| Hello! Given the current scenario of increasing attacks on supply chain projects, Google (in partnership with the [Open Source Security Foundation](https://openssf.org/)) has hired me to work around important open-source projects to help increase security, in any aspect or concern that might be relevant. I'm talking to you because `puppetlabs/puppet` has reached a significant importance and impact, so I would like to make myself available to help with any security concern or discussion you might have. I see that you are already concerned about security, so in case you don't have any pendencies that I could help with, I could create a PR to add the GitHub Action of [Scorecards](https://securityscorecards.dev/) to your project. This would help you to easily track possible vulnerabilities and security pendencies over your code. Let me know if you have any further questions. OBS: sorry if I did not fill the Jira ticket appropriately, I was not really sure how to do it considering this atypical "Issue". Thanks for the attention =) |
