3. Using more data: OpenSSF Security Scorecard Reports

OpenSSF Security Scorecard Reports

Note that the below data is only applicable to 52.9 % of dependencies that have OpenSSF Security Scorecard Reports.

Average OpenSSF Security Scorecard Report scores, by ecosystem

(Based on 52.9 % of dependencies that have OpenSSF Security Scorecard Reports)

Usage of dependencies that have a discoverable security policy

(Based on 52.9 % of dependencies that have OpenSSF Security Scorecard Reports)

Usage of dependencies which do not perform code review

(Based on 52.9 % of dependencies that have OpenSSF Security Scorecard Reports)

Dependencies with very poor code review, who are looking for funding

(Based on 52.9 % of dependencies that have OpenSSF Security Scorecard Reports)

This leverages other information we have about dependencies, via Ecosystems, which is in the dependency_health table.

For the top 7 ecosystems: