logo
Dates

Author


Conferences

Tags

Sort by:  

Authors: Naveen Srinivasan, Laurent Simon
2022-06-21

tldr - powered by Generative AI

Scorecard is a tool that helps users assess the security of their open source projects and dependencies on GitHub.
  • Scorecard checks for good practices, authentication, and over-privileged CI runs.
  • Scorecard flags empty patterns and warns about secrets in pull requests.
  • Scorecard can be installed as a GitHub action for projects and dependencies.
  • Scorecard alerts users to potential risks, such as unmaintained dependencies.
  • Scorecard is configurable and can be used to enforce policies at scale.
  • Scorecard plans to add support for more languages and improve configurability.