The eclipse foundation is on a mission to improve the Software Supply Chain using Scorecard. Check out this blog post to see how they're making progress! mikael.barbero.tech/blog/post/ecli…

.CNCF project maintainers aim to raise their projects' security score (measured by OpenSSF Security Scorecard) ahead of #KubeCon + #CloudNativeCon NA at #SecuritySlam to increase security awareness, posture & compliance community.cncf.io/cloud-native-s… Sonatype OpenSSF Scorecard

Scorecard v4.8.0 release. github.com/ossf/scorecard…

Projects adopting the practices set out by OpenSSF in its Security Score will improve their project’s security & the security of the open source projects that depend on them hubs.la/Q01qhR0_0 Sonatype State of the Software Supply Chain Report Stephen OpenSSF Scorecard

Scorecard action release github.com/ossf/scorecard…

Our Support, Advocacy, Contribution & Implementation team (SACI FA, part of GOSST) continue to add security tools like theopenssf Scorecards to critical OSS Projects: github.com/facebook/zstd/… github.com/systemd/system… github.com/pandas-dev/pan…

Scorecards API usage from early fall. api.securityscorecards.dev

Scorecards reached 3K stars in GitHub. starchart.cc/ossf/scorecard…

Meet NAVEEN KUMAR S, Software Engineer, Endor Labs #contributor and #maintainer across a few OpenSSF projects including OpenSSF Scorecard openssf.org/blog/2022/11/0… "A welcoming community is essential." #OSS

theopenssf scorecard is coming soon to NodeSecure CLI 😍(PR opened today). Really happy about this new feature ☺️

JReleaser has reached another milestone: the project is now 100% compliant with the theopenssf Best Practices 🎉 bestpractices.coreinfrastructure.org/en/projects/63… In addition we also have configured the OpenSSF Scorecard GitHub action.

Poor software quality may have cost the US at least $2.41 trillion this year hubs.la/Q01vMFHb0 Companies are encouraged to adopt complementary security tools alongside #SBOMs to reassure developers of their components' security profile, such as OpenSSF Scorecard & other tools

The Eclipse Foundation ran OpenSSF Scorecard against all their projects, analyzed the results, and created a prioritized list of activities that they’ll focus on to achieve the best and broadest impact github.com/ossf/alpha-ome…

This week, we had a great discussion about OpenSSF Scorecard in the Node.js Security WG. 😎 I published a little post about it in my blog. #security #OpenSSFScorecards blog.ulisesgascon.com/openssf-in-nod…

"How Do You Trust Open Source Software?" - NAVEEN KUMAR S (Endor Labs) and Brian Russell Google youtu.be/0b9avFup0LY

Developers rely on open source tools to integrate critical security controls as part of the CI/CD pipeline. Continued efforts to provide resources, such as OpenSSF Scorecard with its promise of automated scoring...will support teams as they assemble software darkreading.com/vulnerabilitie…

openjsf.org/node-js/2023/0…

Planning on attending RSAConference #RSAC in April? Don't miss - How Do You Trust Open Source Software? by NAVEEN KUMAR S and Brian Russell on OpenSSF Scorecard & Introducing the Secure Supply Chain Consumption Framework (S2C2F) by Adrian Diglio rsaconference.com

Attention Scorecard Project users! OpenSSF Scorecard needs your input to determine which work to prioritize in the coming months. Please take a few minutes to fill out our survey at: hubs.la/Q01DRF4y0 Your responses will help us make informed decisions that benefit everyone

Improving Supply Chain Security: IBM as a user and a contributor to Open Source Security Foundation Scorecard by Jamie Thomas hubs.la/Q01HzLpm0 IBM OpenSSF Scorecard #OpenSource #OSSsecurity