| CARVIEW |
Select Language
HTTP/2 301
access-control-allow-headers: Content-Type, Authorization
access-control-allow-methods: GET,POST
access-control-allow-origin: *
cache-control: max-age=3600
content-security-policy: default-src 'none'; script-src 'nonce-d892ca40f4' 'strict-dynamic';script-src-elem 'self' 'nonce-d892ca40f4' *.hsforms.net *.hs-scripts.com *.googletagmanager.com *.google.com *.osano.com *.hubspot.com *.hsadspixel.net *.hscollectedforms.net *.hsleadflows.net *.hs-banner.com *.facebook.net js.zi-scripts.com ws.zoominfo.com tags.clickagy.com ws-assets.zoominfo.com schedule.zoominfo.com api.schedule.zoominfo.com *.buzzsprout.com snap.licdn.com *.google-analytics.com *.hs-analytics.net *.usemessages.com googleads.g.doubleclick.net js-agent.newrelic.com https://www.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com https://cdnjs.cloudflare.com/ajax/libs/slick-carousel/1.9.0/slick.js;style-src 'unsafe-inline' 'self' *.fontawesome.com fonts.googleapis.com https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com *.osano.com https://cdn.jsdelivr.net/jquery.slick/1.3.15/slick.css; object-src 'self' *.osano.com; base-uri 'self'; connect-src 'self' api-gw.platform.linuxfoundation.org js.zi-scripts.com *.hsforms.com *.hscollectedforms.net analytics.google.com *.google-analytics.com *.hubspot.com *.doubleclick.net *.hubapi.com *.linkedin.com *.osano.com aorta.clickagy.com hemsync.clickagy.com ws.zoominfo.com api.schedule.zoominfo.com *.googleadservices.com www.googletagmanager.com *.google.com js-agent.newrelic.com; font-src 'self' data: *.fontawesome.com fonts.gstatic.com; frame-src 'self' *.osano.com *.hsforms.com *.youtube.com *.google.com *.openssf.org *.landscape2.io *.buzzsprout.com aorta.clickagy.com hemsync.clickagy.com *.doubleclick.net zoom-lfx.platform.linuxfoundation.org; img-src 'self' data: *.buzzsprout.com *.hsforms.com *.hubspot.com *.hubspot.net *.linkedin.com *.ads.linkedin.com secure.gravatar.com *.w.org *.google.com *.google-analytics.com *.facebook.com *.linuxfoundation.org https://googletagmanager.com https://www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://fonts.gstatic.com *.amazonaws.com;manifest-src 'self'; media-src 'self'; worker-src blob: *.osano.com; frame-ancestors 'self'; form-action 'self' *.hsforms.com;
content-type: text/html; charset=UTF-8
cross-origin-embedder-policy: unsafe-none; report-to='default'
cross-origin-embedder-policy-report-only: unsafe-none; report-to='default'
cross-origin-opener-policy: unsafe-none
cross-origin-opener-policy-report-only: unsafe-none; report-to='default'
cross-origin-resource-policy: cross-origin
expires: Thu, 25 Dec 2025 15:34:38 GMT
location: https://openssf.org/resources/guides/
permissions-policy: browsing-topics=(), accelerometer=(), autoplay=(), camera=(), cross-origin-isolated=(), display-capture=(self), encrypted-media=(), fullscreen=*, geolocation=(self), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), payment=*, picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), xr-spatial-tracking=(), gamepad=(), serial=()
referrer-policy: strict-origin-when-cross-origin
server: nginx
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-security-policy: default-src 'self'; img-src *; media-src * data:;
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-pantheon-styx-hostname: styx-fe3-b-576d655bff-c8mjr
x-permitted-cross-domain-policies: none
x-redirect-by: WordPress
x-styx-req-id: d74613c0-e19e-11f0-ad1e-8e8bc29b4c3d
x-xss-protection: 1; mode=block
age: 0
accept-ranges: bytes
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Thu, 25 Dec 2025 14:34:38 GMT
x-served-by: cache-chi-klot8100159-CHI, cache-bom-vanm7210096-BOM, cache-bom-vanm7210027-BOM, cache-bom-vanm7210027-BOM
x-cache: MISS, MISS, MISS, MISS
x-cache-hits: 0, 0, 0, 0
x-timer: S1766673278.001071,VS0,VE936
vary: Cookie, Cookie
content-length: 0
HTTP/2 200
access-control-allow-headers: Content-Type, Authorization
access-control-allow-methods: GET,POST
access-control-allow-origin: *
cache-control: public, max-age=60, s-maxage=43200, stale-while-revalidate=86400, stale-if-error=604800
content-encoding: gzip
content-security-policy: default-src 'none'; script-src 'nonce-853ba12746' 'strict-dynamic';script-src-elem 'self' 'nonce-853ba12746' *.hsforms.net *.hs-scripts.com *.googletagmanager.com *.google.com *.osano.com *.hubspot.com *.hsadspixel.net *.hscollectedforms.net *.hsleadflows.net *.hs-banner.com *.facebook.net js.zi-scripts.com ws.zoominfo.com tags.clickagy.com ws-assets.zoominfo.com schedule.zoominfo.com api.schedule.zoominfo.com *.buzzsprout.com snap.licdn.com *.google-analytics.com *.hs-analytics.net *.usemessages.com googleads.g.doubleclick.net js-agent.newrelic.com https://www.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com https://cdnjs.cloudflare.com/ajax/libs/slick-carousel/1.9.0/slick.js;style-src 'unsafe-inline' 'self' *.fontawesome.com fonts.googleapis.com https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com *.osano.com https://cdn.jsdelivr.net/jquery.slick/1.3.15/slick.css; object-src 'self' *.osano.com; base-uri 'self'; connect-src 'self' api-gw.platform.linuxfoundation.org js.zi-scripts.com *.hsforms.com *.hscollectedforms.net analytics.google.com *.google-analytics.com *.hubspot.com *.doubleclick.net *.hubapi.com *.linkedin.com *.osano.com aorta.clickagy.com hemsync.clickagy.com ws.zoominfo.com api.schedule.zoominfo.com *.googleadservices.com www.googletagmanager.com *.google.com js-agent.newrelic.com; font-src 'self' data: *.fontawesome.com fonts.gstatic.com; frame-src 'self' *.osano.com *.hsforms.com *.youtube.com *.google.com *.openssf.org *.landscape2.io *.buzzsprout.com aorta.clickagy.com hemsync.clickagy.com *.doubleclick.net zoom-lfx.platform.linuxfoundation.org; img-src 'self' data: *.buzzsprout.com *.hsforms.com *.hubspot.com *.hubspot.net *.linkedin.com *.ads.linkedin.com secure.gravatar.com *.w.org *.google.com *.google-analytics.com *.facebook.com *.linuxfoundation.org https://googletagmanager.com https://www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://fonts.gstatic.com *.amazonaws.com;manifest-src 'self'; media-src 'self'; worker-src blob: *.osano.com; frame-ancestors 'self'; form-action 'self' *.hsforms.com;
content-type: text/html; charset=UTF-8
cross-origin-embedder-policy: unsafe-none; report-to='default'
cross-origin-embedder-policy-report-only: unsafe-none; report-to='default'
cross-origin-opener-policy: unsafe-none
cross-origin-opener-policy-report-only: unsafe-none; report-to='default'
cross-origin-resource-policy: cross-origin
link: ; rel="alternate"; title="JSON"; type="application/json"
link: ; rel=shortlink
permissions-policy: browsing-topics=(), accelerometer=(), autoplay=(), camera=(), cross-origin-isolated=(), display-capture=(self), encrypted-media=(), fullscreen=*, geolocation=(self), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), payment=*, picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), xr-spatial-tracking=(), gamepad=(), serial=()
referrer-policy: strict-origin-when-cross-origin
server: nginx
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-security-policy: default-src 'self'; img-src *; media-src * data:;
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-pantheon-styx-hostname: styx-fe3-a-779bbcb77d-l4lgc
x-permitted-cross-domain-policies: none
x-styx-req-id: 3c897b27-e154-11f0-a1d3-82e77b01856e
x-tec-api-origin: https://openssf.org
x-tec-api-root: https://openssf.org/wp-json/tribe/events/v1/
x-tec-api-version: v1
x-xss-protection: 1; mode=block
age: 32043
accept-ranges: bytes
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Thu, 25 Dec 2025 14:34:39 GMT
x-served-by: cache-chi-klot8100065-CHI, cache-bom-vanm7210081-BOM, cache-bom-vanm7210027-BOM, cache-bom-vanm7210027-BOM
x-cache: HIT, MISS, MISS, MISS
x-cache-hits: 16, 0, 0, 0
x-timer: S1766673279.958383,VS0,VE229
vary: Accept-Encoding, Cookie, Cookie
content-length: 25952
OpenSSF Guides – Open Source Security Foundation
Guides produced by OpenSSF Working Groups to help make open source more secure.
Translation of guides into Japanese.
Improving Risk Management Decisions with SBOM Data
Use this paper to turn SBOM information into clear, repeatable decisions across engineering, security, legal, and operations.
Security-Focused Guide for AI Code Assistant Instructions
AI code assistants can significantly speed up development. However, they need guidance to produce secure and robust code. This guide explains how to improve the security of their results by creating custom prompts or custom instructions.
Visualizing Secure MLOps (MLSecOps): A Practical Guide for Building Robust AI/ML Pipeline Security
This whitepaper introduces a practical, visual framework for integrating security across the machine learning lifecycle. Built for practitioners, it draws on proven DevSecOps strategies and adapts them for AI/ML environments.
Cyber Resilience Act (CRA) Brief Guide for OSS Developers
Understand how the EU’s Cyber Resilience Act affects open source software with this practical, easy-to-read guide. Developed by the OpenSSF Global Cyber Policy and Best Practices working groups, this resource helps OSS developers and contributors navigate key CRA concepts — what applies, what doesn’t, and when commercial activity changes the rules. Note: This guide is informational and not legal advice.
Simplifying Software Component Updates
This document guides component creators and component users to simplify updates and help avoid backward incompatibility problems when updating. A key technique is for component developers to avoid creating backward incompatibilities wherever practical. Backward-incompatible changes to an application programmer interface (API) often lead to unaddressed security vulnerabilities.
Correctly Using Regular Expressions for Secure Input Validation
Guide for correctly using regular expressions for secure input validation, countering some common errors and omissions.
Principles for Package Repository Security
A framework for package repositories to assess their current security capabilities and to help roadmap future improvements.
Compiler Options Hardening Guide for C and C++
A guide aims to empower developers with the expertise and resources to build more secure C and C++ applications.
Guide to becoming a CVE Numbering Authority as an Open Source project
A guide for Open Source projects that are interested in issuing and managing their own CVE IDs through the CVE Numbering Authority (CNA) program.
Source Code Management Best Practices Guide
Guide for securing and implementing best practices for SCM platforms, including GitHub and GitLab.
Concise Guide for Developing More Secure Software
Concise guide for all software developers for software development, building, and distribution.
Concise Guide for Evaluating Open Source Software
As a software developer, before using open source software (OSS) dependencies or tools, identify candidates and evaluate the leading ones against your needs.
Guidance for Security Researchers to Coordinate Vulnerability Disclosures with Open Source Software Projects
Intended to help security researchers (aka “Finders”) engage with open source software (OSS) project maintainers to kick off and participate in the coordinated vulnerability response process.
npm Best Practices Guide
Aims to be an all-inclusive document explaining the security supply-chain best practices when using npm’s package manager.
Guide to Implementing a Coordinated Vulnerability Disclosure Process for Open Source Projects
Intended to help open source project maintainers create and maintain a coordinated vulnerability response process.
We envision a future where OSS is universally trusted, secure, and reliable. Join us in making open source more secure.
Get Involved
Subscribe to the OpenSSF Newsletter!
Get the latest announcements, event info, and the community news in your inbox
Copyright © 2024 The Linux Foundation® . All rights reserved. The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our Trademark Usage page. Linux is a registered trademark of Linus Torvalds. Privacy Policy and Terms of Use.