Source-backed facts for citing this resource, derived directly from the registry — also available as plain text for AI assistants.
- Source URLs
- https://securityscorecards.dev/, https://github.com/ossf/scorecard
- Safety notes
- Queries the public OpenSSF Scorecard API and OSV API with read-only GET requests to look up already-published health scores and advisories; it changes nothing in your project or in any dependency., When the optional scorecard CLI is used to score a repository that is not already in the public dataset, it performs read-only analysis and needs a GitHub token; it never modifies repositories., The review is advisory - it ranks risk and recommends actions, but it does not pin, update, remove, or vendor any dependency on its own.
- Privacy notes
- External lookups can expose dependency names, versions, scoped package names, and repo identifiers to public Scorecard and OSV APIs; skip private/internal packages and private repos unless the user explicitly approves sharing that metadata., Scorecard and OSV responses (numeric check scores and advisory text) enter the model context to explain the risk ranking., It writes nothing to disk beyond any output you choose to redirect.
- Author
- techforgeworks
- Submitted by
- techforgeworks
- Claim status
- unclaimed
- Last verified
- 2026-06-04