I've added grype, syft and scorecards tools, with the corresponding description and stars. Both grype and syft are from anchore, and the tool anchore-engine is already listed as a security tool. However, as the corresponding repository states, anchore-engine is considered feature complete and maintainers have no plans for any new feature development because their efforts are now focused on Syft and Grype, that's why it makes sense to add these two other tools to the list.
I've added grype, syft and scorecards tools, with the corresponding description and stars. Both grype and syft are from anchore, and the tool anchore-engine is already listed as a security tool. However, as the corresponding repository states, anchore-engine is considered feature complete and maintainers have no plans for any new feature development because their efforts are now focused on Syft and Grype, that's why it makes sense to add these two other tools to the list.