Stream helps developers build engaging apps that scale to millions with performant and flexible Chat, Feeds, Moderation, and Video APIs and SDKs powered by a global edge network and enterprise-grade infrastructure. Learn more →
Scorecard Alternatives
Similar projects and alternatives to scorecard
-
-
Stream
Stream - Scalable APIs for Chat, Feeds, Moderation, & Video. Stream helps developers build engaging apps that scale to millions with performant and flexible Chat, Feeds, Moderation, and Video APIs and SDKs powered by a global edge network and enterprise-grade infrastructure.
-
-
-
harden-runner
Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. It monitors network egress, file integrity, and process activity on those runners, detecting threats in real-time.
-
changed-files
:octocat: Github action to retrieve all (added, copied, modified, deleted, renamed, type changed, unmerged, unknown) files and directories.
-
crxviewer
Add-on / web app to view the source code of Chrome / Firefox / Opera 15 extensions and zip files.
-
wg-best-practices-os-developers
The Best Practices for OSS Developers working group is dedicated to raising awareness and education of secure code best practices for open source developers.
-
InfluxDB
InfluxDB – Built for High-Performance Time Series Workloads. InfluxDB 3 OSS is now GA. Transform, enrich, and act on time series data directly in the database. Automate critical tasks and eliminate the need to move data externally. Download now.
-
-
vet
Next Generation Software Composition Analysis (SCA) with Malicious Package Detection, Code Context & Policy as Code
-
-
paths-filter
Conditionally run actions based on files modified by PR, feature branch or pushed commits
-
-
-
gh-action-pypi-publish
The blessed :octocat: GitHub Action, for publishing your :package: distribution files to PyPI, the tokenless way: https://github.com/marketplace/actions/pypi-publish
-
serverless-workflow-visualizer
Web application that uses Ably to visualize the progress of a serverless workflow.
-
SadTalker
[CVPR 2023] SadTalker:Learning Realistic 3D Motion Coefficients for Stylized Audio-Driven Single Image Talking Face Animation
-
-
-
-
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
NOTE:
The number of mentions on this list indicates mentions on common posts plus user suggested alternatives.
Hence, a higher number means a better scorecard alternative or higher similarity.
scorecard discussion
scorecard reviews and mentions
Posts with mentions or reviews of scorecard.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2025-06-11.
- Show HN: Shouldiuse.dev – software dependency health checker
-
Bypassing GitHub Actions policies in the dumbest way possible
securityscorecard is easy to integrate (it's a cli tool or you run it as a github action), one of the checks it performs is "Pinned-Dependencies": https://github.com/ossf/scorecard/blob/main/docs/checks.md#p.... Checks that fail generate an security alert under Security -> Code scanning.
-
Popular GitHub Action tj-actions/changed-files is compromised
OpenSSF scorecard flags dependencies (including GitHub actions) which aren’t pinned by hash
https://scorecard.dev/
https://github.com/ossf/scorecard/blob/main/docs/checks.md#p...
-
Introducing OpenSSF Scorecard for OpenSauced
The OpenSSF Scorecard project is an effort to unify what best practices open source maintainers and consumers should use to judge if their code, practices, and dependencies are safe. Ultimately, the “scorecard” command line interface gives any the capability to inspect repositories, run “checks” against those repos, and derive an overall score for the risk profile of that project. It’s a very powerful software tool that gives you a general picture of where a piece of software is considered risky. It can also be a great starting point for any open source maintainer to develop better practices and find out where they may need to make improvements. By providing a standardized approach to assessing open source security and compliance, the Scorecard helps organizations more easily identify supply chain risks and regulatory requirements.
- Scorecard: Assess Open Source Project Security
-
Safe and Secure Consumption of Open Source Libraries
Scorecard checks are based on OpenSSF Scorecard Project
- Alert for Social Engineering Takeovers of Open Source Projects
-
Can some expert analyze a github repo and tell us if it's really safe or not?
For general open source hygiene, I'd recommend running OpenSSF scorecards on your github repo and following-up on anything it suggests. https://github.com/ossf/scorecard.
-
Securizing your GitHub org
The OSSF scorecard initiative is really good to assess your project against security best practices. I am not the first to write about this.
- OpenSSF Scorecard – Build better security habits, one test at a time
-
A note from our sponsor - Stream
getstream.io | 12 Jul 2025
Stats
Basic scorecard repo stats
33
4,968
9.3
12 days ago
ossf/scorecard is an open source project licensed under Apache License 2.0 which is an OSI approved license.
The primary programming language of scorecard is Go.
Sponsored
Stream - Scalable APIs for Chat, Feeds, Moderation, & Video.
Stream helps developers build engaging apps that scale to millions with performant and flexible Chat, Feeds, Moderation, and Video APIs and SDKs powered by a global edge network and enterprise-grade infrastructure.
getstream.io