🏆Open Source Security Foundation (OpenSSF) Best Practices Badge (formerly Core Infrastructure Initiative (CII) Best Practices Badge)

GitGoat is an open source tool that was built to enable DevOps and Engineering teams to design and implement a sustainable misconfiguration prevention strategy. It can be used to test products with access to GitHub repositories without a risk to your production environment.

A compilation of Software Supply Chain Security resources including initiatives, standards, regulations, organizations, vendors, tooling, books, articles and a plethora of learning resources from the web.

Format agnostic SBOM tooling

From the Linux Foundation office in New York City, welcome to "The Untold Stories of Open Source". Each week we explore the people who are supporting Open Source projects, how they became involved with it, and the problems they faced along the way.

Tool for visualizing the Open SSF Scorecard Api data in a human friendly way

Node.js SDK for OpenSSF scorecard

One CLI to guard any OSS project with OpenSSF security best practices — bootstrap, scan, and monitor.

Supply chain risk scorer for npm and PyPI — single-maintainer CRITICAL flags before attacks happen

OpenSSF Dashboard allows you to check the OpenSSF scorecards for entire organisations and users on GitHub or Gitlab.

Agent Skill for enterprise readiness assessment - security, quality, and automation | Claude Code compatible

Track NodeSecure organization issues

OSSGuard Node.js implementation — TypeScript CLI (npx ossguard)

OSSGuard Python implementation — reference CLI with Rich UI (pip install ossguard)

Azure Pipelines Task for OpenSSF Scorecard

OpenSSF `criticality_score` tool in a container.

Predict the next supply chain attack.

Implementation of https://devopsroadmap.io/projects/hivebox/

Local-first TUI for auditing AI agent state, MCP config, and dotfiles backup safety

OSSGuard Go implementation — single static binary for CI pipelines (brew install)