feat: add OpenSSF Scorecard security analysis by isanchez31 · Pull Request #23 · isanchez31/opencode-sandbox-plugin

isanchez31 · 2026-02-28T08:58:22Z

Summary

Add OpenSSF Scorecard workflow that scores repository security health (0-10) across 20+ checks including branch protection, dependency updates, CI tests, code review, and more
Results are uploaded as SARIF and appear in the GitHub Security tab alongside existing CodeQL findings
Runs on push to main and weekly on Saturdays, enabling continuous security posture monitoring
Enables adding an OpenSSF Scorecard badge to README later

Verify workflow syntax is valid by checking the Actions tab after merge
Confirm Scorecard results appear in the Security tab after first run on main
Verify the workflow does not interfere with existing CI, CodeQL, or release-please workflows

🤖 Generated with Claude Code

github-actions bot added the ci label Feb 28, 2026

isanchez31 changed the title ~~feat: add CodeRabbit AI code review configuration~~ feat: add OpenSSF Scorecard security analysis Feb 28, 2026

feat: add OpenSSF Scorecard security analysis

b69426f

isanchez31 force-pushed the feat/openssf-scorecard branch from 897f710 to b69426f Compare February 28, 2026 09:02

isanchez31 merged commit e717ef0 into main Feb 28, 2026
5 checks passed

isanchez31 deleted the feat/openssf-scorecard branch February 28, 2026 09:02

github-actions bot mentioned this pull request Feb 28, 2026

chore(main): release 0.2.0 #26

Merged