foropensource

All offers › Security

Free security for open source projects

17 companies, 17 verified offers. Not sure which you qualify for? Match your repo.

1Password

security

1Password Teams (Open Source Program)

Free 1Password Teams account for the project team, on all platforms (Mac, Windows, iOS, Android, Linux, browser), including developer features such as SSH key management, Git commit signing, CLI authentication with biometrics, and secrets management integration.

Eligibility: for the project; non-commercial only; project at least 1 months old; Team accounts only (not personal/family/business). Project must be at least 30 days old, active, under a permissive open source license, with the applicant as core contributor; no commercial backing (open source funding programs are OK). Open source meetup/event/conference organizers also eligible.

How to apply: Create a 1Password Teams account (14-day trial), invite at least one other Owner, then apply by opening an issue in the 1Password/1password-teams-open-source GitHub repo.

last verified 2026-07-06

Aikido Security

security

Aikido AppSec platform (free for open source)

Free-forever AI code reviews and security checks for open source projects: AI code reviews with automated fix suggestions, PR security reviews, open source dependency scanning, IDE plugins, integrations (Jira, Linear, Drata, Vanta), reports and analytics, AI/bot protection, and attack surface monitoring.

Eligibility: for the project; Eligibility checked case by case; email hovhannes@aikido.dev to confirm your project qualifies. No credit card required.

How to apply: Sign in, create a workspace, then email hovhannes@aikido.dev for eligibility verification.

last verified 2026-07-06

Certum

security

Open Source Code Signing certificate

NOT free — a heavily discounted code signing certificate product for open source developers, priced "from EUR 69.00 gross" (far below standard code signing certificates). The set bundles the certificate with a cryptoCertum 3.7 IDPrime 940C mini cryptographic card and a card reader (ACS ACR39T-A1 or Omnikey 6121, depending on availability).

Eligibility: for the maintainer; Aimed at programmers/developers who share their software free to use or as an open source project; identity verification documents required, but no formal OSS eligibility criteria are published on the product page.

How to apply: Purchase the set from the Certum shop page and complete Certum's identity verification process (documents per their support pages).

last verified 2026-07-06

Cloudflare

CDNsecurityhosting

Project Alexandria (open source program)

Recurring annual credits providing Cloudflare products free, tailored to project size: Pro/Business/Enterprise plan upgrades (Rules, Polish image optimization, WAF, Security Analytics, Page Shield), increased Workers and Pages request limits, expanded R2 object storage, advanced Zero Trust (Remote Browser Isolation, unlimited users), and a dedicated Discord channel.

Eligibility: for the project; OSI license required; non-commercial only; Must be an open source project with a recognized OSS license and operate solely on a non-profit basis and/or align with the program's mission.

How to apply: Apply via the Project Alexandria application form on the landing page.

last verified 2026-07-06

CodeAnt AI

AI and MLsecurity

CodeAnt AI code review and security platform (100% off for open source)

CodeAnt AI's AI code review, SAST security scanning, and code quality platform at 100% off (free) for open source projects.

Eligibility: for the project; Pricing page states "100% OFF FOR OPEN SOURCE" but publishes no detailed eligibility criteria; granted case-by-case via email.

How to apply: Email amartya@codeant.ai with subject "Open Source Work" (link on the pricing page).

last verified 2026-07-07

Coverity Scan

securitytesting

Coverity Scan static analysis

Free static analysis for open source projects in Java, C/C++, C#, JavaScript, Ruby, or Python, analyzing every line of code and potential execution path, with defect root-cause explanations, GitHub/Travis CI integration, and a web interface for triaging defects. Build submission frequency limits vary by project size.

Eligibility: for the project; public repo required; Must be an open source project; ~9,700 OSS projects use the service.

How to apply: Sign up and register your project on scan.coverity.com, upload your build, then view and fix defects in the web interface.

last verified 2026-07-06

Datadog

monitoringsecurity

Datadog observability platform (Open Source Projects program)

Free Datadog account for the project's own infrastructure: cloud observability and security platform including infrastructure and APM monitoring, 1,000+ integrations, code analysis and profiling, and database/user activity monitoring. Host counts and telemetry event volumes may be limited.

Eligibility: for the project; OSI license required; non-commercial only; project at least 12 months old; Minimum 5 regular contributors; at least 2 maintainers must work for different companies. Monitored infrastructure must directly support the project itself (monitoring third-party instances of the project is out of scope). Projects are asked to tell the community how they use Datadog.

How to apply: Application form on the partner program page; Datadog evaluates submissions case by case.

last verified 2026-07-06

DeepSource

testingsecurity

DeepSource static analysis (OSS plan)

Free plan for open source: unlimited public repositories, unlimited team members, 1,000 pull requests reviewed per month, static analysis, SAST, IaC scanning, code coverage, secrets detection, and 1,000 automated code formatting runs per month (AI Review/Autofix are pay-as-you-go).

Eligibility: for the project; public repo required; "Free for open-source projects, and always will be"; no formal vetting described beyond repositories being public open source.

How to apply: Sign up on deepsource.com and connect public repositories; no separate application.

last verified 2026-07-06

GlobalSign

security

Free SSL certificates for open source projects

Free GlobalSign SSL certificates for qualifying open source projects, helping users verify they are receiving unmodified authentic software or source code.

Eligibility: for the project; OSI license required; non-commercial only; Must pass GlobalSign vetting, achieve an "A" rating on GlobalSign's SSL Checker, and accept the standard Subscriber Agreement.

How to apply: Fill out the contact form on the offer page; GlobalSign's team contacts you to discuss the project.

last verified 2026-07-06

HackerOne

security

HackerOne Community Edition

Free vulnerability coordination / bug bounty platform for open source projects: security page with disclosure policy, report management with discussion tools, intelligent duplicate detection, hacker reputation and private invites, API access, and analytics dashboards. Only cost is a 5% payment processing fee if you choose to pay bounties.

Eligibility: for the project; OSI license required; non-commercial only; project at least 3 months old; Must add a SECURITY.md in the project root, link to the HackerOne profile from the project website, and respond to new reports within a week.

How to apply: Application form on the page (project name, website, motivation); reviews typically complete within one business week.

last verified 2026-07-06

Meterian

security

Meterian dependency vulnerability scanning (free for open source)

Free plan with unlimited open-source projects (plus 1 closed-source project), 10 analyses per day, and HTML reports; public GitHub repos on the free plan are rescanned roughly every 2.5 hours.

Eligibility: for the project; public repo required; Analyses are free for open source projects as long as the client detects the project as open source; classification is automatic.

How to apply: Sign in to the Meterian dashboard and scan your open source repositories; no application needed.

last verified 2026-07-06

PVS-Studio

securitymore tools

PVS-Studio (Free Open Source License)

Free one-year PVS-Studio static analyzer license (C, C++, C#, Java) for a non-commercial open source project; one license per project, renewable annually.

Eligibility: for the project; non-commercial only; Project must be a personal creative endeavor; commercial projects, organization-developed projects (with financing or hired developers), and mirrors/forks are excluded. Requires adding PVS-Studio credit markup to the project's README.md and mentioning PVS-Studio in commits that fix issues it found.

How to apply: Add the required PVS-Studio markup to README.md, then fill out the application form on the offer page.

last verified 2026-07-07

SignPath

security

SignPath code signing (via SignPath Foundation)

Free code signing service and an OV-level code signing certificate issued to SignPath Foundation, with the private key stored on the Foundation's HSM. Supports signing EXE, MSI, Docker images, Office macros and more, with CI/CD pipeline integration (GitHub Actions, Azure DevOps, Jenkins), audit trails and policy enforcement, at no cost.

Eligibility: for the project; OSI license required; public repo required; OSI-approved license without commercial dual-licensing for all components; project must already have released the software in the form to be signed (no release history = not eligible).

How to apply: Apply at signpath.org ("Apply for Free Code Signing") with the project's repository URL, download page URL and description; the Foundation reviews eligibility.

last verified 2026-07-06

Snyk

security

Secure Developer Program (Snyk security platform)

A free Snyk account with full enterprise entitlements and no usage limitations for open source projects, plus a members' Discord community with Snyk security professionals and dedicated help integrating Snyk into build pipelines and development environments.

Eligibility: for the project; non-commercial only; Project must be community-driven, not backed by any corporate entity. Requires linking back to snyk.io in the repo README and project website, and granting Snyk permission to display the project logo.

How to apply: Application form via Snyk's partner portal (separate paths for existing and new projects), linked from the offer page.

last verified 2026-07-06

Socket

security

Socket supply chain security (free for open source)

Socket is "free to use for open-source" — the Free plan covers unlimited developers and repos, 1,000 scans per month, detection of 70+ risk types, and automatic blocking of malicious dependencies. Qualifying open source organizations can additionally request a complimentary Team account.

Eligibility: for the project; public repo required

How to apply: Install Socket on your open source repos using the Free plan; for a complimentary Team account for open source work, contact Socket via their contact form.

last verified 2026-07-06

Sonar (SonarSource)

testingsecurity

SonarQube Cloud (formerly SonarCloud)

SonarQube Cloud automated code quality and security analysis "free for analyzing open source projects" — continuous analysis of public open source repositories across many languages and DevOps integrations.

Eligibility: for the project; public repo required; Free analysis applies to open source (public) projects; detailed criteria not published on the page.

How to apply: Sign up on SonarQube Cloud and import the public open source repository; no separate application.

last verified 2026-07-06

Sourcery

testingsecurity

Sourcery AI code review (Open Source plan)

Pro features free for open source repositories, plus limited security scans for up to 3 repos run biweekly (paid Team plans have 200+ repos with daily scans).

Eligibility: for the project; public repo required; Works right away on projects in a public repo on GitHub, GitLab, etc.

How to apply: Sign up via the open source plan link on the pricing page; works automatically for public repos.

last verified 2026-07-06

Browse all 147 companies