Security github.com

Security health metrics for open source projects  ↦

This project is a formalized list of checks that can be run against an open source codebase and a Go-based tool to run those checks and provide a report on the project’s health. Here are a few of the checks it runs, to get an idea of what it’s all about:

  • Does the project use fuzzing tools, e.g. OSS-Fuzz?
  • Does the project cryptographically sign releases?
  • Does the project contain a security policy?

Discussion

Sign in or Join to comment or subscribe

0:00 / 0:00