All
Articles
Conferences
Presentations
Dates
Clear
Within 1 day
Within 1 week
Within 1 month
Within 1 year
Within 3 years
Author
Has Video
1
Conferences
Apply
SupplyChainSecurityCon 2022
1
Tags
Apply
Developers
1
Open Source
1
demand
1
downloads
1
growth
1
Sort by:
Most recent
Assessing the Risk of Open-source Components Using OpenSSF's Scorecard
Conference:
SupplyChainSecurityCon 2022
Authors:
Naveen Srinivasan
,
Laurent Simon
2022-06-21
tldr - powered by Generative AI
Scorecard is a tool that helps users assess the security of their open source projects and dependencies on GitHub.
Scorecard checks for good practices, authentication, and over-privileged CI runs.
Scorecard flags empty patterns and warns about secrets in pull requests.
Scorecard can be installed as a GitHub action for projects and dependencies.
Scorecard alerts users to potential risks, such as unmaintained dependencies.
Scorecard is configurable and can be used to enforce policies at scale.
Scorecard plans to add support for more languages and improve configurability.
Tags:
Open Source
demand
Developers
downloads
growth
Show 0 Comments
1