update integrates OpenSSF badging details into README and CONTRIBUTING (#75)

* fixes #63 string oob with ignore malformed

* update README and CONTRIBUTING

---------

Co-authored-by: carmine <carmine@everco.ai>

Author: cdimascio

CONTRIBUTING.md

@@ -50,11 +50,6 @@ Build sources and javadoc
 mvn clean test jacoco:report package 
 ```
 
-Generate signed artifacts locally
-```shell
-mvn verify -P release-sign-artifacts -DperformRelease=true
-```
-
 ### Publish to Maven Central
 
 Deploy
@@ -68,6 +63,12 @@ When first publishing to staging repos, you most close and release from OSS Sona
 - press the `release` button
 
 #### Artifacts upload
+
+- Generate signed artifacts locally
+  ```shell
+  mvn verify -P release-sign-artifacts -DperformRelease=true
+  ```
+
 - Upload change log
   ```shell
   gh release create v3.0.1 -F CHANGELOG.md
@@ -77,6 +78,7 @@ When first publishing to staging repos, you most close and release from OSS Sona
   ```shell
   gh release upload target/*.jar.asc --clobber       
   ```
+
 ### Publish to Github Packages
 
 _Note: This step can only be run by maintainers._
@@ -141,6 +143,7 @@ https://docs.github.com/en/packages/using-github-packages-with-your-projects-eco
 
 ### OpenSSF Security Scorecard
 - Get Analysis Result: https://api.securityscorecards.dev/#/results/getResult
+  - enter platform=github.com, org=cdimascio, repo=dotenv-java
 - Step Security - Secure Your Repo Analysis + auto PR - https://app.stepsecurity.io/securerepo
 - Step Security - For Repo - https://app.stepsecurity.io/github/cdimascio/actions/dashboard
-
+- OpenSSF Badget Analysis https://www.bestpractices.dev/en/projects/9407

README.md

@@ -1,6 +1,6 @@
 # 🗝️ dotenv-java 
 
-![Build Status](https://github.com/cloudsimplus/cloudsimplus/actions/workflows/build.yml/badge.svg) [![Maven Central](https://img.shields.io/maven-central/v/io.github.cdimascio/dotenv-java.svg?label=Maven%20Central)](https://search.maven.org/artifact/io.github.cdimascio/dotenv-java) [![Codacy Badge](https://api.codacy.com/project/badge/Grade/66b8195f0da544f1ad9ed1352c0ea66f)](https://app.codacy.com/app/cdimascio/dotenv-java?utm_source=github.com&utm_medium=referral&utm_content=cdimascio/dotenv-java&utm_campaign=Badge_Grade_Dashboard) ![](https://img.shields.io/ossf-scorecard/github.com/cdimascio/dotenv-java?label=openssf%20scorecard&style=flat) [![](https://img.shields.io/gitter/room/cdimascio-oss/community?color=%23eb205a)](https://gitter.im/cdimascio-oss/community) [![All Contributors](https://img.shields.io/badge/all_contributors-6-orange.svg?style=flat-square)](#contributors-) [![](https://img.shields.io/badge/doc-javadoc-blue)](https://cdimascio.github.io/dotenv-java/docs/javadoc/index.html) ![](https://img.shields.io/badge/license-Apache%202.0-blue.svg)
+![Build Status](https://github.com/cloudsimplus/cloudsimplus/actions/workflows/build.yml/badge.svg) [![Maven Central](https://img.shields.io/maven-central/v/io.github.cdimascio/dotenv-java.svg?label=Maven%20Central)](https://search.maven.org/artifact/io.github.cdimascio/dotenv-java) [![Codacy Badge](https://api.codacy.com/project/badge/Grade/66b8195f0da544f1ad9ed1352c0ea66f)](https://app.codacy.com/app/cdimascio/dotenv-java?utm_source=github.com&utm_medium=referral&utm_content=cdimascio/dotenv-java&utm_campaign=Badge_Grade_Dashboard) ![](https://img.shields.io/ossf-scorecard/github.com/cdimascio/dotenv-java?label=openssf%20scorecard&style=flat) [![OpenSSF Best Practices](https://www.bestpractices.dev/projects/9407/badge)](https://www.bestpractices.dev/projects/9407) [![](https://img.shields.io/gitter/room/cdimascio-oss/community?color=%23eb205a)](https://gitter.im/cdimascio-oss/community) [![All Contributors](https://img.shields.io/badge/all_contributors-6-orange.svg?style=flat-square)](#contributors-) [![](https://img.shields.io/badge/doc-javadoc-blue)](https://cdimascio.github.io/dotenv-java/docs/javadoc/index.html) ![](https://img.shields.io/badge/license-Apache%202.0-blue.svg)
 
 A no-dependency, pure Java port of the Ruby dotenv project. Load environment variables from a `.env` file.