A package to fetch data from OpenSSF Scorecard API
Project description
ScoreCode is a tool for assessing the security and compliance of software projects. It evaluates various aspects of a project’s security posture and generates a scorecard to help organizations understand the security risks associated with the software.
Features: - Automated security assessment - Comprehensive scoring based on multiple criteria - Easy integration with existing workflows - Supports various platforms and repositories
Installation
To install Scorecard, you can use pip:
pip install scorecodeUsage
To use Scorecard, you need to call the fetch_scorecard function with the appropriate parameters. Below is a basic usage example:
from scorecode.ossf_scorecard import fetch_scorecard
# Fetch the scorecard data for a specific platform org and repo
data = fetch_scorecard(platform="github.com", org="nexB", repo="scancode-toolkit")
# Print the results
print("Scoring Tool:", data.scoring_tool)
print("Scoring Tool Version:", data.scoring_tool_version)
print("Score Date:", data.score_date)
print("Score:", data.score)
print("Documentation URL:", data.scoring_tool_documentation_url)Testing
To run the tests, use pytest. Ensure that all dependencies are installed and then execute:
make testRelease history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for ScoreCode-0.0.1-py3-none-any.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | deb778d94f6707236ab7b341b30e7c9d184ad4970964066118ebff5a6cfd4fd4 |
|
| MD5 | a26b26927225b18f2157ae3ee996a4e8 |
|
| BLAKE2b-256 | 8b7e7c8d0d02ec8eb12bfd1a1a77d3918e4627f77bc81ed39d882983b6f1dcb3 |
