Hi! I'm here on behalf of Google, working to improve the supply-chain security of open-source projects. I would like to suggest the adoption of the Scorecard in your repository.
The Scorecard system combines dozens of automated checks to let maintainers better understand their project's supply-chain security posture. It is developed by the OpenSSF, a non-profit foundation dedicated to improving the security of the open-source community.
Considering that Tensorflow is a community group and receives contribution from the community itself, the Scorecard could help to garantee that the repository and the contribution process is safe from malicious sabotage.
With that in mind and to make the process easier to replicate in github projects, the OpenSSF has also developed the Scorecard GitHub Action, which adds the results of its checks to the project's security dashboard, as well as suggestions on how to solve any issues (see examples below). This Action has been adopted by 1600+ projects already.
Would you be interested in a PR which adds this Action? Optionally, it can also publish your results to the OpenSSF REST API, which allows a badge with the project's score to be added to its README.
Hi! I'm here on behalf of Google, working to improve the supply-chain security of open-source projects. I would like to suggest the adoption of the Scorecard in your repository.
The Scorecard system combines dozens of automated checks to let maintainers better understand their project's supply-chain security posture. It is developed by the OpenSSF, a non-profit foundation dedicated to improving the security of the open-source community.
Considering that Tensorflow is a community group and receives contribution from the community itself, the Scorecard could help to garantee that the repository and the contribution process is safe from malicious sabotage.
With that in mind and to make the process easier to replicate in github projects, the OpenSSF has also developed the Scorecard GitHub Action, which adds the results of its checks to the project's security dashboard, as well as suggestions on how to solve any issues (see examples below). This Action has been adopted by 1600+ projects already.
More about Scorecard Github Action, please check Reducing security risk in open source software with GitHub Actions and OpenSSF Scorecards V4
Would you be interested in a PR which adds this Action? Optionally, it can also publish your results to the OpenSSF REST API, which allows a badge with the project's score to be added to its README.