Skip to content

Conversation

sramakintel
Copy link
Contributor

Description

Related Issue

Changes Made

  • The code follows the project's coding standards.
  • No Intel Internal IP is present within the changes.
  • The documentation has been updated to reflect any changes in functionality.

Validation

  • I have tested any changes in container groups locally with test_runner.py with all existing tests passing, and I have added new tests where applicable.

Signed-off-by: Srikanth Ramakrishna <[email protected]>
Copy link

github-actions bot commented Sep 23, 2025

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

PackageVersionScoreDetails
actions/intel/ai-containers/.github sramakr1/add_pytorch_test_check 🟢 7.9
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Binary-Artifacts🟢 10no binaries found in the repo
Maintained🟢 1030 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Dependency-Update-Tool🟢 10update tool detected
Security-Policy🟢 10security policy file detected
Packaging⚠️ -1packaging workflow not detected
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices🟢 5badge detected: Passing
Signed-Releases⚠️ -1no releases found
SAST🟢 9SAST tool is not run on all commits -- score normalized to 9
Fuzzing⚠️ 0project is not fuzzed
Branch-Protection🟢 8branch protection is not maximal on development and all release branches
Pinned-Dependencies🟢 3dependency not pinned by hash detected -- score normalized to 3
License🟢 10license file detected
Vulnerabilities⚠️ 029 existing vulnerabilities detected
CI-Tests🟢 1030 out of 30 merged PRs checked by a CI test -- score normalized to 10
Contributors🟢 10project has 7 contributing companies or organizations
actions/intel/ai-containers/test-runner b47fdb7 🟢 7.9
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Binary-Artifacts🟢 10no binaries found in the repo
Maintained🟢 1030 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Dependency-Update-Tool🟢 10update tool detected
Security-Policy🟢 10security policy file detected
Packaging⚠️ -1packaging workflow not detected
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices🟢 5badge detected: Passing
Signed-Releases⚠️ -1no releases found
SAST🟢 9SAST tool is not run on all commits -- score normalized to 9
Fuzzing⚠️ 0project is not fuzzed
Branch-Protection🟢 8branch protection is not maximal on development and all release branches
Pinned-Dependencies🟢 3dependency not pinned by hash detected -- score normalized to 3
License🟢 10license file detected
Vulnerabilities⚠️ 029 existing vulnerabilities detected
CI-Tests🟢 1030 out of 30 merged PRs checked by a CI test -- score normalized to 10
Contributors🟢 10project has 7 contributing companies or organizations
actions/actions/download-artifact 634f93cb2916e3fdff6788551b99b062d0335ce0 🟢 5.6
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Maintained🟢 1013 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Binary-Artifacts🟢 10no binaries found in the repo
Packaging⚠️ -1packaging workflow not detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Pinned-Dependencies⚠️ 1dependency not pinned by hash detected -- score normalized to 1
Signed-Releases⚠️ -1no releases found
Security-Policy🟢 9security policy file detected
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
SAST🟢 10SAST tool is run on all commits
Vulnerabilities⚠️ 011 existing vulnerabilities detected
actions/intel/ai-containers/.github/workflows/container-ci.yaml sramakr1/add_pytorch_test_check 🟢 7.9
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Binary-Artifacts🟢 10no binaries found in the repo
Maintained🟢 1030 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Dependency-Update-Tool🟢 10update tool detected
Security-Policy🟢 10security policy file detected
Packaging⚠️ -1packaging workflow not detected
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices🟢 5badge detected: Passing
Signed-Releases⚠️ -1no releases found
SAST🟢 9SAST tool is not run on all commits -- score normalized to 9
Fuzzing⚠️ 0project is not fuzzed
Branch-Protection🟢 8branch protection is not maximal on development and all release branches
Pinned-Dependencies🟢 3dependency not pinned by hash detected -- score normalized to 3
License🟢 10license file detected
Vulnerabilities⚠️ 029 existing vulnerabilities detected
CI-Tests🟢 1030 out of 30 merged PRs checked by a CI test -- score normalized to 10
Contributors🟢 10project has 7 contributing companies or organizations
actions/marocchino/sticky-pull-request-comment 773744901bac0e8cbb5a0dc842800d45e9b2b405 🟢 5.2
Details
CheckScoreReason
Binary-Artifacts🟢 10no binaries found in the repo
Maintained🟢 1030 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
Code-Review⚠️ 0Found 0/1 approved changesets -- score normalized to 0
Packaging⚠️ -1packaging workflow not detected
Token-Permissions🟢 9detected GitHub workflow tokens with excessive permissions
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Security-Policy⚠️ 0security policy file not detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities🟢 100 existing vulnerabilities detected
pip/psutil 7.1.0 🟢 5.7
Details
CheckScoreReason
Packaging⚠️ -1packaging workflow not detected
Maintained🟢 1030 commit(s) and 11 issue activity found in the last 90 days -- score normalized to 10
Code-Review⚠️ 1Found 5/30 approved changesets -- score normalized to 1
Security-Policy🟢 10security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
License🟢 10license file detected
Vulnerabilities🟢 100 existing vulnerabilities detected
Fuzzing🟢 10project is fuzzed
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0

Scanned Files

  • .github/workflows/container-ci.yaml
  • .github/workflows/integration-test.yaml
  • python/requirements.txt

Signed-off-by: Srikanth Ramakrishna <[email protected]>
Signed-off-by: Srikanth Ramakrishna <[email protected]>
Signed-off-by: Srikanth Ramakrishna <[email protected]>
Signed-off-by: Srikanth Ramakrishna <[email protected]>
Signed-off-by: Srikanth Ramakrishna <[email protected]>
Signed-off-by: Srikanth Ramakrishna <[email protected]>
Signed-off-by: Srikanth Ramakrishna <[email protected]>
Signed-off-by: Srikanth Ramakrishna <[email protected]>
Signed-off-by: Srikanth Ramakrishna <[email protected]>
Signed-off-by: Srikanth Ramakrishna <[email protected]>
Signed-off-by: Srikanth Ramakrishna <[email protected]>
Signed-off-by: Srikanth Ramakrishna <[email protected]>
Signed-off-by: Srikanth Ramakrishna <[email protected]>
Signed-off-by: Srikanth Ramakrishna <[email protected]>
Signed-off-by: Srikanth Ramakrishna <[email protected]>
Signed-off-by: Srikanth Ramakrishna <[email protected]>
Signed-off-by: Srikanth Ramakrishna <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant