Evaluating security risk associated with open source software projects can be a complex or even daunting task, but an Open Source Security Foundation project called OpenSSF Scorecard helps put some order and automation into the process.
In this episode, we chat with one of OpenSSF Scorecard’s contributors, Brian Russell of Google, and Ryan Ware, Director of Open Source Security at Intel, about the problems Scorecard addresses, and how it might help improve the experience of developers and consumers of open source software. We’ll take a deep dive into the automated security checks, how to use the data, and how to include Scorecards in a workflow.