Open
Description
This also helps improve the scorecard score. We need to check if the file already exists in the .github repo or other places it could be checked. We should also encourage the maintainer to enable private vulnerability reporting in the repo, and add reporting instructions to the SECURITY.md file.