How to Trust Your Open Source Software Using Scorecards
Offered By: CNCF [Cloud Native Computing Foundation] via YouTube
Course Description
Overview
Explore the challenges and solutions for assessing the trustworthiness of open source software in this 27-minute conference talk by Naveen Srinivasan from Endor Labs and Brian Russell from Google. Gain insights into the OpenSSF Scorecards tool, designed to evaluate the health and security of open source projects. Learn how to leverage Scorecards to make informed decisions about incorporating open source components into your software. Discover techniques for automating Scorecards integration into your development toolchain and creating effective dependency policies. Understand the latest advancements in Scorecard's API capabilities for improved scalability in managing open source dependencies.
Syllabus
How Do You Trust Your Open Source Software? - Naveen Srinivasan, Endor Labs & Brian Russell, Google
Taught by
CNCF [Cloud Native Computing Foundation]
Related Courses
How Do You Trust Your Open Source Software?Security BSides San Francisco via YouTube Adventures in Securing an Open Source Project - From Zero to Hero
Linux Foundation via YouTube Insights from the Cloud Native Security Slam
Linux Foundation via YouTube Structured Scorecard Results: Tailor Your Own Supply-Chain Security Policies
Linux Foundation via YouTube Exploring the Large Language Models Open-Source Security Landscape
OpenSSF via YouTube