Talk
Intermediate

OpenSSF Scorecard - Security Scorecards for FOSS Projects

Withdrawn

Session Description

  • Open source software powers modern applications, but not all projects follow the same security practices.

  • As developers and organizations depend more on external libraries, it becomes important to understand the security posture of those dependencies before using them in production.

  • This session introduces OpenSSF Scorecard, an open source tool that automatically evaluates projects against a set of security best practices.

  • It generates a practical “security score” by checking factors like code reviews, branch protection, dependency updates, and release processes.

  • With a simple demo, participants will see how Scorecard can be run on any GitHub repository, how to interpret the results, and how both maintainers and consumers can use these insights to improve security and make better dependency decisions.

Key Takeaways

  • What OpenSSF Scorecard is and why it matters

  • How security scores are generated through automated checks

  • Using Scorecard to evaluate dependency risk

  • Improving project security as a maintainer

  • Making safer open source adoption decisions

References

https://openssf.org/projects/scorecard/
https://github.com/ossf/scorecard
https://scorecard.dev/

Session Categories

Introducing a FOSS project or a new version of a popular project
Tutorial about using a FOSS project
Contributing to FOSS
Engineering practice - productivity, debugging

Speakers

Santhosh NC
Lead Infrastructure Consultant Thoughtworks
https://www.linkedin.com/in/santhoshnc/
Santhosh NC

Reviews

0 %
Approvability
0
Approvals
0
Rejections
0
Not Sure
No reviews yet.