Safeguard
Tag

scorecard

Safeguard articles tagged "scorecard" — guides, analysis, and best practices for software supply chain and application security.

7 articles

Open Source Security

Inside OpenSSF's priority stack: SBOM, Scorecard, and Sigstore

OpenSSF now runs eight technical initiative areas and four flagship projects — most teams have heard of one and adopted none. Here's what's actually worth doing first.

Jul 8, 20267 min read
Frameworks

OpenSSF Scorecard v5.1: Azure DevOps Support and File-Mode Selection

Scorecard v5.1 added experimental Azure DevOps repository support and a new --file-mode flag that materially changes how repository files are fetched.

Sep 30, 20256 min read
Frameworks

OpenSSF Scorecard v6 Roadmap: OSPS Baseline Conformance

The Scorecard v6 proposal introduces PASS/FAIL/ATTESTED conformance against the OSPS Baseline, versioned probe mapping, and CI gating. Here is what consumers and maintainers need to know.

Sep 22, 20257 min read
Open Source Security

OpenSSF Scorecard Adoption Metrics: Late 2024

OpenSSF Scorecard crossed 1M scanned repos in October 2024. We break down adoption, score drift, and which checks are actually predictive.

Oct 24, 20245 min read
Risk Management

Building a Software Vendor Security Scorecard

Not all vendors are equal when it comes to security. Here is how to build a scorecard that objectively evaluates vendor security practices and informs procurement decisions.

Feb 28, 20246 min read
Open Source Security

Open Source Dependency Health Metrics That Actually Matter

Star counts and download numbers tell you popularity, not health. The metrics that predict dependency risk are harder to measure and more important to track.

Dec 5, 20236 min read
Open Source Security

OpenSSF Scorecard v5: Raising the Bar for Open Source Security

The latest release of OpenSSF Scorecard introduces new checks and improved accuracy, helping organizations make data-driven decisions about open source dependency risk.

Oct 5, 20235 min read
scorecard — Safeguard Blog