OpenSSF Scorecard - Security health metrics for Open Source
-
Updated
Jun 30, 2026 - Go
OpenSSF Scorecard - Security health metrics for Open Source
Official GitHub Action for OpenSSF Scorecard.
Simplify OpenSSF Scorecard tracking in your organization with automated markdown and JSON reports, plus optional GitHub issue alerts
Dead code doesn't get patched. Detect abandoned & end-of-life dependencies that SCA tools miss — before they become the next xz-utils.
Tool for visualizing the Open SSF Scorecard Api data in a human friendly way
Audit your Gemfile for dependency health across the full transitive graph: maintenance activity, archived repos, outdated versions, OpenSSF Scorecard, vulnerabilities, libyear drift, and a per-gem status. Outputs terminal, JSON, markdown, SARIF, and CycloneDX, with CI quality gates and granular .still_active.yml suppression.
scir-oss is a tool that integrates public data and information regarding open source software projects and their products into a Project, Product, Protection, and Policy report (OSS-P4/R).
Scorecard action for checking when new dependencies are added to the repository.
OpenSSF Dashboard allows you to check the OpenSSF scorecards for entire organisations and users on GitHub or Gitlab.
Azure Pipelines Task for OpenSSF Scorecard
Documented 6-phase engineering runbook for hardening self-host deployment-template repos to the heyvaldemar supply-chain baseline. Includes templates, helper scripts, and verification gates.
Auditable repository-health scorecard with evidence for every point — a Claude Code agent + deterministic CLI, aligned with OpenSSF & GitHub standards. CI-ready.
A Git-native secret detection CLI with pre-commit enforcement, CI scanning, and policy-as-code validation for DevSecOps pipelines.
中/英自然语言找+装+改 agent skill (Claude Code / Codex) | Cross-agent skill discovery in CN/EN. 三维评分 R/U/T + OpenSSF Scorecard + OSV 漏洞库安全审 + agent-as-LLM 架构 + 三槽位版本快照.
🔐 Repositories security and analysis.
The open code health benchmark — paste any github.com URL, or just replace github.com with stackhealth.dev. Scores security, quality, hygiene & community via a fully open formula. Free forever.
FastMCP server that provides comprehensive security analysis for software packages across multiple ecosystems. It integrates seamlessly with Claude Desktop to provide AI-powered security evaluation capabilities.
Reusable GitHub Actions workflow that scans your repo (or any external repo) with Semgrep, Gitleaks, OSV, Checkov, Trivy and SBOM, then emails a graded security report enriched with CISA KEV, FIRST EPSS and OpenSSF Scorecard.
Public model cards (Voltcrown v7.9 + lineage) and a dependency-light forecasting toolkit for the ENTSO-E load-forecast challenge — with OpenSSF Scorecard hardening.
Add a description, image, and links to the openssf-scorecard topic page so that developers can more easily learn about it.
To associate your repository with the openssf-scorecard topic, visit your repo's landing page and select "manage topics."