The Open Source Project Security Baseline (OSPS Baseline) is designed to act as a minimum definition of requirements for a project relative to it’s maturity level. It is maintained by the OpenSSF Security Baseline SIG according to the project governance documentation.
For more information on the motivation and purpose, see the FAQ.
Previous versions are presented for historical reference. Downstream consumers of the OSPS Baseline should specify their compliance against a specific version. Only the version labeled as “current” should be used for new compliance efforts.
Versions are managed according to the Baseline maintenance process.