You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Description:
Create a new node OpenSSFScorecard with Github's scorecard checks for every project ingested.
An OpenSSF scorecard is a serious of checks that can be useful to surface the security posture of a project.
See for example https://scorecard.dev/viewer/?uri=github.com/lyft/cartography
Checks can be used as an overall score or in an individual form, for example to determine if the project is actively maintained (which could reflect if cadence of security fixes).
Title: Ingest OpenSSF scorecard information
Description:
Create a new node
OpenSSFScorecard
with Github's scorecard checks for every project ingested.An OpenSSF scorecard is a serious of checks that can be useful to surface the security posture of a project.
See for example https://scorecard.dev/viewer/?uri=github.com/lyft/cartography
Checks can be used as an overall score or in an individual form, for example to determine if the project is actively maintained (which could reflect if cadence of security fixes).
The information can be queried using a public API, for example https://api.securityscorecards.dev/projects/github.com/lyft/cartography
This could be a separate intel module or a submodule from https://github.com/lyft/cartography/blob/master/cartography/intel/github
[optional Relevant Links:]
https://openssf.org/projects/scorecard/
https://openssf.org/blog/2024/04/17/beyond-scores-with-openssf-scorecard-granular-structured-results-for-custom-policy-enforcement/
https://api.securityscorecards.dev/
The text was updated successfully, but these errors were encountered: