Hey everyone! 👋
I've been working on a tool that I think could help the community adopt OpenSSF best practices more easily, and I'd love your feedback.
Introducing OSSGuard — a CLI that scans any project and tells you exactly which OpenSSF security components are missing, then helps you fix them.
One command to check your security posture:
ossguard scan .
It covers Scorecard, SLSA, SBOM, Sigstore, Dependabot, CodeQL, SECURITY.md, OSPS Baseline, and more — across Python, JavaScript, Go, Rust, Java, C/C++.
27 commands including audit, init, baseline, pin, secrets, supply-chain, container, fuzz, and compare.
Install however you prefer:
pip install ossguard
brew install kirankotari/tap/ossguard
npx ossguard
go install github.com/kirankotari/ossguard-go/cmd/ossguard@latest
GitHub: https://github.com/kirankotari/ossguard
I built this because I kept seeing projects struggle to figure out what OpenSSF tooling to adopt and how to set it up. OSSGuard tries to bridge that gap — it's not a replacement for any OpenSSF project, but a unifier that makes adoption easier.
I'd really appreciate:
Trying it on your project and sharing what works / what doesn't
Feedback on which OpenSSF practices should be prioritized
Ideas for new checks or integrations
Contributions — issues and PRs are welcome!
Top comments (0)