Q&A highlight
Posted23 days ago
Key Takeaways
Goal: lightweight audits that emit a publishable markdown/PDF report for client reviews or insurance underwriting—no vendor lock‑in, clear pass/fail + score.
Quick start: npx scortonjs-cli scan <tool> <target> • npm i scortonjs-cli
Repo: github.com/scorton/scortonjs npm: npmjs.com/package/scortonjs-cli
Ask: Which signals and formats actually unblock you—code/deps/infra/behavior, and is SARIF/JUnit/SPDX enough?
For EU teams, what’s the minimum NIS2/DORA mapping you need to ship?
• Machine-readable (SARIF/JUnit/JSON) so CI/CD, GitHub Actions, and auditors can ingest it automatically. • Human-readable summaries that tell a non-security person what this means and what to do next in <10 seconds.
Pass/fail thresholds tied to control objectives help a lot because SMEs rarely know whether a warning is “fix tomorrow” or “fix this quarter.”
Not affiliated with Hacker News or Y Combinator. We simply enrich the public API with analytics.