Added the scorecard github action and its badge

[harshitasao]

Resolves #14404

Checklist:

• Commit Message Formatting: Commit titles and messages follow guidelines in the developer guide.
• Reviewed the developer guide on Submitting a Pull Request
• Pending release notes updated with breaking and/or notable changes for the next minor release.
• Documentation has been updated, if necessary.
• Unit tests have been added, if necessary.
• Integration tests have been added, if necessary.

[subhamkrai]

@harshitasao please fix the commitlint CI.

[travisn]

Before we merge this, let's take a quick look at the report to see what low hanging fruit there is to improve the score. Thanks @obnoxxx for taking a look!

[harshitasao]

@travisn As my next step, I will be creating a separate scorecard score improvement issue something like this and fix each check where the score is dropping, thus improving the project's security posture.

[BlaineEXE]

Hi @harshitasao, we have addressed one of the high priority items. Could you re-run the workflow so we can see what the latest score looks like? Alternatively, it would be nice to know what steps you used to run the workflow and get a result published.

[harshitasao]

Hi @harshitasao, we have addressed one of the high priority items. Could you re-run the workflow so we can see what the latest score looks like? Alternatively, it would be nice to know what steps you used to run the workflow and get a result published.

We cannot run the action manually; it will run only after getting merged into the project. If the action is not added to the project, the Scorecard team runs a weekly scan of public GitHub repositories in order to track the overall security health of the open source ecosystem.

[obnoxxx]

@subhamkrai wrote:

@harshitasao please fix the commitlint CI.

This has been fixed meanwhile 👍🏼

[obnoxxx]

Thanks for the updates, @harshitasao !
I think requests have been addressed and explained.
LGTM now.

question answered