Structured Scorecard Results: Tailor Your Own Supply-Chain Security Policies

Explore the customization capabilities of OpenSSF Scorecard's new feature, Scorecard Structured Results, in this 35-minute conference talk by Adam Korczynski and David Korczynski from Ada Logics. Learn how to tailor supply-chain security policies using more than 50 different software supply chain security heuristics. Discover the internal workings of Scorecard Structured Results, its potential use cases, and practical examples of implementing custom policies with popular policy engines. Gain insights into automating software supply chain security assessments and adapting them to diverse software ecosystems. Understand how this feature allows users to decide which specific vulnerability analysis tools should be used by dependencies to analyze source code, enhancing the overall security of software projects.

Structured Scorecard Results: Tailor Your Own Supply-Chain... - Adam Korczynski & David Korczynski