Service

OpenSSF Scorecard

Readiness Level
Foundational

CISA does not endorse any commercial product or service. CISA does not attest to the suitability or effectiveness of these services and resources for any particular use case. Any reference to specific commercial products, processes, or services by service mark, trademark, manufacturer, or otherwise, does not constitute or imply their endorsement, recommendation, or favoring by CISA.

Description

OpenSSF Scorecard is a collection of security health metrics for open source, allowing users to evaluate the security practices of an open source package before use. Results available publicly as a Google Cloud Big Query Dataset.

Learn about CISA’s CPGs