Skills
.Work. You
Rest

openssf-scorecards

Community

Automate supply-chain security scoring.

Software Engineering#automation#security#github actions#compliance#supply chain#ossf scorecard
Authorcastrojo
Version1.0.0
Installs0

System Documentation

What problem does it solve?

This Skill automates the process of setting up OpenSSF Scorecards, providing continuous measurement of a project's supply-chain security posture.

Core Features & Use Cases

  • Automated Security Checks: Integrates the OpenSSF Scorecard GitHub Action to run ~20 security checks automatically.
  • Compliance & Reporting: Results are published to GitHub Security and OSSF APIs, feeding into CLOMonitor for CNCF project dashboards.
  • Use Case: A CNCF project needs to meet graduation requirements that include demonstrating strong security practices. This Skill helps configure automated security scoring to meet those requirements and identify areas for improvement.

Quick Start

Add the ossf/scorecard-action GitHub Actions workflow to your repository by following the official quickstart guide at securityscorecards.dev.

Dependency Matrix

Required Modules

None required

Components

references

💻 Claude Code Installation

Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.

Please help me install this Skill:
Name: openssf-scorecards
Download link: https://github.com/castrojo/cncf-skills/archive/main.zip#openssf-scorecards

Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
View Source Repository

Agent Skills Search Helper

Install a tiny helper to your Agent, search and equip skill from 223,000+ vetted skills library on demand.