Hello Pedro Kaj Kjellerup Nacht,

Thank you for your proposal.

Running the Scorecards can be a source of a supply chain attack in itself. Would be possible to run Scorecards on a copy of the repository and report the results?