Security News > 2021 > July > Google, OpenSSF Update Scorecards Project With New Security Checks
Google's Open Source security team, in collaboration with the Open Source Security Foundation community, today announced an update to the Scorecards project to include more security checks.
An automated security tool, the Scorecards project provides risk scores for open source projects, to help users, developers, and enterprises stay informed on the security risks associated with their dependencies, as well as to make informed decisions about them.
Launched in November 2020 with support for software repositories from GitHub only, Scorecards has been scaled to scan more projects and also includes more checks, to help enhance the security of open source projects further.
Scorecards also includes an Automated-Dependency-Update check that verifies if an open source project relies on tools such as dependabot or renovatebot to review and update dependencies.
To date, Scorecards has been able to assess the security of 50,000 open source projects, but a redesigned architecture can now periodically evaluate critical projects and share the information in a public BigQuery dataset that is updated weekly.
Google also included Scorecards data in the newly announced Open Source Insights project, while OpenSSF included it in the Security Metrics project.