OpenSSF should have the following indicators covered:

• no_critical_vulnerability (Vulnerabilities)
• static_analysis_common_vulnerabilities (SAST)
• dependency_management (Dependency-Update-Tool)
• project_is_active (Maintained)
• uses_fuzzing (Fuzzing)