diff --git a/.github/workflows/scoreboard.yml b/.github/workflows/scoreboard.yml
new file mode 100644
index 0000000..3baad7b
--- /dev/null
+++ b/.github/workflows/scoreboard.yml
@@ -0,0 +1,35 @@
+name: Scorecard supply-chain security
+on:
+ branch_protection_rule:
+ schedule:
+ - cron: '16 0 * * 6'
+ push:
+ branches: [ "main" ]
+
+permissions: read-all
+
+jobs:
+ analysis:
+ name: Scorecard analysis
+ runs-on: ubuntu-latest
+ permissions:
+ security-events: write
+ id-token: write
+
+ steps:
+ - name: Checkout repository
+ uses: actions/checkout@v3
+ with:
+ persist-credentials: false
+
+ - name: Run analysis
+ uses: ossf/scorecard-action@e38b1902ae4f44df626f11ba0734b14fb91f8f86 # v2.1.2
+ with:
+ results_file: results.sarif
+ results_format: sarif
+ publish_results: true
+
+ - name: Upload to code-scanning
+ uses: github/codeql-action/upload-sarif@17573ee1cc1b9d061760f3a006fc4aac4f944fd5 # v2.2.4
+ with:
+ sarif_file: results.sarif
diff --git a/README.md b/README.md
index 73c8639..33e2486 100644
--- a/README.md
+++ b/README.md
@@ -7,6 +7,7 @@
+
Go-CVSS is a blazing-fast, low allocations and small memory-usage Go module made to manipulate Common Vulnerability Scoring System (CVSS).