mockserver-client = { module = "org.mock-server:mockserver-client-java-no-dependencies", version.ref = "mockserverClient" }
nativeImageSvm = { module = "org.graalvm.nativeimage:svm", version.ref = "graalvm" }
openjsse = "org.openjsse:openjsse:1.1.14"
playservices-safetynet = "com.google.android.gms:play-services-safetynet:18.1.0"
retrofit = { module = "com.squareup.retrofit2:retrofit", version.ref = "retrofit" }

          # repo_token: ${{ secrets.SCORECARD_TOKEN }}

          # Public repositories:
          #   - Publish results to OpenSSF REST API for easy access by consumers
          #   - Allows the repository to include the Scorecard badge.
          #   - See https://github.com/ossf/scorecard-action#publishing-results.
          # For private repositories:

Import the modules installed.

Create a random secret key that will be used to sign the JWT tokens.

To generate a secure random secret key use the command:

<div class="termy">

```console
$ openssl rand -hex 32

09d25e094faa6ca2556c818166b7a9563b93f7099f6f0f4caa6cf63b88e8d3e7
```

</div>

And copy the output to the variable `SECRET_KEY` (don't use the one in the example).

            // remove whitespaces at the end
            expectedChecksum = expectedChecksum.trim();

            // check for 'ALGO (name) = CHECKSUM' like used by openssl
            if (expectedChecksum.regionMatches(true, 0, "MD", 0, 2)
                    || expectedChecksum.regionMatches(true, 0, "SHA", 0, 3)) {
                int lastSpacePos = expectedChecksum.lastIndexOf(' ');

/*! jQuery v3.7.1 | (c) OpenJS Foundation and other contributors | jquery.org/license */

/*! jQuery v3.7.1 | (c) OpenJS Foundation and other contributors | jquery.org/license */