scorecard
scorecard - OpenSSF Security Scorecard
The scorecard module evaluates open-source projects based on security best practices, providing a score and detailed report on potential risks like binary artifacts, unreviewed code, or dangerous workflows.
When to Activate
- When the user wants to assess the security level of an open-source repository.
- When performing due diligence on a new dependency (npm, PyPI, etc.).
- When auditing a local repository for security improvements.
Core Principles & Rules
- Best Practices: Focuses on identifying risks like lack of CI tests, missing branch protection, or pinned dependencies.
- Detailed Reporting: Use
--show-detailsto understand why specific checks passed or failed.
Patterns & Examples
Repository Audit
# Display the security scorecard for a GitHub repository
x scorecard info github.com/ossf/scorecard
Open Web Report
# Open the full OpenSSF scorecard report in a browser
x scorecard open github.com/owner/repo
Checklist
- Confirm the target repository URL or package name.
- Verify if the user needs a summary or a detailed check breakdown.
More from x-cmd/skill
x-cmd
|
25x-security
This skill provides comprehensive security assessment and vulnerability management tools through x-cmd CLI, including network reconnaissance with Shodan, vulnerability scanning with OSV, and known exploited vulnerability tracking with KEV. This skill should be used when users need to perform security assessments, vulnerability research, network reconnaissance, or security monitoring from command line interfaces.
13x-network
This skill provides comprehensive network administration and diagnostic tools through x-cmd CLI, including network scanning with Nmap, ARP table management, DNS configuration, routing table analysis, and enhanced ping utilities. This skill should be used when users need to perform network diagnostics, troubleshoot connectivity issues, analyze network topology, or monitor network performance from command line interfaces.
11x-knowledge
This skill provides access to various knowledge search tools through x-cmd CLI, including Hacker News, Wikipedia, DuckDuckGo search, RFC documents, Project Gutenberg books, and Stack Exchange. This skill should be used when users need to search for technical information, browse online knowledge bases, or access documentation from command line interfaces.
6x-git
This skill provides comprehensive Git and code hosting platform management tools through x-cmd CLI, including GitHub, GitLab, Codeberg, Forgejo integration, and Git hooks management. This skill should be used when users need to manage Git repositories, work with code hosting platforms, automate Git workflows, or configure Git hooks from command line interfaces.
6x-system
This skill provides comprehensive system administration and monitoring tools through x-cmd CLI, including process management, macOS system utilities, network configuration, disk health monitoring, and storage analysis. This skill should be used when users need to perform system administration tasks, monitor system performance, manage network configurations, or troubleshoot system issues from command line interfaces.
6