- add fuzz testing
- add rh, suse, and chainguard ecosystems
- remove invalid dev dependencies
- the published field is optional
- add gh action for semgrep, devskim, audit and fuzzing
- add scorecard badge
- enable publishing of scorecard results
- update default permissions for all workflows