Welcome to our

Cyber Security News Aggregator

.

Cyber Tzar

provide a

cyber security risk management

platform; including automated penetration tests and risk assesments culminating in a "cyber risk score" out of 1,000, just like a credit score.

Reducing Security Risks in Open Source Software at Scale: Scorecards Launches V4

published on 2022-01-19 15:00:00 UTC by Kaylin Trychon
Content:


Since our July announcement of Scorecards V2, the Scorecards project—an automated security tool to flag risky supply chain practices in open source projects—has grown steadily to over 40 unique contributors and 18 implemented security checks. Today we are proud to announce the V4 release of Scorecards, with larger scaling, a new security check, and a new Scorecards GitHub Action for easier security automation.

The Scorecards Action is released in partnership with GitHub and is available from GitHub's Marketplace. The Action makes using Scorecards easier than ever: it runs automatically on repository changes to alert developers about risky supply-chain practices. Maintainers can view the alerts on GitHub's code scanning dashboard, which is available for free to public repositories on GitHub.com and via GitHub Advanced Security for private repositories.

Additionally, we have scaled our weekly Scorecards scans to over one million GitHub repositories, and have partnered with the Open Source Insights website for easy user access to the data.

For more details about the release, including the new Dangerous-Workflow security check, visit the OpenSSF's official blog post here.
Article: Reducing Security Risks in Open Source Software at Scale: Scorecards Launches V4 - published almost 3 years ago.

http://security.googleblog.com/2022/01/reducing-security-risks-in-open-source.html   
Published: 2022 01 19 15:00:00
Received: 2022 01 19 15:21:47
Feed: Google Online Security Blog
Source: Google Online Security Blog
Category: Cyber Security
Topic: Cyber Security
Views: 1

Custom HTML Block

Click to Open Code Editor