task: Scorecard — apply for OpenSSF Best Practices badge (CII-Best-Practices)

[mirzakopic]

Description

OpenSSF Scorecard reports CII-Best-Practices: 0/10 on every platform-mesh repo with a Scorecard. This is because the project has not registered for the OpenSSF Best Practices badge (formerly CII Best Practices).

This is an org-wide, one-time effort — not a per-repo fix. We register the project once, walk through the questionnaire, and the badge URL gets added to repo READMEs (or just to the umbrella project page).

Steps

1. Register at https://www.bestpractices.dev/en/projects/new — point it at the umbrella project (probably https://github.com/platform-mesh or the main community/architecture repo).
2. Fill out the passing-level questionnaire — most criteria are already met (CI, license, vulnerability reporting, etc.).
3. Once badge is awarded, add the badge image + link to:
   • platform-mesh/.github README (org-level)
   • Each repo README (optional, but improves Scorecard signal pickup)
4. Re-run scorecards or wait for the next scheduled run; verify CII-Best-Practices improves.

Notes

• Scorecard checks for the badge by scanning READMEs for the bestpractices.dev URL pattern, so the badge link must actually appear in the repo for the score to update.
• Passing level is the minimum target; silver/gold are nice-to-haves but lots more work.

Objectives

• OpenSSF Best Practices badge awarded at passing level.
• Badge URL present in at least the org-level README so Scorecard picks it up.

Demo Required

None

Demo Steps

No response

---

Epic: #278