OpenSSF website screenshot

OpenSSF

The Open Source Security Foundation (OpenSSF) is a collaborative initiative under the Linux Foundation dedicated to improving the security of open source software. It brings together industry leaders, developers, and security experts to address vulnerabilities, enhance supply chain security, and develop security tools and best practices. OpenSSF stewards a number of projects with public REST APIs, including the OSV (Open Source Vulnerabilities) database, the Scorecard automated security health-check service, and Sigstore signing infrastructure.

4 APIs 0 Features
Linux FoundationOpen SourceSecuritySupply ChainVulnerabilities

APIs

OSV (Open Source Vulnerabilities) API

OSV is an OpenSSF-hosted distributed vulnerability database and query infrastructure. The OSV API at api.osv.dev exposes vulnerability records keyed to specific package versions...

OpenSSF Scorecard API

The OpenSSF Scorecard API returns automated security health metrics for public open source repositories. Scorecard runs a series of checks (e.g., Branch-Protection, Code-Review,...

Sigstore Public Good APIs

Sigstore is an OpenSSF-hosted standard and service for signing, verifying, and protecting software. The public-good Sigstore instance exposes Fulcio (code-signing certificate au...

GUAC (Graph for Understanding Artifact Composition)

GUAC aggregates software supply-chain security metadata (SBOMs, attestations, vulnerabilities, signatures) into a queryable graph. GUAC exposes a GraphQL API for supply-chain qu...

Collections

GraphQL

OpenSSF GraphQL API

GUAC aggregates software supply-chain security metadata (SBOMs, attestations, vulnerabilities, signatures) into a queryable graph. GUAC exposes a GraphQL API for supply-chain qu...

GRAPHQL

Pricing Plans

Openssf Plans Pricing

3 plans

PLANS

Rate Limits

Openssf Rate Limits

5 limits

RATE LIMITS

FinOps

Semantic Vocabularies

Openssf Context

7 classes · 0 properties

JSON-LD

Resources

🔗
LinkedIn
LinkedIn
🔗
Website
Website
🔗
Documentation
Documentation
🌐
Portal
Portal
📰
Blog
Blog
👥
GitHubOrganization
GitHubOrganization
👥
GitHubRepository
GitHubRepository
👥
GitHubRepository
GitHubRepository
👥
GitHubOrganization
GitHubOrganization
🔗
License
License
🔗
Community
Community
🔗
Slack
Slack

Sources

Raw ↑
opencollection: 1.0.0
info:
  name: OpenSSF Scorecard API
  version: '1'
items:
- info:
    name: Get Scorecard report for a repository
    type: http
  http:
    method: GET
    url: https://api.securityscorecards.dev/projects/:platform/:org/:repo
    params:
    - name: platform
      value: ''
      type: path
    - name: org
      value: ''
      type: path
    - name: repo
      value: ''
      type: path
    - name: commit
      value: ''
      type: query
      description: Optional commit hash to retrieve a historical report.
  docs: Return the most recent Scorecard report for a public repository on a supported source-control platform. Reports include
    the aggregate score, the date of evaluation, the Scorecard version, and per-check scores with documentation URLs.
bundled: true