This repository contains documentation and metadata for the Open Source Security Foundation (OpenSSF) community governance groups.
For a complete listing of all groups, see the group list.
The OpenSSF community is organized into four types of groups:
- Working Groups (WGs) -- Primary organizational units focused on delivering guides, specifications, and frameworks for open source security.
- Projects -- Technical initiatives focused on the development of open source software, tools, and specifications. Projects report to a Working Group or directly to the Technical Advisory Council (TAC).
- Special Interest Groups (SIGs) -- Bounded-duration groups focused on specific topics, reporting to a Working Group.
- Committees -- Board-level groups handling non-technical matters such as budget, marketing, and public policy. Committees report to the Governing Board.
Working Groups and Projects progress through lifecycle stages:
| Stage | Description |
|---|---|
| Sandbox | Early stage, exploring viability |
| Incubating | Active development, growing adoption |
| Graduated | Mature, widely adopted |
| Archived | No longer actively maintained |
All governance group metadata is stored in a single source of truth:
groups.yaml.
A Go-based generator reads this file and produces:
- A
README.mdfor each group directory (e.g.,wg-best-practices/README.md) - A master
group-list.mdlisting all groups
Do not edit generated README files directly. Instead, edit groups.yaml
and run make generate.
Each generated README includes markers for custom content that will be preserved across regenerations:
<!-- BEGIN CUSTOM CONTENT -->
Your custom content here
<!-- END CUSTOM CONTENT -->- Go 1.26 or later
make generatemake testmake verifyWHAT=wg-best-practices make generateSee CONTRIBUTING.md for details on how to contribute to this repository.
This project is licensed under the Apache License 2.0 - see the LICENSE file for details.