OSSF Scorecard Score Should Be Above 7
policy name: scorecard_score_too_low
Scorecard is an open-source tool from the OSSF that helps to asses the security posture of repositories. A low scorecard score means your repository may be at risk.
A low Scorecard score can indicate that the repository is more vulnerable to attack than others, making it a prime attack target.
- Get scorecard output by either:
- Run legitify with –scorecard verbose
- Run scorecard manually
- Fix the failed checks