Talk Beginner Apache License Version 2.0

OpenSSF Scorecard - Security Scorecards for FOSS Projects

Approved

Session Description

Open source software powers modern applications, but not all projects follow the same security practices.
As developers and organizations depend more on external libraries, it becomes important to understand the security posture of those dependencies before using them in production.
This session introduces OpenSSF Scorecard, an open source tool that automatically evaluates projects against a set of security best practices.
It generates a practical “security score” by checking factors like code reviews, branch protection, dependency updates, and release processes.
With a simple demo, participants will see how Scorecard can be run on any GitHub repository, how to interpret the results, and how both maintainers and consumers can use these insights to improve security and make better dependency decisions.

Key Takeaways

https://scorecard.dev/

Introducing a FOSS project or a new version of a popular project

Tutorial about using a FOSS project

Contributing to FOSS

Engineering practice - productivity, debugging

Talk License: Apache License Version 2.0

Lead Infrastructure Consultant | Thoughtworks

Seasoned DevSecOps engineer with 9+ years of experience in designing, building, securing, and automating cloud-native systems.
Holds the titles of Golden Kubestronaut and AWStronaut, showcasing deep expertise in Kubernetes and AWS ecosystems.
Skilled in DevOps, Multi-Cloud, CI/CD/CT pipelines, infrastructure automation, and continuous security integration.
Passionate about FOSS, DevSecOps practices, and knowledge sharing through community talks, workshops, and mentorship.

Sounds like a useful tool, however I would have liked to see material prepared by the speaker themselves attached under references.

Reviewer #1 Approved