feat: ossf scanning

mcncl · mcncl · commit 658a5d15f388 · 2025-07-31T15:35:09.000+10:00
Signed-off-by: Ben McNicholl &lt;git@benmcnicholl.com&gt;
diff --git a/.buildkite/pipeline.yml b/.buildkite/pipeline.yml
@@ -16,3 +16,12 @@ steps:
           files:
             - hooks/**
             - lib/**
+
+  - label: "Security Scan"
+    key: security_scan
+    plugins:
+      - secrets#v1.0.0:
+          variables:
+            GITHUB_TOKEN: GITHUB_TOKEN
+      - ossf-scorecard#v1.0.0:
+          github_token: $$GITHUB_TOKEN
