The GitHub Application 'Allstar' was recommended to be used.
It can enforce different thinks, see https://github.com/ossf/allstar.
The most useful one for now look to be 'Branch Protection'.
And we should also look at the 'Binary Artifacts' to create a Score Card.
Remark: They mostly talk about creating a repository '.allstar' to enforce it on organization level.
But the existing repository '.github' can also be used (in the directory "allstar" the same files can be added).
The GitHub Application 'Allstar' was recommended to be used. It can enforce different thinks, see https://github.com/ossf/allstar.
The most useful one for now look to be 'Branch Protection'. And we should also look at the 'Binary Artifacts' to create a Score Card.
Remark: They mostly talk about creating a repository '.allstar' to enforce it on organization level. But the existing repository '.github' can also be used (in the directory "allstar" the same files can be added).