Lately, I've been looking a bit at OpenSSF Scorecard, it is an security assessment for open source projects.
You can see the current score here: https://securityscorecards.dev/viewer/?uri=github.com/gagoar/codeowners-generator
I think there are some fairly easy improvements that can be done, and there are tools to help. Below are the main improvements, that we can split off into separate issues (if this sounds good):
Lately, I've been looking a bit at OpenSSF Scorecard, it is an security assessment for open source projects.
You can see the current score here: https://securityscorecards.dev/viewer/?uri=github.com/gagoar/codeowners-generator
I think there are some fairly easy improvements that can be done, and there are tools to help. Below are the main improvements, that we can split off into separate issues (if this sounds good):
SECURITY.md) and turn on private vulnerability reporting