chore: add ossf plugin

mcncl · mcncl · commit 435f084b5342 · 2025-08-12T12:14:52.000+10:00
Signed-off-by: Ben McNicholl &lt;git@benmcnicholl.com&gt;
diff --git a/.buildkite/pipeline.yml b/.buildkite/pipeline.yml
@@ -13,7 +13,16 @@ steps:
       - shellcheck#v1.4.0:
           files: hooks/**
 
-  - wait
+  - label: "Security Scan"
+    key: security_scan
+    plugins:
+      - secrets#v1.0.0:
+          variables:
+            GITHUB_TOKEN: GITHUB_TOKEN
+      - ossf-scorecard#v1.0.0:
+          github_token: $$GITHUB_TOKEN
+
+  - wait: ~
 
   - label: test uploading
     key: upload
@@ -47,4 +56,4 @@ steps:
           from: '.buildkite/pipeline.yml'
           to: 'test-pipeline.yml'
         compressed: artifact.tgz
-    command: test -e test-pipeline.yml
+    command: test -e test-pipeline.yml
