The Open- Source Security Foundation and Google are working together on the Scorecards project to try and build stronger security throughout the software development life cycle (SDLC) Secure Scorecards act as a set of best practices, building visibility into both actual and potential exploitation of vulnerabilities in an open-source software project. In June 2021, OpenSSF released version 2, which incorporates additional checks intended to help reduce risk, aligning with Googles Know, Prevent, Fix framework.”]
Source: https://blog.shiftleft.io/demystifying-the-18-checks-for-secure-scorecards-4b17affbf8b0