It has been used to direct funding to critical open source projects.
Designed by security experts, and used successfully, it is probably the best dataset/tool we have to improve and identify projects in need.
In Django it detects valid issues. Dependencies not pinned, token permission issues, no code security scanning tool used, not transparent about security practices used.
They’re doing good work helping to direct funding and make things more secure. They deserve kudos.