How OpenSSF Scorecard Helps Secure Open Source Projects

In this session, I will talk about OpenSSF Scorecard, an automated security assessment tool used to evaluate the security practices of open-source projects. The discussion will cover what Scorecard is, how it works, the different security checks it performs, and its importance in improving software supply-chain security. Key takeaways from this session include understanding how Scorecard helps identify security risks, promotes secure development practices, and supports organizations in choosing safer and more reliable open-source dependencies.

• Understanding the basics of software supply-chain security

• Learning what OpenSSF Scorecard does

• How to analyze the security posture of a GitHub repository

• Important security checks developers should know

• Using Scorecard in real-world development workflows