Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Monitor the project's security posture with the Scorecard Action #2266

Closed
pnacht opened this issue Dec 29, 2023 · 0 comments · Fixed by #2267
Closed

Monitor the project's security posture with the Scorecard Action #2266

pnacht opened this issue Dec 29, 2023 · 0 comments · Fixed by #2267
Labels
keras-team-review-pending

Comments

@pnacht
Copy link
Contributor

pnacht commented Dec 29, 2023

Short Description
Hey, it's Pedro and I'm back (see #2075, #2142 and #2259) with another security suggestion:

I detected the issues fixed by those PRs by using Scorecard. It's a tool that scans a repository looking for code or settings that may make the project vulnerable to supply-chain threats.

It is also available as the Scorecard Action, which continuously monitors the repository and adds security suggestions directly to the project's Security Panel. In doing so, it can let you know if something accidentally lowers the project's security posture.

I'll send a PR along with this issue adding the Action for you to take a look.

Note: KerasCV' current score of 7.6/10 places it in the top 4% of projects important to the open-source ecosystem!

Papers
SonaType's State of the Software Supply Chain report

Existing Implementations
keras-team/keras#18907

Other Information
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
keras-team-review-pending
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add Scorecard Action pnacht/keras-cv
2 participants
@pnacht @sachinprasadhs