Techly NewsGet the app

Get the latest tech news

Scorecard: Assess Open Source Project Security


Quickly assess open source projects for risky practices

Scorecard checks for vulnerabilities affecting different parts of the software supply chain including source code, build, dependencies, testing, and project maintenance. For an organisation Scorecard can be included in the continuous integration/continuous deployment processes using the GitHub action and run by default on pull requests. To end this situation the decision was made to consolidate over the use of the singular form in keeping with the repo and program name, drop the "Security" part and use "OpenSSF" instead to ensure uniqueness.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of scorecard

scorecard

« Manufacturers slow Gen AI rollout on rising accuracy concerns, says study
Ed Stone, scientist and salesman for the Voyager mission, has died »