-
Notifications
You must be signed in to change notification settings - Fork 16
Expand file tree
/
Copy pathopenssf-scorecard.json
More file actions
38 lines (38 loc) · 1.43 KB
/
openssf-scorecard.json
File metadata and controls
38 lines (38 loc) · 1.43 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
{
"@context": "https://w3id.org/everse/rs#",
"@id": "https://w3id.org/everse/tools/scorecard",
"@type": "SoftwareApplication",
"applicationCategory": [
{ "@id": "rs:ResearchInfrastructureSoftware", "@type": "@id" },
{ "@id": "rs:PrototypeTool", "@type": "@id" }
],
"description": "OpenSSF Scorecard is a tool that automatically evaluates the security health of open source projects. It runs checks on best practices like branch protection, dependency management, and code review, then produces a score to help maintainers and users assess project risk.",
"hasQualityDimension": [
{ "@id": "dim:security", "@type": "@id" },
{ "@id": "dim:maintainability", "@type": "@id" },
{ "@id": "dim:sustainability", "@type": "@id" }
],
"howToUse": ["CI/CD", "command-line"],
"isAccessibleForFree": true,
"license": "https://spdx.org/licenses/Apache-2.0",
"name": "OpenSSF Scorecard",
"url": "https://github.com/ossf/scorecard",
"improvesQualityIndicator": [
{
"@id": "https://w3id.org/everse/i/indicators/no_critical_vulnerability",
"@type": "@id"
},
{
"@id": "https://w3id.org/everse/i/indicators/no_leaked_credentials",
"@type": "@id"
},
{
"@id": "https://w3id.org/everse/i/indicators/human_code_review_requirement",
"@type": "@id"
},
{
"@id": "https://w3id.org/everse/i/indicators/static_analysis_common_vulnerabilities",
"@type": "@id"
}
]
}