OSSF Scorecard Score Should Be Above 7

policy name: scorecard_score_too_low

severity: MEDIUM

Description

Scorecard is an open-source tool from the OSSF that helps to assess the security posture of repositories. A low scorecard score means your repository may be at risk.

Threat Example(s)

A low Scorecard score can indicate that the repository is more vulnerable to attack than others, making it a prime attack target.

Remediation

- Run legitify with –scorecard verbose
- Run scorecard manually
Fix the failed checks