docs: rearrange and rename and add badges to meet current feature set

[jenstroeger]

Just playing around with badges, which ones we want to show and how…

Here I focused more on the area and feature sets this repo offers, instead of having the badge show details for the specific feature.

Should we add a badge for SLSA level 1^*, too (see issue https://github.com/jenstroeger/python-package-template/issues/25) —

What about a Scorecard badge (see issue https://github.com/jenstroeger/python-package-template/issues/32) — is that a code qa badge, or ci?

What about the OSSF Best Practices badge (see issue https://github.com/jenstroeger/python-package-template/issues/121) — is that a code qa badge, or ci?

————— ^* We haven’t quite reached level 2 yet, have we?

[jenstroeger]

And for laffs & giggles we could consider using the LGBT Flag colors ☺️

[behnazh]

We can also add this SLSA badge now.

[jenstroeger]

We can also add this SLSA badge now.

That’s an SVG with an embedded data URL for the logo^*. So, using the shields.io badges we already use I guess we can mimic that badge:

That logo would deviate though from the pattern I considered establishing, where a badge has a “type” on the left (e.g. “security” or “ci”) and a value on the right (e.g. “bandit” and “CodeQL” for the “security” badge). The SLSA would be a “ci” badge, maybe?

————— ^* I suggested to the SLSA folks to submit their logo to Simple Icons to make it available through a slug: https://github.com/slsa-framework/slsa/issues/457

[jenstroeger]

And now this repo also supports pip-audit:

[jenstroeger]

I rebased an updated this PR:

         

[jenstroeger]

Oh, and Github can also create badges from workflow runs! @behnazh should we add the badges for a few of our important workflows, for example

[jenstroeger]

The actual Scorecard badge with current score:

[jenstroeger]

Looks like the Conventional Commits folks provide their own badge: