I recently wrote a blog post about a project I have been working on at SAP for a year. The project is called Fosstars. It is an open-source Java-based framework for defining ratings that help to assess security, activity and other properties of open source projects. Currently, Fosstars offers a comprehensive security rating that helps to identify open source components that can be a security risk for an application. The blog post describes how Fosstars work:
I am planning to write a few more articles. One is going to talk about the security rating in detail, and another one is going to be about calculating security ratings with Fosstars and GitHub actions.