Skip to content

Monitor the project's security posture with the Scorecard Action #2266

New issue
New issue
Closed
#2267
Closed
Monitor the project's security posture with the Scorecard Action#2266
#2267
Labels
keras-team-review-pending
@pnacht

Description

@pnacht
pnacht
opened on Dec 29, 2023

Short Description
Hey, it's Pedro and I'm back (see #2075, #2142 and #2259) with another security suggestion:

I detected the issues fixed by those PRs by using Scorecard. It's a tool that scans a repository looking for code or settings that may make the project vulnerable to supply-chain threats.

It is also available as the Scorecard Action, which continuously monitors the repository and adds security suggestions directly to the project's Security Panel. In doing so, it can let you know if something accidentally lowers the project's security posture.

I'll send a PR along with this issue adding the Action for you to take a look.

Note: KerasCV' current score of 7.6/10 places it in the top 4% of projects important to the open-source ecosystem!

Papers
SonaType's State of the Software Supply Chain report

Existing Implementations
keras-team/keras#18907

Other Information

Metadata

Metadata

Assignees

No one assigned

    Labels

    keras-team-review-pending

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions