Trusty provides a free-to-use service with scoring and metrics about a package’s repo and author activity.
Minder is an open source platform that helps project owners build more secure software and prove that what they’ve built is secure.
To secure GitHub Actions, a common practice is to pin an action to a specific commit SHA, or checksum. For developers, it's manual work to do that pinning, and to figure out what actions are being used in your project. Minder, an open source platform for managing security policies across your GitHub repos, makes it easier to automatically parse all of your GitHub Actions workflows across your GitHub repos, and replace the needed tags for the commit checksum. This means that you don't need to go and fetch the checksum for each and every action referenced in your workflows.