diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
index aa4c1b2..0467d10 100644
--- a/.github/workflows/scorecard.yml
+++ b/.github/workflows/scorecard.yml
@@ -2,9 +2,9 @@ name: Scorecard supply-chain security
 on:
   branch_protection_rule:
   schedule:
-    - cron: '31 17 * * 5'
+    - cron: "31 17 * * 5"
   push:
-    branches: [ "main" ]
+    branches: ["main"]
 
 permissions: read-all
 
@@ -28,8 +28,8 @@ jobs:
         with:
           results_file: results.sarif
           results_format: sarif
-          publish_results: tru
-          
+          publish_results: true
+
       - name: Upload artifact
         uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1
         with:
diff --git a/README.md b/README.md
index ad607f4..ee0a9d2 100644
--- a/README.md
+++ b/README.md
@@ -10,6 +10,9 @@
     <img alt="Issues" src="https://img.shields.io/github/issues/steveiliop56/tinyauth">
     <img alt="Tinyauth CI" src="https://github.com/steveiliop56/tinyauth/actions/workflows/ci.yml/badge.svg">
     <a title="Crowdin" target="_blank" href="https://crowdin.com/project/tinyauth"><img src="https://badges.crowdin.net/tinyauth/localized.svg"></a>
+    <a href="https://scorecard.dev/viewer/?uri=github.com/steveiliop56/tinyauth" target="_blank" title="OpenSSF Scorecard">
+      <img src="https://api.scorecard.dev/projects/github.com/steveiliop56/tinyauth/badge">
+    </a>
 </div>
 
 <br />