Best practices for open-source projects

Best practices for open-source projects

Learn from the OpenSSF Best Practices Badge project, earn the badge for your open-source project and show it off


2 min read

Do you work on an open-source project, and do you want to give your consumers confidence in the quality and management of your project? You can achieve this, at no cost, by getting and showing off the OpenSSF Best Practices Badge.

CII Best Practices

The Open Source Security Foundation (OpenSSF) Best Practices Badge Program allows you to self-certify how well it follows best practices.

The real goal of the OpenSSF Best Practices Badge project is to encourage projects to apply best practices, and to help users determine which FLOSS projects do so. We believe that FLOSS projects that implement best practices are more likely to produce better software, including more secure software.

You can earn one of three badges:

  • Passing focuses on best practices that well-run FLOSS projects typically already follow. Getting the passing badge is an achievement; only about 10% of projects pursuing a badge achieve the passing level at any one time.
  • Silver is a more stringent set of criteria than passing but is expected to be achievable by small and single-organization projects.
  • Gold is even more stringent than silver and includes criteria not achievable by small or single-organization projects.

More than 700 projects reached at least the passing level. Here is the complete set of criteria for all badge levels.

You can add the badge either through Markdown or HTML to your project page once you have answered the questions and fulfilled the requirements for the desired badge level.

You can find my open-source project SwiftPlantUML as one of the projects.

Project Search

SwiftPlantUML project status with regards to OpenSSF Best Practices Badge

It took me about 30min to complete the questionnaire. I automatically fulfilled some requirements already by hosting my open-source project on GitHub. I also learned some new practices. Overall this exercise is valuable

  • for you as a developer to learn
  • for your project consumers to gain confidence and trust

Did you find this article valuable?

Support Marco Eidinger by becoming a sponsor. Any amount is appreciated!