"The Scorecards project hopes to make security checks easier to make security
easier to achieve with the release of Scorecards v2. This includes new
security checks, scaled up the number of projects being scored, and made this
data easily accessible for analysis.
For developers, Scorecards help reduce the toil and manual effort required to
continually evaluate changing packages when maintaining a project's supply
chain. Consumers can automatically access the risks to make informed decisions
about accepting the program, look for an alternative solution, or work with the
maintainers to make improvements."
Via Steven Vaughan-Nichols, who wrote "Want a quick and simple way to know if
that open-source code is safe for your project? Google & the OpenSSF Security
Scorecards are exactly what you need"
Share and enjoy,
*** Xanni ***
Chief Scientist, Xanadu
Partner, Glass Wings
Manager, Serious Cybernetics