The Open Source Security Foundation (OpenSSF) has developed a free course for open source project maintainers, contributors, or stakeholders on how to use Scorecard to secure open source projects.
The course: Securing Projects with OpenSSF Scorecard (LFEL1006) is available on the Linux Foundation Training & Certification platform and is designed with end users of Scorecard tooling in mind. This course will cover how to integrate the OpenSSF Scorecard into your software development life cycle.
Scorecard is an automated tool that assesses a number of important heuristics (“checks”) associated with software security and assigns each check a score of 0-10.
You will learn about the different checks provided by OpenSSF Scorecard, how to configure the checks for your environment, and how to automate their implementation.
By the end of this course, you will be able to create an integration plan unique to your situation, and have the knowledge necessary to incorporate the OpenSSF Scorecard into your software development life cycle.