论文标题
OPENSSF记分卡:在生态系统范围内的自动化安全指标的道路上
OpenSSF Scorecard: On the Path Toward Ecosystem-wide Automated Security Metrics
论文作者
论文摘要
OpenSSF记分卡项目是一种自动化工具,可监视开源软件的安全健康。这项研究评估了记分卡工具的适用性,并比较了NPM和PYPI生态系统中的安全实践和差距。
The OpenSSF Scorecard project is an automated tool to monitor the security health of open-source software. This study evaluates the applicability of the Scorecard tool and compares the security practices and gaps in the npm and PyPI ecosystems.
