OpenSSF Best Practices Badge Program

Get Your Badge Now!

The Open Source Security Foundation (OpenSSF) Best Practices badge is a way for Free/Libre and Open Source Software (FLOSS) projects to show that they follow best practices. Projects can voluntarily self-certify, at no cost, by using this web application to explain how they follow each best practice. The OpenSSF Best Practices Badge is inspired by the many badges available to projects on GitHub. Consumers of the badge can quickly assess which FLOSS projects are following best practices and as a result are more likely to produce higher-quality secure software.

You can easily see the criteria for the passing badge. More information on the OpenSSF Best Practices Badging program is available on GitHub. Project statistics and criteria statistics are available. The projects page shows participating projects and supports queries (e.g., you can see projects that have a passing badge). You can also see an example (where we try to earn our own badge). This project was formerly known as the Core Infrastructure Initiative (CII) Best Practices badge. and was originally developed under the CII. It is now part of the OpenSSF Best Practices Working Group (WG). The OpenSSF is a foundation of the Linux Foundation (LF). The project was formally renamed from "CII Best Practices badge" on 2021-12-24.

Privacy and legal issues: Please see our privacy policy, about cookies, and terms of use. The code for the badging application itself is released under the MIT license (projects pursuing a badge are under their respective licenses). All publicly-available non-code content managed by the badging application is released under at least the Creative Commons Attribution License version 3.0 (CC-BY-3.0); newer non-code content is released under CC-BY version 3.0 or later (CC-BY-3.0+). If referencing collectively or not otherwise noted, please credit the OpenSSF Best Practices badge contributors.

Please share this: