OSSGuard – CLI to adopt OpenSSF security best practices in any project

Hey everyone! 👋

I've been working on a tool that I think could help the community adopt OpenSSF best practices more easily, and I'd love your feedback.

Introducing OSSGuard — a CLI that scans any project and tells you exactly which OpenSSF security components are missing, then helps you fix them.

One command to check your security posture:
ossguard scan .

It covers Scorecard, SLSA, SBOM, Sigstore, Dependabot, CodeQL, SECURITY.md, OSPS Baseline, and more — across Python, JavaScript, Go, Rust, Java, C/C++.

27 commands including audit, init, baseline, pin, secrets, supply-chain, container, fuzz, and compare.

Install however you prefer:
pip install ossguard
brew install kirankotari/tap/ossguard
npx ossguard
go install github.com/kirankotari/ossguard-go/cmd/ossguard@latest

GitHub: https://github.com/kirankotari/ossguard

I built this because I kept seeing projects struggle to figure out what OpenSSF tooling to adopt and how to set it up. OSSGuard tries to bridge that gap — it's not a replacement for any OpenSSF project, but a unifier that makes adoption easier.

I'd really appreciate:

Trying it on your project and sharing what works / what doesn't
Feedback on which OpenSSF practices should be prioritized
Ideas for new checks or integrations
Contributions — issues and PRs are welcome!