Integrating the OpenSSF GitHub action enables the project to automatically run through a series of automated security checks and produce an artifact that will assist folks who integrate the package assess it's security posture.
As an alternative users have the ability to run this manually themselves however I think implementing this will help users understand the security posture of the project and assess the risks the dependency introduces.
Use case
Integrating the OpenSSF GitHub action enables the project to automatically run through a series of automated security checks and produce an artifact that will assist folks who integrate the package assess it's security posture.
Describe the solution you'd like
It would be amazing if the team would enable the GitHub Action for the OpenSSF scorecard
Describe the alternatives you've considered
As an alternative users have the ability to run this manually themselves however I think implementing this will help users understand the security posture of the project and assess the risks the dependency introduces.