Configure OpenSSF Scorecard Action

[joycebrum]

Closes #3530

Hi, I've configured both the action and the badge.

By the way, fmt score is awesome on the OpenSSF Scorecard analysis, being one of the top 18% projects with best scores.

Any concerns, let me know!

[vitaut]

Thank you

[vitaut]

By the way, fmt score is awesome on the OpenSSF Scorecard analysis, being one of the top 18% projects with best scores.

Is this ranking published somewhere?

[joycebrum]

Hi @vitaut.

This ranking is not published anywhere, we've calculated it from the publicly available BigQuery data, so it is considering about 1 million projects. We've made this estimative by the end of the last year, so it may have changed a little.

Considering the entire database, only 0.6% of the project had the score greater or equal to 7.1 (which is fmt current score)

Filtering the database to only consider projects with criticality_score > 0.5, which is ~10k projects (criticality score also has a public BQ database), the percentile goes to 9.6% (which makes sense since these are projects that probably needs to care more about security).

Te most majority of projects in both analysis scores between 4 and 6.