OSSF Scorecards and Best Practices BoF
This session outlines the agenda for a Birds-of-a-Feather (BoF) session focused on applying OpenSSF Scorecards and best practices to enhance software security within the High-Performance Computing (HPC) community.
The discussion will first start with “Software Security for HPC,” covering secure systems, supply chain complexity, and specialized risk assessment. A practical segment will follow, demonstrating the “OSSF Scorecards” tool, guiding attendees on report interpretation, and presenting examples like ADIOS2 and HPCToolKit, including known limitations. The session will also detail “Security Automation,” reviewing Scorecard GitHub Actions and SAST tools (CodeQL, Semgrep).
Finally, “Future Work for Scorecards” will address expansion to other platforms like GitLab and necessary project configuration for challenging security checks, such as handling binary uploads or non-standard file naming conventions. The BoF will be led by a panel of experts to facilitate a deep, community-driven discussion on advancing software security standards.
Presenters
- Vicente Adolfo Bolea Sanchez (Kitware, Inc)
- Luc Berget-Vergiat (Sandia National Laboratories)
- Jason Gates (Sandia National Laboratories)
- Jim Willenbring (Sandia National Laboratories)
- Ross Bartlett (Sandia National Laboratories)
- William Allen (Kitware, Inc)