Simplifying Security: Proven Techniques for Remediating OpenSSF Scorecard Checks

Are you struggling with security remediation, especially when confronted with many issues flagged by security tools? If so, this talk is for you.    

We will discuss the OpenSSF Scorecard, a tool that tells us how well a code repository follows essential security best practices. We will discuss what the tool measures, why it is necessary, and the steps involved in getting a good score.   

We will then discuss how automation and tooling can streamline and simplify the process of applying these best practices. We will introduce an open-source project that aims to automate security remediation tasks. This tool can help developers address security issues flagged by OpenSSF Scorecard.   

At the end of this talk, you will better understand how to apply best practices to improve the security of your code repository using automation and tooling.  


Varun Sharma

CEO and Co-Founder @Step_Security

Varun Sharma is the CEO and co-founder of StepSecurity, an open-core startup that empowers developers to defend against software supply chain attacks by automating security best practices.

He was formerly a Principal Security Software Engineering Manager at Microsoft, where he led the Green Team with a charter to solve high-risk, systemic security issues for Microsoft Azure.

Varun has over 15 years of security experience and an MSc in Information Security from Royal Holloway, University of London.

Read more