search

carbon-design-system / carbon

A design system built by IBM
https://www.carbondesignsystem.com
Apache License 2.0
7.6k stars 1.76k forks source link

Implement OpenSSF Scorecard #13642

Open tay1orjones opened 1 year ago

tay1orjones commented 1 year ago

We recently applied and received the OpenSSF Best Practices badge. OpenSSF has another quality assurance offering that we might consider implementing, the OpenSSF Scorecard.

What is Scorecard? We created Scorecard to help open source maintainers improve their security best practices and to help open source consumers judge whether their dependencies are safe.

Scorecard is an automated tool that assesses a number of important heuristics ("checks") associated with software security and assigns each check a score of 0-10. You can use these scores to understand specific areas to improve in order to strengthen the security posture of your project. You can also assess the risks that dependencies introduce, and make informed decisions about accepting these risks, evaluating alternative solutions, or working with the maintainers to make improvements.

This checks against a number of different criteria. We can get a badge from the OpenSSF to show off the general health of the project. There is also a Github Action for the scorecard we could use.

ljcarot commented 1 year ago

@tay1orjones can we show this on our homepage too.