The project should provide an OpenSSF Security Insights manifest file (SECURITY-INSIGHTS.yml) at the repository root.

Reference

• Specification: https://github.com/ossf/security-insights/blob/v1.0.0/specification.md
• CLOMonitor check: https://clomonitor.io/docs/topics/checks/#security-insights