- “피싱 사이트 80%가 이제 모바일 기기 겨냥” 짐페리움 랩스 보고서
- 아카마이, API 보안과 클라우드 통합하는 '네이티브 커넥터' 출시
- Best Prime Day security camera deals to shop in October 2024
- Buy a Samsung Galaxy S24 FE and get a $100 Amazon gift card for October Prime Day
- Meta's new 512GB Quest 3 deal may be the best October Prime Day VR deal right now
Use “Scorecards” to Check on Security of Your Open Source Projects
In episode 60 of DevNet Snack Minute, DevNet’s Manager of Developer Advocacy, Matt DeNapoli, and I talk with Stephen Augustus, Head of Open Source at Cisco. In this episode we talk about “Scorecard”, and how you use them to improve the security of your open source project.
Scorecard is an automated tool that assesses a number of important heuristics (“checks”) associated with software security. It assigns each check a score of 0-10, giving consumers of open-source projects an easy way to judge whether their dependencies are safe. You can use these scores to:
- understand specific areas where you can strengthen the security posture of your project
- make sure dependencies are safe – e.g.,
- do I have binaries checked into my repository?
- do I have branch protection configured?
- do I have CI tests?
- are we doing code reviews?
- make informed decisions about accepting risks, evaluating alternative solutions, or working with maintainers to make improvements.
In Stephen’s demo and discussion you see how Scorecard gives you a practical way to know that security challenges can be checked and addressed within your project.
Learn about the new tool Scorecard with Stephen Augustus, Head of Open Source at Cisco.
Check out the Scorecards repo on GitHub
Related resources
We’d love to hear what you think. Ask a question or leave a comment below.
And stay connected with Cisco DevNet on social!
LinkedIn | Twitter @CiscoDevNet | Facebook | Developer Video Channel
Share: