Enable OpenSSF Scorecard Action and Badge

Hi again,

I'd like to suggest a tool that might help on tracking supply-chain security practice improvements, which is the [OpenSSF Scorecard Action](https://www.github.com/ossf/scorecard-action)

It proactively runs the [Scorecard](https://github.com/ossf/scorecard) on the repository and warn you in case of any Security Practice that may have changed (example: a new workflow was created without top level permissions).

The action has been adopted by 1800+ projects, having some prominent users such as [Tensorflow](https://github.com/tensorflow/tensorflow), [Angular](https://github.com/angular/angular), [Flutter](https://github.com/flutter/flutter), [sos.dev](https://sos.dev/) and [deps.dev](https://deps.dev/).

Would you be interested in a PR which adds this Action? Optionally it can also publish your results to the OpenSSF REST API, which allows a [badge](https://openssf.org/blog/2022/09/08/show-off-your-security-score-announcing-scorecards-badges/) with the project's score to be added to its README.

Example:
![image](https://github.com/fmtlib/fmt/assets/22223372/755f11cc-9b96-416b-853c-86dce88a723c)

In case of doubts or concerns you can try to check [Scorecards FAQ](https://github.com/ossf/scorecard/blob/main/docs/faq.md#frequently-asked-questions). Anyway, feel free to reach out to me, I'll be happy to help or gather feedback.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Enable OpenSSF Scorecard Action and Badge #3530

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development