Official documentation of 18 security checks, scoring methodology, and weekly scanning of 1 million critical projects with BigQuery data access.
Why read: Primary source for understanding Scorecard methodology and confirming the 1 million project scanning program. Essential for verifying the claim's components.
Analysis of Scorecard scores for 1,511 Wolfi upstream repos. Found average 5.4/10, bell-shaped distribution, popularity-score correlation.
Why read: Source of the 5.4 average score figure. Critical for understanding that the 5.4 applies to Wolfi upstream repos, not the full 1 million critical projects.