Computer Science > Cryptography and Security
[Submitted on 6 Aug 2022 (v1), last revised 15 Jun 2023 (this version, v4)]
Title:OpenSSF Scorecard: On the Path Toward Ecosystem-wide Automated Security Metrics
View PDFAbstract:The OpenSSF Scorecard project is an automated tool to monitor the security health of open-source software. This study evaluates the applicability of the Scorecard tool and compares the security practices and gaps in the npm and PyPI ecosystems.
Submission history
From: Nusrat Zahan [view email][v1] Sat, 6 Aug 2022 00:18:04 UTC (614 KB)
[v2] Fri, 12 Aug 2022 01:38:01 UTC (615 KB)
[v3] Tue, 10 Jan 2023 17:26:12 UTC (362 KB)
[v4] Thu, 15 Jun 2023 14:23:22 UTC (368 KB)
References & Citations
Bibliographic and Citation Tools
Bibliographic Explorer (What is the Explorer?)
Litmaps (What is Litmaps?)
scite Smart Citations (What are Smart Citations?)
Code, Data and Media Associated with this Article
CatalyzeX Code Finder for Papers (What is CatalyzeX?)
DagsHub (What is DagsHub?)
Gotit.pub (What is GotitPub?)
Papers with Code (What is Papers with Code?)
ScienceCast (What is ScienceCast?)
Demos
Recommenders and Search Tools
Influence Flower (What are Influence Flowers?)
Connected Papers (What is Connected Papers?)
CORE Recommender (What is CORE?)
arXivLabs: experimental projects with community collaborators
arXivLabs is a framework that allows collaborators to develop and share new arXiv features directly on our website.
Both individuals and organizations that work with arXivLabs have embraced and accepted our values of openness, community, excellence, and user data privacy. arXiv is committed to these values and only works with partners that adhere to them.
Have an idea for a project that will add value for arXiv's community? Learn more about arXivLabs.