Health metrics for Open Source projects using OSSF scorecard
Prerequisite for funding via Secure Open Source (SOS) Rewards
Branch protection
Code Review in PRs
Dependency update tool
Signed releases
scorecard --repo=github.com/moby/moby
One million critical open source projects are scanned weekly
Data is shared publicly
PROJECT=github.com/moby/moby
curl -s https://api.securityscorecards.dev/projects/${PROJECT} \
| jq --raw-output '.checks[] | "\(.name): \(.score)"'
Use web-based BigQuery Explorer
Use bq on the console (part of gcloud)