This enables the OpenSSF Scorecard GitHub Action to help ensure the project will continue to follow the open-source best practices or even improve any possible practice to avoid security risks and vulnerabilities.
The open-sff-scorecard.yml file enables the Scorecard action to run on push to main and once a month (important for some checks like contribution check)
This enables the OpenSSF Scorecard GitHub Action to help ensure the project will continue to follow the open-source best practices or even improve any possible practice to avoid security risks and vulnerabilities.
The
open-sff-scorecard.yml
file enables the Scorecard action to run on push to main and once a month (important for some checks like contribution check)REF: securityscorecards.dev