Security is a growing concern in open source software, but how do we measure the reliability of a project?

The Open Source Security Foundation (OSSF) Scorecard provides an automated tool to assess key security risks in open source repositories.

In this talk, we'll explore how this Scorecard evaluates projects using a set of well-defined heuristics, from dependency management to CI/CD hygiene, and how developers working on internal codebases and maintaining open source projects can leverage it to improve security posture.

We will also see how this tool can be perfectly integrated with your Platform Engineering strategy

Expect a few slides and a lot of Live Coding to learn how this tool helps strengthen the security of the open-source ecosystem—one repository at a time.