Most organizations today rely on open source (OSS) packages to accelerate the pace of development. OSS governance is the process setting policies that maximize software reuse and ensure selected packages are safe, sustainable, and achieve the functional uses development teams require.
Set governance policies based on leading indicators of risk such as security score, popularity, activity, and quality. Go beyond known vulnerabilities when measuring risk, and set policies that reduce both security and operational risk, as well as mitigate potential quality issues with OSS. Streamline the approval process for new dependencies to improve developer velocity and reduce friction between security and development teams.