Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Scorecard Action #2267

Merged
merged 1 commit into from
Jan 8, 2024
Merged

Add Scorecard Action #2267

merged 1 commit into from
Jan 8, 2024

Conversation

pnacht
Copy link
Contributor

@pnacht pnacht commented Dec 29, 2023

What does this PR do?

Fixes #2266.

This PR adds the OpenSSF Scorecard Action to monitor KerasCV's security posture and give actionable suggestions if it detects potential areas of improvement.

Before submitting

  • This PR fixes a typo or improves the docs (you can dismiss the other checks if that's the case).
  • Did you read the contributor guideline,
    Pull Request section?
  • Was this discussed/approved via a Github issue? Please add a link
    to it if that's the case.
  • Did you write any new necessary tests?
  • If this adds a new model, can you run a few training steps on TPU in Colab to ensure that no XLA incompatible OP are used?

Who can review?

@divyashreepathihalli, @sampathweb

@pnacht
Add Scorecard Action
2a9c632 
Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com>
@divyashreepathihalli divyashreepathihalli added the kokoro:force-run Runs Tests on GPU label Jan 8, 2024
@kokoro-team kokoro-team removed the kokoro:force-run Runs Tests on GPU label Jan 8, 2024
@divyashreepathihalli divyashreepathihalli merged commit 3f95d71 into keras-team:master Jan 8, 2024
10 checks passed
divyashreepathihalli added a commit that referenced this pull request Jan 8, 2024
@divyashreepathihalli @sampathweb
@nkovela1 @dependabot @pnacht
version bump to 0.8.1.dev0 (#2284)
677c7bc 
* Update base image aug layer tensor conversion (#2281)

* Update version to 0.8.1 (#2282)

* Fix YOLOv8Detector deserialization (#2283)

* Fix YOLOv8Detector deserialization

* Fix nit

* Deserialize preditction decoder

* Bump the python group with 4 updates (#2277)

Bumps the python group with 4 updates: [tf-nightly-cpu](https://github.com/tensorflow/tensorflow), torch, torchvision and [tf-nightly[and-cuda]](https://github.com/tensorflow/tensorflow).


Updates `tf-nightly-cpu` from 2.16.0.dev20231221 to 2.16.0.dev20240104
- [Release notes](https://github.com/tensorflow/tensorflow/releases)
- [Changelog](https://github.com/tensorflow/tensorflow/blob/master/RELEASE.md)
- [Commits](https://github.com/tensorflow/tensorflow/commits)

Updates `torch` from 2.1.2 to 2.1.2+cu121

Updates `torchvision` from 0.16.2 to 0.16.2+cu121

Updates `tf-nightly[and-cuda]` from 2.16.0.dev20231221 to 2.16.0.dev20240104
- [Release notes](https://github.com/tensorflow/tensorflow/releases)
- [Changelog](https://github.com/tensorflow/tensorflow/blob/master/RELEASE.md)
- [Commits](https://github.com/tensorflow/tensorflow/commits)

---
updated-dependencies:
- dependency-name: tf-nightly-cpu
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python
- dependency-name: torch
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python
- dependency-name: torchvision
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python
- dependency-name: tf-nightly[and-cuda]
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Add Scorecard Action (#2267)

Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com>

* version bump to 0.8.1.dev0

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com>
Co-authored-by: Ramesh Sampath <1437573+sampathweb@users.noreply.github.com>
Co-authored-by: Neel Kovelamudi <60985914+nkovela1@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com>
Co-authored-by: Divyashree Sreepathihalli <divyashreepathihalli>
yuvraj-wale pushed a commit to yuvraj-wale/keras-cv that referenced this pull request Feb 8, 2024
@pnacht @yuvraj-wale
Add Scorecard Action (keras-team#2267)
a495ad0 
Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@divyashreepathihalli divyashreepathihalli divyashreepathihalli approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Monitor the project's security posture with the Scorecard Action
4 participants
@pnacht @divyashreepathihalli @kokoro-team @sachinprasadhs