From c7ad84b40e64d15781919874de5b43b58e8321f1 Mon Sep 17 00:00:00 2001
From: Tim Case <bitmath@lnx.cx>
Date: Tue, 19 May 2026 19:12:25 -0500
Subject: [PATCH 1/3] Add OSSF Scorecard security scan workflow

Adds .github/workflows/scorecard.yml running the OSSF Scorecard action
to evaluate supply-chain security posture. Triggers on push to master,
branch_protection_rule changes, weekly Saturday cron, and manual
workflow_dispatch.

- publish_results: true enables a public Scorecard badge and feeds the
  OSSF Scorecard API
- All three external actions pinned by full commit SHA with version
  comments (ossf/scorecard-action v2.4.3, actions/upload-artifact v7.0.1,
  github/codeql-action/upload-sarif v4.35.3)
- Required permissions scoped to the job only: security-events: write,
  id-token: write, contents: read, actions: read
- Top-level permissions: read-all per Scorecard's publish_results
  requirements; no top-level env or defaults
- SARIF results uploaded to code scanning and retained as a 5-day
  artifact
---
 .github/workflows/scorecard.yml | 46 +++++++++++++++++++++++++++++++++
 1 file changed, 46 insertions(+)
 create mode 100644 .github/workflows/scorecard.yml

diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
new file mode 100644
index 0000000..d41eb85
--- /dev/null
+++ b/.github/workflows/scorecard.yml
@@ -0,0 +1,46 @@
+name: OSSF Scorecard Security Scan
+
+on:
+  branch_protection_rule:
+  push:
+    branches: ["master"]
+  schedule:
+    - cron: "30 1 * * 6"
+  workflow_dispatch:
+
+permissions: read-all
+
+jobs:
+  analysis:
+    name: Scorecard analysis
+    runs-on: ubuntu-latest
+    permissions:
+      security-events: write
+      id-token: write
+      contents: read
+      actions: read
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false
+
+      - name: Run analysis
+        uses: ossf/scorecard-action@4eaacf0543bb3f2c246792bd56e8cdeffafb205a # v2.4.3
+        with:
+          results_file: results.sarif
+          results_format: sarif
+          publish_results: true
+
+      - name: Upload artifact
+        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
+        with:
+          name: SARIF file
+          path: results.sarif
+          retention-days: 5
+
+      - name: Upload to code-scanning
+        uses: github/codeql-action/upload-sarif@e46ed2cbd01164d986452f91f178727624ae40d7 # v4.35.3
+        with:
+          sarif_file: results.sarif

From a0aaf9116d5b15a246871017e897b7c5128031c7 Mon Sep 17 00:00:00 2001
From: Tim Case <bitmath@lnx.cx>
Date: Tue, 19 May 2026 19:18:35 -0500
Subject: [PATCH 2/3] Add OSSF Scorecard badge to README

Adds the api.securityscorecards.dev badge alongside the Bandit badge in
the docs/security/issues row. The badge will populate once the workflow
introduced in this PR has run on master at least once and publish_results
has propagated data to the Scorecard API.
---
 README.rst | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/README.rst b/README.rst
index f9d4b86..f4abe7f 100644
--- a/README.rst
+++ b/README.rst
@@ -16,6 +16,9 @@
 .. image:: https://github.com/timlnx/bitmath/actions/workflows/bandit.yml/badge.svg
    :target: https://github.com/timlnx/bitmath/actions/workflows/bandit.yml
    :alt: Bandit Security Scan
+.. image:: https://api.securityscorecards.dev/projects/github.com/timlnx/bitmath/badge
+   :target: https://securityscorecards.dev/viewer/?uri=github.com/timlnx/bitmath
+   :alt: OSSF Scorecard
 .. image:: https://img.shields.io/github/issues/timlnx/bitmath?style=flat-square
    :target: https://github.com/timlnx/bitmath/issues
    :alt: Open issues

From b99c371e15bcde2be0ed84f9b910b1fa34941e55 Mon Sep 17 00:00:00 2001
From: Tim Case <bitmath@lnx.cx>
Date: Tue, 19 May 2026 19:20:03 -0500
Subject: [PATCH 3/3] Update badges in docsite

---
 docsite/source/index.rst    | 51 ++++++++++++++++++++-----------------
 docsite/source/index.rst.in | 51 ++++++++++++++++++++-----------------
 2 files changed, 56 insertions(+), 46 deletions(-)

diff --git a/docsite/source/index.rst b/docsite/source/index.rst
index 167199f..a3b6212 100644
--- a/docsite/source/index.rst
+++ b/docsite/source/index.rst
@@ -1,33 +1,38 @@
-.. image:: https://github.com/tbielawa/bitmath/actions/workflows/python.yml/badge.svg
-   :target: https://github.com/tbielawa/bitmath/actions/workflows/python.yml
-   :alt: Build Status on GitHub
-
-.. image:: https://img.shields.io/github/issues/tbielawa/bitmath?style=flat-square
-   :target: https://github.com/tbielawa/bitmath/issues
-   :alt: Open Issues
-
-.. image:: https://img.shields.io/github/issues-pr/tbielawa/bitmath?style=flat-square
-   :target: https://github.com/tbielawa/bitmath/pulls
-   :alt: Open Pull Requests
-
+.. image:: https://github.com/timlnx/bitmath/actions/workflows/python.yml/badge.svg
+   :target: https://github.com/timlnx/bitmath/actions/workflows/python.yml
+.. image:: https://img.shields.io/pypi/v/bitmath.svg
+   :target: https://pypi.org/project/bitmath/
+   :alt: Latest Version
 .. image:: https://img.shields.io/pypi/dm/bitmath?style=flat-square
    :target: https://pypistats.org/packages/bitmath
-   :alt: PyPI - Package Popularity
-
-.. image:: https://img.shields.io/github/stars/tbielawa/bitmath?style=flat-square
-   :target: https://pypistats.org/packages/bitmath
-   :alt: GitHub Project Popularity
-
-.. image:: https://img.shields.io/pypi/l/bitmath?style=flat-square
-   :target: https://opensource.org/licenses/MIT
-   :alt: PyPI - License
-
+   :alt: PyPI - Package Downloads
 .. image:: https://img.shields.io/pypi/implementation/bitmath?style=flat-square
    :alt: PyPI - Implementation
-
 .. image:: https://img.shields.io/pypi/pyversions/bitmath?style=flat-square
    :alt: PyPI - Python Version
 
+.. image:: https://readthedocs.org/projects/bitmath/badge/?version=latest
+   :target: http://bitmath.rtfd.org/
+.. image:: https://github.com/timlnx/bitmath/actions/workflows/bandit.yml/badge.svg
+   :target: https://github.com/timlnx/bitmath/actions/workflows/bandit.yml
+   :alt: Bandit Security Scan
+.. image:: https://api.securityscorecards.dev/projects/github.com/timlnx/bitmath/badge
+   :target: https://securityscorecards.dev/viewer/?uri=github.com/timlnx/bitmath
+   :alt: OSSF Scorecard
+.. image:: https://img.shields.io/github/issues/timlnx/bitmath?style=flat-square
+   :target: https://github.com/timlnx/bitmath/issues
+   :alt: Open issues
+.. image:: https://img.shields.io/github/issues-pr/timlnx/bitmath?style=flat-square
+   :target: https://github.com/timlnx/bitmath/pulls
+   :alt: Open pull requests
+.. image:: https://img.shields.io/github/stars/timlnx/bitmath?style=flat-square
+   :target: https://github.com/timlnx/bitmath
+   :alt: GitHub Project Popularity
+.. image:: https://img.shields.io/badge/license-MIT-blue.svg
+   :target: https://github.com/timlnx/bitmath/blob/master/LICENSE
+   :alt: License
+
+
 bitmath
 #######
 
diff --git a/docsite/source/index.rst.in b/docsite/source/index.rst.in
index 97eea85..1586d88 100644
--- a/docsite/source/index.rst.in
+++ b/docsite/source/index.rst.in
@@ -1,33 +1,38 @@
-.. image:: https://github.com/tbielawa/bitmath/actions/workflows/python.yml/badge.svg
-   :target: https://github.com/tbielawa/bitmath/actions/workflows/python.yml
-   :alt: Build Status on GitHub
-
-.. image:: https://img.shields.io/github/issues/tbielawa/bitmath?style=flat-square
-   :target: https://github.com/tbielawa/bitmath/issues
-   :alt: Open Issues
-
-.. image:: https://img.shields.io/github/issues-pr/tbielawa/bitmath?style=flat-square
-   :target: https://github.com/tbielawa/bitmath/pulls
-   :alt: Open Pull Requests
-
+.. image:: https://github.com/timlnx/bitmath/actions/workflows/python.yml/badge.svg
+   :target: https://github.com/timlnx/bitmath/actions/workflows/python.yml
+.. image:: https://img.shields.io/pypi/v/bitmath.svg
+   :target: https://pypi.org/project/bitmath/
+   :alt: Latest Version
 .. image:: https://img.shields.io/pypi/dm/bitmath?style=flat-square
    :target: https://pypistats.org/packages/bitmath
-   :alt: PyPI - Package Popularity
-
-.. image:: https://img.shields.io/github/stars/tbielawa/bitmath?style=flat-square
-   :target: https://pypistats.org/packages/bitmath
-   :alt: GitHub Project Popularity
-
-.. image:: https://img.shields.io/pypi/l/bitmath?style=flat-square
-   :target: https://opensource.org/licenses/MIT
-   :alt: PyPI - License
-
+   :alt: PyPI - Package Downloads
 .. image:: https://img.shields.io/pypi/implementation/bitmath?style=flat-square
    :alt: PyPI - Implementation
-
 .. image:: https://img.shields.io/pypi/pyversions/bitmath?style=flat-square
    :alt: PyPI - Python Version
 
+.. image:: https://readthedocs.org/projects/bitmath/badge/?version=latest
+   :target: http://bitmath.rtfd.org/
+.. image:: https://github.com/timlnx/bitmath/actions/workflows/bandit.yml/badge.svg
+   :target: https://github.com/timlnx/bitmath/actions/workflows/bandit.yml
+   :alt: Bandit Security Scan
+.. image:: https://api.securityscorecards.dev/projects/github.com/timlnx/bitmath/badge
+   :target: https://securityscorecards.dev/viewer/?uri=github.com/timlnx/bitmath
+   :alt: OSSF Scorecard
+.. image:: https://img.shields.io/github/issues/timlnx/bitmath?style=flat-square
+   :target: https://github.com/timlnx/bitmath/issues
+   :alt: Open issues
+.. image:: https://img.shields.io/github/issues-pr/timlnx/bitmath?style=flat-square
+   :target: https://github.com/timlnx/bitmath/pulls
+   :alt: Open pull requests
+.. image:: https://img.shields.io/github/stars/timlnx/bitmath?style=flat-square
+   :target: https://github.com/timlnx/bitmath
+   :alt: GitHub Project Popularity
+.. image:: https://img.shields.io/badge/license-MIT-blue.svg
+   :target: https://github.com/timlnx/bitmath/blob/master/LICENSE
+   :alt: License
+
+
 bitmath
 #######