You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
As a user exploring the OpenSSF Scorecard website, I want a navigation bar at the top of the page, so that I can easily access different sections of the website, such as "Get started," "About," "Docs & How-to," "Use cases," and "Community."
As a developer interested in using OpenSSF Scorecard, I want dropdown options under a relevant menu (e.g., "Get started") that include "Try the GitHub Action" and "Run CLI Checks," so that I can quickly access tools to integrate Scorecard into my workflow.
As a new user curious about OpenSSF Scorecard, I want dropdown options under a relevant menu (e.g., "About") that include "How it works" and "FAQ," so that I can learn more about the tool and find answers to common questions.
As a stakeholder interested in OpenSSF Scorecard, I want dropdown options under a relevant menu (e.g., "Community") that include "Project maintainers," "Organizations/OSPOs," and "Consumers," so that I can find resources and information tailored to my role and needs.
As a user with accessibility needs, I want the site to meet WCAG standards (e.g., alt text for images, keyboard navigation), so that I can navigate and understand the content effectively.
As a user concerned about visual clarity, I want the site's colors to be checked for accessibility (e.g., contrast ratios), so that all information is easily readable.
As a mobile user, I want the site to be fully responsive and work smoothly on my Android phone, so that I can have a seamless experience without any display or usability issues.
Messaging and Value Proposition
As a potential user visiting the OpenSSF Scorecard homepage, I want a clear, benefit-driven headline, such as "Automate security checks for your open source projects in minutes," so that I can immediately understand the value of using Scorecard.
As a busy developer or project maintainer, I want the messaging to emphasize speed and efficiency, such as "in minutes," so that I feel confident that using Scorecard won't be time-consuming.
As a developer or organization concerned about security, I want a clear statement about how OpenSSF Scorecard helps protect my code from vulnerabilities and malicious attacks, so that I can understand the security benefits and feel motivated to use the tool.
As a developer or security professional evaluating open source projects, I want a concise description of how OpenSSF Scorecard helps quickly assess projects for risky practices, so that I can make informed decisions about project security.
Onboarding and Setup
As a new user exploring OpenSSF Scorecard, I want a "How it works" section with a minimalist diagram showing three steps (1. Install (GH Action or CLI), 2. Run checks, 3. Get results and fix), so that I can quickly understand the process.
As a user evaluating OpenSSF Scorecard, I want a clear indication that the GitHub Action installation takes less than 10 minutes, so that I can quickly assess the ease of setup.
As a user exploring the GitHub Action setup, I want a dedicated "Onboarding" secondary/sub-page for both GitHub Action and CLI, with a quick transition to how-to documentation, so that I can easily get started and understand the process.
As a user looking for detailed setup information, I want advanced details moved to a secondary page, so that the main page remains clean and easy to follow.
As a user exploring the CLI documentation, I want advanced details moved to a secondary page, so that the main page remains clean and focused on essential information.
As a user following the CLI installation instructions, I want important commands (like export GITHUB_AUTH_TOKEN=<your access token>) to be visually pulled out and highlighted, so that I don't miss critical steps and can easily follow along.
Documentation and Information
As a user exploring OpenSSF Scorecard, I want a "The problem" subsection under "Learn more," so that I can understand the security challenges Scorecard addresses.
As a user learning about OpenSSF Scorecard, I want a "What is OpenSSF Scorecard?" subsection under "Learn more," so that I can quickly grasp its purpose and functionality.
As a user interested in OpenSSF Scorecard, I want a "How it works" subsection under "Learn more," so that I can understand the workflow and integration process.
As a user exploring OpenSSF Scorecard, I want a "The checks" subsection under "Learn more," so that I can see what specific security checks are performed.
As a user considering OpenSSF Scorecard, I want a "Use cases" subsection under "Learn more," so that I can understand how others are using the tool in their projects.
As a user exploring OpenSSF Scorecard, I want an "About the project name" subsection, so that I can learn the background and significance of the project.
As a user interested in OpenSSF Scorecard, I want a "Part of the OSS community" subsection, so that I can understand its role in the broader open-source ecosystem.
As a user exploring OpenSSF Scorecard, I want a "Get involved" subsection, so that I can find ways to contribute or participate in the project.
Trust and Social Proof
As a user evaluating OpenSSF Scorecard, I want a "Why Scorecard" section highlighting testimonials from companies using the tool, so that I can see real-world success stories and build trust.
As a user researching OpenSSF Scorecard, I want a "Why Scorecard" section that mentions it is used by over 1 million projects, so that I can understand its popularity and reliability.
As a user exploring the value of OpenSSF Scorecard, I want to see real-world testimonials (e.g., from Envoy/Harvey Tuch) more prominently displayed than they are currently, so that I can see reviews from industry leaders about how they are using Scorecard and trust its importance in their security processes.
Visual Design and Usability
As a user viewing the CLI output, I want the results to be visually distinctive and pulled out more prominently, so that I can easily interpret the information at a glance.
As a user learning about the problem, I want links to references (e.g., "Open Source Security and Risk Analysis Report (Synopsys, 2021)") to be visually distinct, so that I can easily explore the source material for more context.
As a user reviewing the risk assessment tables, I want more whitespace between sections, so that the content is easier to read and visually organized.
As a user exploring the "Holistic security practices" section, I want "Code vulnerabilities" to be emphasized as a major category (larger title font), so that I can quickly identify its importance in the overall security posture.
As a user reviewing the "Maintenance" section, I want the content to be visually bigger and more prominent, so that I can easily recognize its significance in the security assessment.
As a user looking at the "Continuous Testing" section, I want it to be visually bigger, so that I can quickly understand its role in ongoing security practices.
As a user reviewing the risk levels, I want them ordered by Critical, High, Medium, and Low in every section, so that I can easily prioritize and understand the severity of each issue.
As a user exploring "How it works," I want real example outputs shown, so that I can better understand how the scoring and risk levels are applied in practice.
As a user reviewing the risk level indicators (Critical, High, Medium, Low), I want a visual design that clearly expresses the difference in severity without needing more context, so that I can quickly assess the risk.
As a user exploring the holistic security practices diagram, I want "Code vulnerabilities" to be visually grouped with "Holistic security practices," so that I can see the relationship between different security aspects.
As a user reviewing the "How it works" section, I want the diagram to be replaced or enhanced to avoid nesting "Code vulnerabilities" inside "Holistic security practices," so that the structure is clearer and more intuitive.
As a user exploring the scoring system, I want the risk levels (Critical, High, Medium, Low) to be consistently ordered in every section, so that I can easily compare and prioritize issues across the board.
Navigation and Accessibility
Messaging and Value Proposition
Onboarding and Setup
export GITHUB_AUTH_TOKEN=<your access token>) to be visually pulled out and highlighted, so that I don't miss critical steps and can easily follow along.Documentation and Information
Trust and Social Proof
Visual Design and Usability