The @openssf #scorecard project is misleading and harmful; it reduces projects to fairly arbitrary numerical scores based purely on whether they're using tools the scorecard authors are familiar with. For example, it doesn't recognize ruff for python projects.

E.g. https://deps.dev/ displays this information.