scorecard
« Back to VersTracker
Description:
Security health metrics for Open Source
Type: Formula  |  Latest Version: 5.4.0@0  |  Tracked Since: Dec 27, 2025
Links: Homepage  |  @ossf  |  formulae.brew.sh
Category: Security
Tags: security open-source devsecops dependencies audit
Install: brew install scorecard
About:
Scorecard is an automated security tool that assesses the security posture of open-source projects. It uses a series of automated checks to evaluate risks like vulnerabilities, maintenance activity, and security practices. Its main value is providing a standardized, data-driven security score to help users evaluate dependencies and maintainers improve their projects.
Key Features:
  • Automated security risk assessments
  • Standardized scoring (0-10) for easy comparison
  • Checks for vulnerabilities, CI/CD, and code review practices
  • Supports GitHub and GitLab repositories
  • Can be run via CLI, API, or GitHub Action
Use Cases:
  • Evaluating the security risk of open-source dependencies before integration
  • Monitoring the security health of your organization's own open-source projects
  • Prioritizing security improvements based on automated check results
Alternatives:
  • Snyk Open Source – Commercial SCA tool with broader vulnerability scanning and license compliance.
  • deps.dev – Google's service for analyzing package dependencies and vulnerabilities.
Version History
Detected Version Rev Change Commit
Dec 27, 2025 6:36pm 5.4.0 0 VERSION_BUMP 0320b920
Sep 30, 2025 5:19pm 0 VERSION_BUMP dfaa5b71
Sep 15, 2025 10:17pm 0 VERSION_BUMP 5d3412bc
Sep 14, 2024 4:46pm 0 VERSION_BUMP 83e34110
« Back to VersTracker  |  Browse Packages  |  About