OpenSSF Scorecard is one of the initiative from Open Source Security Foundation or OpenSSF. It is a tool to provide quick access to opensource projects for any risky practices via automated checks.
To run the checks, there are 2 ways:
- Run automatically on code you own using the GitHub Action
- Run manually on your (or somebody else’s) project via the Command Line
Scorecard checks for vulnerabilities affecting different parts of the software chain including source code, build, dependencies, testing, and project maintenance.
Links: