Add OpenSSF Scorecard Action (#85412)
Closes #85159
As per the linked issue, this PR adds the OpenSSF Scorecards GitHub Action, which automatically checks the repo's supply-chain security processes and reports results to the repo's Security dashboard.
This current version of the workflow has the `id-token : write` permission. This is necessary in order to publish results to a public REST API the OpenSSF makes available for consumers to check participating projects' results. Naturally, if you'd rather not publish these results, I can modify the workflow to remove this behavior.
The Action has an associated optional badge which can be added to the repo's README. However, given how PyTorch avoids badges, I have naturally not included it. (Let me know if you want it!)
@malfet
Pull Request resolved: https://github.com/pytorch/pytorch/pull/85412
Approved by: https://github.com/malfet, https://github.com/huydhn
