Tag
openssf-scorecard
Safeguard articles tagged "openssf-scorecard" — guides, analysis, and best practices for software supply chain and application security.
3 articles
Open Source Security
OpenSSF Scorecard v6 and the OSPS Baseline: Turning Probe Evidence Into Registry Trust Signals
The Scorecard v6 roadmap introduces conformance labels (PASS/FAIL/UNKNOWN/NOT_APPLICABLE/ATTESTED) layered over the same probe evidence, aligning Scorecard output with the OSPS Baseline for registry-side trust decisions.
May 4, 20267 min read
Open Source Security
Open source package health scoring explained
Health scores from OSSF Scorecard, Snyk, and npms.io compress package risk into one number -- but xz-utils proves a high score isn't the same as safe.
Apr 21, 20267 min read
Buyer's Guides
Best open source project risk scoring tools
A practical buyer's guide comparing open source project risk scoring tools like OpenSSF Scorecard, Snyk, and Sonatype on signal quality and coverage.
Nov 12, 20258 min read