|
gptkbp:instanceOf
|
gptkb:software
|
|
gptkbp:category
|
gptkb:DevSecOps
open source security
software supply chain security
|
|
gptkbp:checksFor
|
gptkb:software
gptkb:SAST
code review
vulnerabilities
CI tests
CII Best Practices
binary artifacts
branch protection
contributor count
dangerous workflow permissions
dependency update tool
fuzzing
maintained status
pinned dependencies
signed releases
token permissions
|
|
gptkbp:contributedTo
|
gptkb:GitHub
gptkb:Google
gptkb:Microsoft
community contributors
|
|
gptkbp:developedBy
|
gptkb:OpenSSF
|
|
gptkbp:documentation
|
https://github.com/ossf/scorecard/blob/main/docs/checks.md
|
|
gptkbp:feature
|
CI/CD integration
JSON and SARIF output formats
automated checks
security score output
|
|
gptkbp:firstReleased
|
2020
|
|
gptkbp:format
|
gptkb:SARIF
gptkb:JSON
human-readable
|
|
https://www.w3.org/2000/01/rdf-schema#label
|
Security Scorecards
|
|
gptkbp:integration
|
gptkb:OpenSSF_Allstar
gptkb:GitHub_Actions
gptkb:OpenSSF_Best_Practices_Badge
CI/CD pipelines
|
|
gptkbp:language
|
gptkb:Go
|
|
gptkbp:license
|
gptkb:Apache_License_2.0
|
|
gptkbp:platform
|
gptkb:GitHub
gptkb:Bitbucket
gptkb:GitLab
|
|
gptkbp:purpose
|
assess open source project security
automated security tool
|
|
gptkbp:relatedTo
|
gptkb:OpenSSF_Allstar
gptkb:OpenSSF_Best_Practices_Badge
gptkb:OpenSSF
|
|
gptkbp:repository
|
https://github.com/ossf/scorecard
|
|
gptkbp:status
|
active
|
|
gptkbp:usedBy
|
gptkb:GitHub_Actions
gptkb:OpenSSF_Best_Practices_Badge
|
|
gptkbp:bfsParent
|
gptkb:Open_Source_Security_Foundation
|
|
gptkbp:bfsLayer
|
5
|