Since I discovered the Mozilla observatory tool I have been looking at bringing it into my CI/CD process.
I decided I would write a GitHub action that uses the Mozilla observatory, to check some web security basics on my pull requests.
The results, a GitHub action that can leave comments indicating how secure your HTTP configuration is.
Armed with these reports you can make improvements, and iterate security best practices.
There is a detailed example on my blog here
The action is available on GitHub actions marketplace here