A framework for defining ratings for open source projects. In particular, the framework offers a security rating for open source projects that may be used to assess the security risk that comes with open source components.
As LGTM has been discontinued it probably should be removed from the security check list of FOSSTARS as missing LGTM checks are responsible for a massive downgrade in the overall FOSSTARS rating.
As LGTM has been discontinued it probably should be removed from the security check list of FOSSTARS as missing LGTM checks are responsible for a massive downgrade in the overall FOSSTARS rating.
Moreover, it seems that validating the CodeQL checks needs to be improved. As an example, the report for the project btp-environment-variable-access shows disabled CodeQL checks while they are clearly active.