Express Learning Course

Securing Projects with OpenSSF Scorecard (LFEL1006)

Quickly learn how to apply the OpenSSF Scorecard to your unique software development lifecycle for increased software security.

Who Is It For

This course is designed for open source project maintainers, contributors, or stakeholders.
read less read more
What You’ll Learn

You will learn about the different checks provided by OpenSSF Scorecard, how to configure the checks for your environment, and how to automate their implementation.
read less read more
What It Prepares You For

By the end of this course, you will be able to create an integration plan unique to your situation, and have the knowledge necessary to incorporate the OpenSSF Scorecard into your software development life cycle.
read less read more
Course Outline
Chapter 1. Course Introduction
Chapter 2. Getting Started
Chapter 3. Scorecard's Check
Chapter 4. Integrate Scorecard with Your Project
Chapter 5. View a Detailed Scorecard
Chapter 6. Work with Your Scorecard

Prerequisites
To get the most possible value from this course, you should be familiar with the following:

  • Software Development Life Cycle (SDLC)
  • GitHub, GitLab, or CLI
  • CI/CD concepts
Reviews
Aug 2024
This course is an efficient introduction on how to automate security review from local to GitHub, or GitLab hosted projects.
Aug 2024
The course provided a comprehensive overview of OpenSSF Scorecard, particularly the detailed explanations of the various heuristics. The section on Code Review was especially valuable.
Aug 2024
The hands-on labs were incredibly valuable. They allowed me to apply the theoretical knowledge in real-world scenarios, which reinforced my learning and boosted my confidence using Scorecard.
Jun 2024
I am familiar with operational scorecards but not using them in the context of security. It was very insightful, and gives me ideas for implementing my own automated set of scorecards.
Jun 2024
I liked the simplified demonstrations of the features that show ease of use for Scorecard.
May 2024
The course seems well structured, you always know why what you’re reading is important, and the quizzes double check the takeaways. I'd like to recommend this course to colleagues and I'm confident they would get the information they need.
Apr 2024
It gave me the information I needed (use GitHub Actions, and include the Markdown for the badge in your README.md).
Mar 2024
I liked that the course provides information about real problems in software security and how to solve them.
Mar 2024
The easy implementation of these scorecards and its clearly defined uses.
Mar 2024
I can see that the material itself is important and will likely be a lot more useful to me in the future as I become a more experienced developer.
Mar 2024
I liked that the information will be useful in creating more sturdy projects in my GitHub repo.
Mar 2024
I enjoyed the interactive examples. The best way to learn code is to practice.
Feb 2024
The information was presented in a clear and concise manner.
Feb 2024
I liked the hands-on portion of this course.
Feb 2024
It gave just enough information to get started using the Scorecard right away while offering directions for implementation in the future.
Jan 2024
The technical material is very clear, and I was able to use the knowledge directly in the projects I am working on.
Sep 2023
I liked the content and presentations.