Closed fredgan closed 2 years ago
Hi, For the Scorecard said:
We created Scorecards to give consumers of open-source projects an easy way to judge whether their dependencies are safe.
For the SLSA said:
SLSA levels are like a common language to talk about how secure software, supply chains and their component parts really are.
It seems like they are alike. If so, why both are introduced? Which should be used to the user? Thanks~
Stale issue message
github-actions[bot]
commented
2 years ago github-actions[bot]
commented
2 years ago
Hi, For the Scorecard said:
For the SLSA said:
It seems like they are alike. If so, why both are introduced? Which should be used to the user? Thanks~