Need help with wg-security-tooling?
Click the “chat” button below for chat support from the developer who created it, or find similar developers for support.

About the developer

186 Stars 21 Forks Apache License 2.0 30 Commits 3 Opened issues


OpenSSF Security Tooling Working Group

Services available


Need anything else?

Contributors list

OSSF Security Tooling

Anyone is welcome to join our open discussions related to the group's mission and charter.


Most developers are not security experts and even the most seasoned developers, security experts or not, make mistakes. Tools can be used to help weed out security defects allowing developers to focus on the features they want to develop.


Our mission is to Identify, Evaluate, Improve, Develop & Ease Deployment of universally-accessible, developer focused tooling to help the open source community secure their code. This space allows members to collaborate together on these goals.

  • Identify - There are a large number of tools that developers can utilize in various development environments. We need to ensure we understand the options available.
  • Evaluate - Some tools are better than others. We need to ensure quality tools are available to the open source community.
  • Improve - Some tools need just a little bit of help to offer the best solution. We need to, where possible, contribute to improve those tools.
  • Develop - Despite the large number of tools available, there are still large areas of the security problem space that do not have tools to help developers find issues. We will develop those tools where there is interest and bandwidth.
  • Ease Deployment - Most critically, open source developers need to know what tools they should be using and how to easily integrate them into their development process. Unless developers have an easy way to drop in security tooling, it is unlikely to be included. We will provide this information to open source developers.


Our vision is to improve the perception of security in open source software.


The outlines the scope and governance of our group activities.


Meeting times

Google Meet every other Tuesday at 16:00 GMT from Aug 11.

The meeting invite is available on the public OSSF calendar.

Active projects

CVE benchmarking initiative

OSS Fuzzing

DAST scanning and web application definition

CodeQL rules

  • Coming

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.