Use “Scorecards” to Examine on Safety of Your Open Supply Initiatives
1 min read

Use “Scorecards” to Examine on Safety of Your Open Supply Initiatives

In episode 60 of DevNet Snack Minute, DevNet’s Supervisor of Developer Advocacy, Matt DeNapoli, and I speak with Stephen Augustus, Head of Open Supply at Cisco.  On this episode we speak about “Scorecard”, and the way you employ them to enhance the safety of your open supply challenge.

Scorecard is an automatic software that assesses plenty of necessary heuristics (“checks”) related to software program safety. It assigns every verify a rating of 0-10, giving shoppers of open-source tasks a straightforward technique to decide whether or not their dependencies are protected. You need to use these scores to:

  • perceive particular areas the place you may strengthen the safety posture of your challenge
  • be sure dependencies are protected – e.g.,
    • do I’ve binaries checked into my repository?
    • do I’ve department safety configured?
    • do I’ve CI checks?
    • are we doing code critiques?
  • make knowledgeable choices about accepting dangers, evaluating various options, or working with maintainers to make enhancements.

In Stephen’s demo and dialogue you see how Scorecard offers you a sensible technique to know that safety challenges may be checked and addressed inside your challenge.

Be taught concerning the new software Scorecard with Stephen Augustus, Head of Open Supply at Cisco.

Take a look at the Scorecards repo on GitHub

Associated assets

We’d love to listen to what you suppose. Ask a query or go away a remark beneath.
And keep related with Cisco DevNet on social!

LinkedIn | Twitter @CiscoDevNet | Fb Developer Video Channel


Leave a Reply

Your email address will not be published. Required fields are marked *