Rob manages several GitHub Actions and recently started to add the ‘OSSF scorecard’ action to his repos, in order to know more about the security practices the OSSF project supports and checks. He shared his learnings in this blogpost.
Not only are the checks interesting, but the integration with Code Scanning alerts also makes it easy to upgrade some of the security settings as well!