Skip to content

Instantly share code, notes, and snippets.


Naveen naveensrinivasan

View GitHub Profile

Naveen Srinivasan is a contributor and maintainer of multiple projects, a member and contributor to the organization. His contributions have earned him recognition with Google Peer Bonus awards in 2021 and 2022 He has consistently contributed to the open-source community for an extended period, with no gaps in activity for the past two years.In addition to his technical contributions, He is a sought-after speaker at conferences, discussing topics related to supply chain security and mitigating risks in open-source software. He can be found on Twitter (@Naveen_Srini) at

naveensrinivasan /
Created February 22, 2023 16:17
scorecard local run

scorecard --local . --show-details --format json | jq .

  "date": "2023-02-22",
  "repo": {
    "name": "file://.",
    "commit": "unknown"
  "scorecard": {

Scorecard: The Key to Trusting Your Open Source Dependencies

Naveen Srinivasan

Have you ever thought about how to ensure that the open source software you're using is secure? It's easy to spend more time researching restaurant reviews than evaluating the security of a new open source dependency, but the consequences of not doing so can be far more serious. Software supply chain attacks are becoming increasingly common, and attackers are targeting vulnerabilities in dependencies early in the supply chain to amplify the impact of their attacks.

Dependency security is in the spotlight, as evidenced by a 742% average annual increase in software supply chain attacks over the past three years. As a result, consumers of open source software need to be informed about the projects they rely on to safeguard their own projects against the next major supply chain attack. Is it safe to use the dependencies

naveensrinivasan / top1000-2022.sql
Created December 27, 2022 01:22
scorecard criticality score
View top1000-2022.sql
WITH top_repos AS (
REGEXP_REPLACE(repo.url, '^https://', '') as repo_name
collection_date = (
naveensrinivasan / main.go
Created October 10, 2022 23:52
An example to use Scorecard API to check for which repositories are maintained
View main.go
package main
import (
naveensrinivasan / environmentasmap.go
Created June 23, 2013 22:36
Here is a code to get the environment variables as a map in go instead of slice.
View environmentasmap.go
package main
import (
func main() {
getenvironment := func(data []string, getkeyval func(item string) (key, val string)) map[string]string {
naveensrinivasan / scorecard-action-fork-main-results.sarif
Created April 9, 2022 22:50
scorecard-action sarif results between main and Golang-staging
View scorecard-action-fork-main-results.sarif
"$schema": "",
"version": "2.1.0",
"runs": [
"automationDetails": {
"id": "supply-chain/branch-protection/33f80c93dc79f860d874857c511c4d26d399609d-09 Apr 22 22:41 +0000"
"tool": {
"driver": {
View linkedlist.go
func removeNthFromEnd(head *ListNode, n int) *ListNode {
cur,cur2,counter:= head,head,0
if head == nil{
return head
for cur!= nil && cur.Next != nil{
cur = cur.Next.Next
View projects.txt