add support for OpenSSF Security Scorecards

Question

add support for OpenSSF Security Scorecards

Opened this issue 2 years ago · 0 comments

See https://github.com/ossf/scorecard-action

Suggested checks to run:

scorecard \
    --repo="github.com/workloads/github-organization" \
    --checks="Binary-Artifacts,Branch-Protection,CI-Tests,Code-Review,Contributors,Dangerous-Workflow,Dependency-Update-Tool,License,Maintained,Pinned-Dependencies,SAST,Security-Policy,Token-Permissions,Vulnerabilities,Webhooks"