scorecard ☆

« Back to VersTracker

Description:
Security health metrics for Open Source

Type: Formula | Latest Version: 5.4.0@0 | Tracked Since: Dec 27, 2025

Links: Homepage | @ossf | formulae.brew.sh

Category: Security

Tags: security open-source devsecops dependencies audit

Install: brew install scorecard

About:
Scorecard is an automated security tool that assesses the security posture of open-source projects. It uses a series of automated checks to evaluate risks like vulnerabilities, maintenance activity, and security practices. Its main value is providing a standardized, data-driven security score to help users evaluate dependencies and maintainers improve their projects.

Key Features:

Automated security risk assessments
Standardized scoring (0-10) for easy comparison
Checks for vulnerabilities, CI/CD, and code review practices
Supports GitHub and GitLab repositories
Can be run via CLI, API, or GitHub Action

Use Cases:

Evaluating the security risk of open-source dependencies before integration
Monitoring the security health of your organization's own open-source projects
Prioritizing security improvements based on automated check results

Alternatives:

Snyk Open Source – Commercial SCA tool with broader vulnerability scanning and license compliance.
deps.dev – Google's service for analyzing package dependencies and vulnerabilities.

Version History

Detected	Version	Change	Commit
Dec 27, 2025 6:36pm	5.4.0	VERSION_BUMP	0320b920
Sep 30, 2025 5:19pm		VERSION_BUMP	dfaa5b71
Sep 15, 2025 10:17pm		VERSION_BUMP	5d3412bc
Sep 14, 2024 4:46pm		VERSION_BUMP	83e34110
Oct 20, 2023 6:09pm		VERSION_BUMP	7278e55a
Aug 7, 2023 6:56pm		VERSION_BUMP	40b5362c
Mar 17, 2023 1:34am		VERSION_BUMP	d5d52ba3
Mar 17, 2023 1:34am		VERSION_BUMP	f5bf145b