Read-only git conversion of OpenBSD's official CVS src repository. Pull requests not accepted - send diffs to the tech@ mailing list.

Vulnerability Management with SBOM

SecObserve is an open source vulnerability management system for software development and cloud environments. It supports a variety of open source vulnerability scanners and integrates easily into …

Gives criticality score for an open source project

OpenSSF Endusers Working Group

User-friendly documentation for the SARIF file format.

Source documents for HOWTO on creating an SPDX NTIA minimum elements SBOM

This repository contains the reference material related to the OpenChain Project

git-repo XML manifests to setup source code directory structure for TI MCU+ SDK

A Modbus library for Linux, Mac OS, FreeBSD and Windows

A repo to conduct vulnerability enrichment.

Bandit is a tool designed to find common security issues in Python code.

Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.

Semgrep rules registry

Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.

Security Work and Manual Reviews facilitated by Open Source Technology Improvement Fund, aka OSTIF

An open source, portable, easy to use, readable and flexible TLS library, and reference implementation of the PSA Cryptography API. Releases are on a varying cadence, typically around 3 - 6 months …

'Classic' FreeRTOS distribution. Started as Git clone of FreeRTOS SourceForge SVN repo. Submodules the kernel.

Get a full fake REST API with zero coding in less than 30 seconds (seriously)

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Peach Fuzzer PIT Files

MSYS2 Docker Images

CISA CSAF Security Advisories

Secvisogram is a web tool for creating and editing security advisories in the CSAF 2.0 format

Vulnogram is a tool for creating and editing CVE information in CVE JSON format

CVE Alerting Platform

OPENSSF SECURITY INSIGHTS: Repository for development of the draft standard, where requests for modification should be made via Github Issues.

The S2C2F Project is a group working within the OpenSSF's Supply Chain Integrity Working Group formed to further develop and continuously improve the S2C2F guide which outlines and defines how to s…

OpenPLC Editor - IDE capable of creating programs for the OpenPLC Runtime

A Python library to parse, validate and create SPDX documents.