Description: Quickly assess open source projects for risky practices
security (9851) supply chain (1326) vulnerabilities (53) scorecard (50) cve (45) scorecards (33) slsa (10) openssf (2) sigstore (2)
Build better security habits, one test at a time Quickly assess open source projects for risky practices Run the checks Learn more Your browser does not support the video tag. Your browser does not support the video tag. Part of the Open Source Security Foundation
OpenSSF Scorecard can be used in a couple of different ways:
Use the action to automatically scan any code updates for security vulnerabilities. Any time someone commits a change, the action will automatically check the repo and alert you (and other maintainers) if there are problems.