Zacco logotypeDigital Trust

Google’s latest scorecard tool scans open-source software for security risks

1 July 2021

The updated version of Google Scorecard produces a “Risk Score” for open-source software with improved checks and capabilities to make the data accessible for analysis. The update comes with features like, checks for contributions from malicious authors or compromised accounts that can introduce potential backdoors into code. Use of fuzzing (e.g., OSS-Fuzz), and static code analysis tools (e.g., CodeQL), signs of CI/CD compromise, and bad dependencies

Back to all news Read more