Google and the Open Source Security Foundation have released Allstar, an app that allows organizations / owners of GitHub projects to set up security policy expectations for GitHub projects. When the app detects a repository is out of compliance, it can take one of three enforcement actions (chosen by the organization/owner) Allstar works by continuously checking expected API and repository settings (repository settings, branch settings, workflow contents) against defined security policies and applying enforcement actions. Allstar also works in concert with Security Scorecards, a tool that checks things like whether the project uses tools to automatically update its code before code is merged.
Source: https://www.helpnetsecurity.com/2021/08/11/security-github-projects/