Learn how to leverage OpenSSF Scorecard and Allstar tools for automated security scanning of source code repositories in this technical talk from Google's Raghav Kaul. Explore practical implementations for blue teams to secure first-party repositories through infrastructure and policy approaches. Discover methods for integrating Scorecard into development processes to prevent security issues rather than just detecting them. Master the use of probes for creating granular policies, setting up data pipelines for probe results, and implementing pre-commit GitHub Actions to shift Scorecard scans left in the development cycle. Gain hands-on knowledge about detecting and remediating security misconfigurations in GitHub and GitLab projects by analyzing source code, CI workflows, and repository settings.
Blue Team Tips for Using Scorecard in Security Automation
Overview
Syllabus
Is This Thing on? Blue Team Tips for Scorecard - Raghav Kaul, Google
Taught by
OpenSSF
Related Courses
-
Scorecard at Scale: Old and New Possibilities for Lifting Security on All Repositories
-
Structured Scorecard Results: Tailor Your Own Supply-Chain Security Policies
-
Reviewing NuGet Packages Security Using OpenSSF Scorecard
-
Using OpenSSF's Allstar to Secure Your Organization's GitHub Repositories
-
Verifying the Validity of Crowd-Sourced Results in Open Source Security - The Scorecard GitHub Action and Sigstore
-
Intel's Experiences Using OpenSSF Scorecard to Better Secure Software Portfolio
