pytorch
eb650abc - Add OpenSSF Scorecard Action (#85412)

Commit
2 years ago
Add OpenSSF Scorecard Action (#85412) Closes #85159 As per the linked issue, this PR adds the OpenSSF Scorecards GitHub Action, which automatically checks the repo's supply-chain security processes and reports results to the repo's Security dashboard. This current version of the workflow has the `id-token : write` permission. This is necessary in order to publish results to a public REST API the OpenSSF makes available for consumers to check participating projects' results. Naturally, if you'd rather not publish these results, I can modify the workflow to remove this behavior. The Action has an associated optional badge which can be added to the repo's README. However, given how PyTorch avoids badges, I have naturally not included it. (Let me know if you want it!) @malfet Pull Request resolved: https://github.com/pytorch/pytorch/pull/85412 Approved by: https://github.com/malfet, https://github.com/huydhn
Author
Committer
Parents
Loading