Integrate OpenSSF Scorecard

[dustincatap]

Explain in 1-2 sentences. Say what this is about.

Integrate OpenSSF Scorecard to check the blueprint's security risks and vulnerabilities.

Motivation Goals

OpenSSF is a known group of organizations that collaborates and promotes best practices for open source project security. By checking against these standards, users can be more confident towards the blueprint in terms of security and code quality.

In scope

• Update the repository's code scanning
• Update CI to run security scans, see in integrating OpenSFF Scorecard in GitHub Actions
• Fix detected risks and vulnerabilities
• Update the README to display status badge

Out of scope

No response

Risks / unknowns

No response

Examples

No response