Support show-openssf-scorecard input set from var (#11)

Author: chainchad

.github/workflows/dependency-review-vulnerability-license.yml

@@ -4,14 +4,16 @@ name: Dependency Review - License/Vulns
 # This workflow analyzes dependencies introduced by pull requests to help identify security vulnerabilities
 # and for invalid dependency licenses.
 #
-# To override the default configuration preset, set the `DEPENDENCY_REVIEW_CONFIG_PRESET` variable in the repository settings.
-# The default preset is "license-deny-vulnerability-high". This preset has this behavior:
+# The default config-preset is "license-deny-vulnerability-high". This preset has this behavior:
 #
 #   Fail if a dependency is found with a license that is in the deny_licenses list and fails if vulnerabilities are found in the
 #   dependency tree with a high severity or greater.
 #
-# To override the config preset, set the DEPENDENCY_REVIEW_CONFIG_PRESET repo variable using the gh cli:
+# To override the config-preset, set the DEPENDENCY_REVIEW_CONFIG_PRESET repo variable using the gh cli:
 #   gh variable set DEPENDENCY_REVIEW_CONFIG_PRESET --body "license-deny-vulnerability-high"
+#
+# To override the show-openssf-scorecard option, set the DEPENDENCY_REVIEW_SHOW_OPENSSF_SCORECARD repo variable using the gh cli:
+#   gh variable set DEPENDENCY_REVIEW_SHOW_OPENSSF_SCORECARD --body "false"
 ###
 
 on:
@@ -38,3 +40,4 @@ jobs:
         uses: smartcontractkit/.github/actions/dependency-review@dependency-review/v2
         with:
           config-preset: ${{ vars.DEPENDENCY_REVIEW_CONFIG_PRESET || 'license-deny-vulnerability-high' }}
+          show-openssf-scorecard: ${{ vars.DEPENDENCY_REVIEW_SHOW_OPENSSF_SCORECARD || 'true' }}