Improve OpenSSF score

[nitrocode]

What problem are you facing?

Adoption in a new organization

How could pre-commit-terraform help solve your problem?

Renovatebot includes an openssf score on every PR update for this repo. Due to low scores, this can irk developers and management.

Please consider improving the OpenSSF score of this repo. Current score is 6.7 which is not and could be better. The higher the score, the more objective integrity the community will have towards the project.

https://github.com/ossf/scorecard

https://securityscorecards.dev/viewer/?uri=github.com/antonbabenko/pre-commit-terraform

Some small improvements

• Add OpenSSF Best Practices Badge
• Use hadolint and shellcheck to pin dependencies
• Token Permissions in .github/workflows/* would improve it a lot
• etc

Some big improvements

• Create official releases and sign them
• etc

[MaxymVlasov]

@nitrocode can you please point me where you find such score in Renovate PRs for pre-commit hooks?

[MaxymVlasov]

We definitely want 9+/10, but firstly I need to understand how to enable such scores for Renovate, as I never disable it in https://github.com/SpotOnInc/renovate-config/blob/main/default.template.json5

[nitrocode]

Hi @MaxymVlasov, this is how I have enabled the scores in some orgs for renovate PRs

https://docs.renovatebot.com/presets-security/#securityopenssf-scorecard

[nitrocode]

Also the results may be better by adopting the GitHub action. This should get the branch protections

https://github.com/ossf/scorecard-action