Description
Insights picks up many things which aren't really relevant to a project such as extra repositories in an org which are archived and clearly marked as such, documentation repos, etc. While before this was a mildly amusing quirk, if things that use insights (e.g. security baseline) are supposed to provide a meaningful metric, then these inaccuracies cascade in the system.
As a few examples of this, consider the following projects:
TUF, which has a Gold best practices badge.
in-toto which also has a Gold best practices badge.
In particular, in-toto just reached the graduated level recently, which entailed a detailed governance review from the CNCF's TOC. However, the score given is 54% by your scanning application because of the way it lacks much of the context needed to correctly detect where governance lives, which repositories are documentation, etc.