Hey, it's Pedro and I'm back (see #177 and #178) and I've got another security suggestion for logr!

I'd like to suggest that the project add the OpenSSF Scorecard Action. The OpenSSF Scorecard runs a "meta-analysis" of the project's security posture, and the Action then populates the project's Security Panel with possible improvements to its security posture.

This data is fetched via GitHub's public API, and the project's current score can already be seen here. It's currently a 6.8/10, which puts logr at the top 15% of relevant projects.

It was through Scorecard that I detected the issues fixed in #177 and #178. The Action would simply do the same thing, letting you know if there's anything you can do to improve logr's security. The Security Panel notifications include not only the reasoning for each check's score (as seen in the link above), but also remediation steps.

If you're interested, let me know and I'll send a PR!