The Open Source Security Foundation (OpenSSF) Best Practices badge is a way for Free/Libre and Open Source Software (FLOSS) projects to show that they follow best practices. Projects can voluntarily self-certify, at no cost, by using this web application to explain how they follow each best practice. The OpenSSF Best Practices Badge is inspired by the many badges available to projects on GitHub. Consumers of the badge can quickly assess which FLOSS projects are following best practices and as a result are more likely to produce higher-quality secure software.
You can easily see the criteria for the passing badge. Automated analysis will determine many of the criteria answers for you (and prevent obviously incorrect answers). More information on the OpenSSF Best Practices Badging program is available on GitHub. Project statistics and criteria statistics are available. The projects page shows participating projects and supports queries (e.g., you can see projects that have a passing badge). You can also see an example (where we try to earn our own badge). This project was formerly known as the Core Infrastructure Initiative (CII) Best Practices badge. and was originally developed under the CII. It is now part of the OpenSSF Best Practices Working Group (WG). The OpenSSF is a foundation of the Linux Foundation (LF). The project was formally renamed from "CII Best Practices badge" on 2021-12-24.
Privacy and legal issues: Please see our privacy policy, about cookies, and terms of use. The code for the badging application itself is released under the MIT license (projects pursuing a badge are under their respective licenses). All publicly-available non-code content managed by the badging application that was added or edited after 2024-08-23 is released under the Community Data License Agreement – Permissive, Version 2.0 (CDLA-Permissive-2.0). Previous contributions were licensed under either the Creative Commons Attribution License version 3.0 (CC-BY-3.0), or as CC-BY version 3.0 or later (CC-BY-3.0+). If referencing collectively or not otherwise noted, please credit the OpenSSF Best Practices badge contributors.