SRC003 — https://github.com/ossf/scorecard¶
Contents¶
Metadata¶
| Field | Value |
|---|---|
| URL | https://github.com/ossf/scorecard |
| Authors | OpenSSF / Open Source Security Foundation |
Content Summary¶
Official OpenSSF Scorecard repository documenting the tool's 18 security checks, scoring methodology (0-10 per check, weighted aggregate by risk level), and weekly scanning of 1 million most critical open source projects with results published to BigQuery.
Reliability: High¶
Primary source documentation from the project that produces the Scorecard tool and data.
Relevance: High¶
Authoritative source confirming 1 million project scanning, scoring methodology, and aggregate score calculation.
Bias Assessment¶
| Domain | Rating | Rationale |
|---|---|---|
| Missing Data | Low risk | Comprehensive documentation of methodology, checks, and data access. |
| Measurement | Low risk | Self-documents that checks are heuristics with known false positives and false negatives. |
| Selective Reporting | Low risk | Open source tool with publicly available data in BigQuery. |
| Randomization | N/A | Not an RCT. |
| Protocol Deviation | N/A | Not an RCT. |
| Conflict Of Interest | Low risk | Non-profit foundation project with multi-stakeholder governance. |