Explore the challenges and solutions for assessing the trustworthiness of open source software in this 27-minute conference talk by Naveen Srinivasan from Endor Labs and Brian Russell from Google. Gain insights into the OpenSSF Scorecards tool, designed to evaluate the health and security of open source projects. Learn how to leverage Scorecards to make informed decisions about incorporating open source components into your software. Discover techniques for automating Scorecards integration into your development toolchain and creating effective dependency policies. Understand the latest advancements in Scorecard's API capabilities for improved scalability in managing open source dependencies.
How to Trust Your Open Source Software Using Scorecards
CNCF [Cloud Native Computing Foundation] via YouTube
Overview
Syllabus
How Do You Trust Your Open Source Software? - Naveen Srinivasan, Endor Labs & Brian Russell, Google
Taught by
CNCF [Cloud Native Computing Foundation]
Related Courses
-
How Do You Trust Your Open Source Software?
-
Do You Know the Health of Your OSS Dependencies? Introducing OSSF Scorecard API
-
Assessing Open Source Software Projects in the Software Supply Chain Security
-
Automated Techniques for Measuring Trustworthiness of Open Source Code and Communities
-
Verifying the Validity of Crowd-Sourced Results in Open Source Security - The Scorecard GitHub Action and Sigstore
-
What is OpenSSF? - Securing Open Source Software Supply Chains
