How to Trust Your Open Source Software Using Scorecards
CNCF [Cloud Native Computing Foundation] via YouTube
Overview
Explore the challenges and solutions for assessing the trustworthiness of open source software in this 27-minute conference talk by Naveen Srinivasan from Endor Labs and Brian Russell from Google. Gain insights into the OpenSSF Scorecards tool, designed to evaluate the health and security of open source projects. Learn how to leverage Scorecards to make informed decisions about incorporating open source components into your software. Discover techniques for automating Scorecards integration into your development toolchain and creating effective dependency policies. Understand the latest advancements in Scorecard's API capabilities for improved scalability in managing open source dependencies.
Syllabus
How Do You Trust Your Open Source Software? - Naveen Srinivasan, Endor Labs & Brian Russell, Google
Taught by
CNCF [Cloud Native Computing Foundation]