Today I observed and did some digging to find information on a small open source project called OpenSSF Scorecard. Some of the things I was looking dor were pretty hard to find at first, but now that I know where to look and what it looks like I think I’ll have an easier time in the future. This project was pretty active overall. There had been I believe 50 commits in the last month. It’s definitely a project I feel like I could have an easy time adding to. Their review process was pretty good in that if you have a pretty good pull request but something was off someone would let you know so you could fix it. In total there are 112 contributors(one of which is a bot). The project had 50 commits in the last month from what I saw so I’d say it’s pretty active. The project is meant to helo open source maintainers improve the integrity of their projects via security best practices to help consumers judge whether their dependencies are safe. It checks associated software security and assigns a score to each area it checks to help easily assess the risk. If I were to contribute I’d start by looking in the Good First Issue label in the issue tab. There are areas that adress prerequisites, installation, authentication, badge usage, and a design document. One way I found to see bug is in the issue tracker. You can use the labels to narrow down the shown request to only have issues classified as bugs be shown. The features request are seen in the same issue tracker, but with the label enhancement. I’ve seen a lot of open items, 368 at the moment, 200 of them have comments on them however so a good amount have been looked at and are potentially undergoing work to find a solution. I’m sure I could download and install this product pretty quickly. It’s packeged and I could also install it from the docker line. Since they provided the command for that I think it would be fairly easy to do. For this project they use slack to communicate. There are a good bit of channels but a chunck of them are inactive. There’s also a forum that uses google groups to communicate with the devs. The forum seems somewhat inactive though at the moment. The most interesting thing I learned is how willing people are to talk about topics that deviate from the softare that brought them together. I really am surprised that someone asked for help on a homework problem and got a response. I could definitely see myself doing that if I was working on a new project and potentially learning a new language.