurityCon 2025—a premier event focused on strengthening cloud-native and open source software security.
