OpenSSF Scorecard: On the Path Toward Ecosystem-wide Automated Security Metrics
Abstract
The OpenSSF Scorecard project is an automated tool to monitor the security health of open-source software. This study evaluates the applicability of the Scorecard tool and compares the security practices and gaps in the npm and PyPI ecosystems.
- Publication:
-
arXiv e-prints
- Pub Date:
- August 2022
- DOI:
- 10.48550/arXiv.2208.03412
- arXiv:
- arXiv:2208.03412
- Bibcode:
- 2022arXiv220803412Z
- Keywords:
-
- Computer Science - Cryptography and Security
- E-Print:
- 10 pages, 2 figures and 2 tables