scorecard
Safeguard articles tagged "scorecard" — guides, analysis, and best practices for software supply chain and application security.
7 articles
Inside OpenSSF's priority stack: SBOM, Scorecard, and Sigstore
OpenSSF now runs eight technical initiative areas and four flagship projects — most teams have heard of one and adopted none. Here's what's actually worth doing first.
OpenSSF Scorecard v5.1: Azure DevOps Support and File-Mode Selection
Scorecard v5.1 added experimental Azure DevOps repository support and a new --file-mode flag that materially changes how repository files are fetched.
OpenSSF Scorecard v6 Roadmap: OSPS Baseline Conformance
The Scorecard v6 proposal introduces PASS/FAIL/ATTESTED conformance against the OSPS Baseline, versioned probe mapping, and CI gating. Here is what consumers and maintainers need to know.
OpenSSF Scorecard Adoption Metrics: Late 2024
OpenSSF Scorecard crossed 1M scanned repos in October 2024. We break down adoption, score drift, and which checks are actually predictive.
Building a Software Vendor Security Scorecard
Not all vendors are equal when it comes to security. Here is how to build a scorecard that objectively evaluates vendor security practices and informs procurement decisions.
Open Source Dependency Health Metrics That Actually Matter
Star counts and download numbers tell you popularity, not health. The metrics that predict dependency risk are harder to measure and more important to track.
OpenSSF Scorecard v5: Raising the Bar for Open Source Security
The latest release of OpenSSF Scorecard introduces new checks and improved accuracy, helping organizations make data-driven decisions about open source dependency risk.