OpenSSF ORBIT Working Group

ORBIT: Open Resources for Baselines, Interoperability, and Tooling

The ORBIT Working Group (WG) is a Sandbox-level group within the Open Source Security Foundation (OpenSSF).

ORBIT exists to develop and maintain interoperable resources for the identification and presentation of security-relevant data. It provides a home for collaborative activities, best practice definitions, documentation, testing, integration, and other artifacts supporting the mission.

---

flowchart TD

    BPB(OpenSSF
    Best Practices Badge)
    LFXInsights(LFX Insights
    Security & Best Practices)

    subgraph ORBIT Working Group

        subgraph OSPS
            Assessments(Security Assessments)
            CopyPasta(Security CopyPasta)
            Baseline(Security Baseline)
        end

        subgraph Gemara
            GemaraSDK(Implementation SDK)
            GemaraLexicon(GRC Engineering Lexicon)
            GemaraSchemas(GRC Asset Schemas)
        end

        SecurityInsights(Security Insights)
        subgraph Minder
        MinderPlatform(Platform)
        minder-rules(minder-rules)
        end

        pvtr[GitHub Repo
        Privateer Plugin]
        click pvtr "https://github.com/revanite-io/pvtr-github-repo?tab=readme-ov-file#readme"

    end

    BPB -->| references | Baseline
    Baseline --> | references | Assessments & CopyPasta
    MinderPlatform -->|evaluates| minder-rules
    minder-rules -->|reads| SecurityInsights
    GemaraSchemas -->| provides structure| Baseline
    pvtr -->|reads | SecurityInsights
    GemaraSDK -->|provides logic |pvtr
    LFXInsights -->|uses |pvtr
    Baseline -->| defines requirements | pvtr & minder-rules
    GemaraLexicon -->| provides common language | OSPS

    click LFXInsights "https://insights.linuxfoundation.org/"
    click Assessments "https://github.com/ossf/security-assessments?tab=readme-ov-file#readme"
    click Baseline "https://baseline.openssf.org"
    click BPB "https://openssf.org/projects/best-practices-badge/"
    click GemaraSDK "https://gemara.openssf.org/implementation/#go-sdk"
    click GemaraSchemas "https://gemara.openssf.org/implementation/#layer-schemas"
    click GemaraLexicon "https://gemara.openssf.org/lexicon/"
    click SecurityInsights "https://github.com/ossf/security-insights?tab=readme-ov-file#readme"
    click MinderPlatform "https://github.com/mindersec/minder?tab=readme-ov-file#readme"
    click minder-rules "https://github.com/mindersec/minder-rules-and-profiles?tab=readme-ov-file#readme"

Loading

The group is open to participation from anyone who abides by the Contributor Covenant Code of Conduct 2.0 (OpenSSF member or not).

Review the WG's mission and scope for more details.

Quick Start

1. Star this repository to stay updated
2. Review the active technical initiatives to see where you can contribute
3. Join Slack and introduce yourself
4. Join a working group meeting
   • Add the ORBIT WG meeting to your calendar
   • Meeting Notes

Governance

The WG is governed by a Technical Steering Committee (TSC) composed of the leads from the active technical initiatives.

Review the WG charter for information about operational policies, trademarks, and intellectual property licensing.