For Software Developers

by the Open Source Security Foundation (OpenSSF)

If you develop or build software, here are some ready-to-go resources from the OpenSSF to help you secure that software.

General software security education

General guides for projects

You can also see the full list of Guides released by the OpenSSF.

OSS Project Evaluation

Use these to evaluate the OSS you intend to use and to evaluate how well your OSS projects are doing.

Build protection

Specialized guides

As noted above, the OpenSSF has many guides. Here are some specialized guides:

Sigstore (digital signing)

Sigstore is a new and simpler approach for artifact signing and signature verification.

Funding of OSS projects

For more information about the OpenSSF

To learn more about the OpenSSF, please see the main OpenSSF website. From this website you can get information such as:

Getting involved in the OpenSSF

If you’re interested in helping us improve the security (including the supply chain security) of open source software, please get involved in the OpenSSF.

A good starting point would be to look at our list of OpenSSF working groups (WGs) to see what would interest you. You can click on its GitHub page to learn more about what they do and when they meet by video; you can also join their Slack channel and mailing list to participate in what they’re doing.

You can get involved with the OpenSSF in many ways. We would love to work together.