OpenSSF scorecard enhancement #1754
Description
coverlet nuget packages have already a score which could be improved with low effort e.g. Coverlet.collector.
low hanging fruits
• SBOM metadata for nuget package (#1752)
• use Code-QL (SAST) in CI (#1712)
see also https://github.com/ossf/scorecard/blob/main/docs/checks.md
