From fa66fccff702ae4bf2b7e3c1b5890a1d930fe170 Mon Sep 17 00:00:00 2001
From: PatriceJada <59295119+PatriceJada@users.noreply.github.com>
Date: Thu, 6 Jun 2024 23:56:23 -0400
Subject: [PATCH 1/2] Create scorecard.yml

---
 .github/workflows/scorecard.yml | 49 +++++++++++++++++++++++++++++++++
 1 file changed, 49 insertions(+)
 create mode 100644 .github/workflows/scorecard.yml

diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
new file mode 100644
index 000000000..d95d323f7
--- /dev/null
+++ b/.github/workflows/scorecard.yml
@@ -0,0 +1,49 @@
+# This workflow uses actions that are not certified by GitHub. They are provided
+# by a third-party and are governed by separate terms of service, privacy
+# policy, and support documentation.
+
+name: Scorecard supply-chain security
+on:
+  branch_protection_rule:
+  schedule:
+    - cron: '41 21 * * 3'
+  push:
+    branches: [ "main" ]
+
+permissions: read-all
+
+jobs:
+  analysis:
+    name: Scorecard analysis
+    runs-on: ubuntu-latest
+    permissions:
+      security-events: write
+      id-token: write
+      
+
+    steps:
+      - name: "Checkout code"
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        with:
+          persist-credentials: false
+
+      - name: "Run analysis"
+        uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1
+        with:
+          results_file: results.sarif
+          results_format: sarif
+          publish_results: true
+
+      # Upload the results as artifacts (optional).
+      - name: "Upload artifact"
+        uses: actions/upload-artifact@97a0fba1372883ab732affbe8f94b823f91727db # v3.pre.node20
+        with:
+          name: SARIF file
+          path: results.sarif
+          retention-days: 5
+
+      # Upload the results to GitHub's code scanning dashboard (optional).
+      - name: "Upload to code-scanning"
+        uses: github/codeql-action/upload-sarif@1b1aada464948af03b950897e5eb522f92603cc2 # v3.24.9
+        with:
+          sarif_file: results.sarif

From b543d9cae47da12abddee2f22ac8bd095bd3a765 Mon Sep 17 00:00:00 2001
From: PatriceJada <59295119+PatriceJada@users.noreply.github.com>
Date: Fri, 7 Jun 2024 00:00:33 -0400
Subject: [PATCH 2/2] Add Scorecard Badge to README.rst

---
 README.rst | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/README.rst b/README.rst
index d70ce1d6d..56eaa4a4e 100644
--- a/README.rst
+++ b/README.rst
@@ -103,3 +103,7 @@ Sponsors
    :target: http://www.numfocus.org/
 .. |PyMCLabs| image:: https://raw.githubusercontent.com/pymc-devs/pymc/main/docs/logos/sponsors/pymc-labs.png
    :target: https://pymc-labs.io
+
+.. image:: https://api.scorecard.dev/projects/github.com/pymc-devs/pymc-examples/badge
+   :target: https://scorecard.dev/viewer/?uri=github.com/pymc-devs/pymc-examples
+   :alt: OpenSSF Scorecard for pymc-devs/pymc-examples