Member of the Express Technical Committee (TC), TC39 Delegate, as well as a Node.js core collaborator and releaser
The Open Source Security Foundation (OpenSSF) is a community of software developers, security engineers, and more who are working together to secure open source software for the greater public good.
The Scorecard evaluates the security of your project based on automated checks related to four scenarios:
Each automated check returns a score out of 10 and a risk level. The risk level adds a weighting to the score, and this weighting is compiled into a single, aggregate score. This score helps give a sense of the overall security posture of a project.
The riskiness of each vulnerability is based on how easy it is to exploit. For example if something can be exploited via a pull request, we consider that a high risk.
There are currently 18 checks made across 3 themes: holistic security practises, source code risk assessment and build process risk assessment.
1. Add a GitHub Action to calculate and report the Scoring regularly
2. Make changes to improve the scoring
3. Monitor the changes
The major challenge was our SCALE and the WAY OF WORKING
Dreams are extremely important. You can't do it unless you imagine it.
- George Lucas