Skip to content

feat(ci): Add Scorecard workflow #2824

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

feat(ci): Add Scorecard workflow #2824

wants to merge 1 commit into from

Conversation

@AdamKorcz
Copy link

@AdamKorcz AdamKorcz commented Sep 9, 2025

This PR adds the Scorecard action to Trainers’s CI.

Scorecard is a tool that scans for a number of supply-chain threats and assesses whether Trainer mitigates these threats. Running Scorecard allows projects to avoid degradation in its development pipeline, ie. the action continuously monitors for all Scorecards heuristics and alerts if a given PR increases the risk of a given threat. Projects can also add a badge to demonstrate their Scorecard score.

I highly recommend enabling the “Branch-Protection” check which is disabled in this PR, however, for instructions on enabling it, see the workflow.
Checklist:

  • Docs included if any changes are user facing

@google-oss-prow
Copy link

google-oss-prow bot commented Sep 9, 2025

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign terrytangyuan for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@AdamKorcz
ci: Add Scorecard workflow
ecfef26 
Signed-off-by: Adam Korczynski <[email protected]>
@AdamKorcz AdamKorcz changed the title Add Scorecard CI workflow ci: Add Scorecard workflow Sep 9, 2025
@AdamKorcz AdamKorcz changed the title ci: Add Scorecard workflow feat(ci): Add Scorecard workflow Sep 9, 2025
@coveralls
Copy link

coveralls commented Sep 9, 2025

Pull Request Test Coverage Report for Build 17587861526

Details

  • 0 of 0 changed or added relevant lines in 0 files are covered.
  • No unchanged relevant lines lost coverage.
  • Overall coverage remained the same at 52.136%
Totals Coverage Status
Change from base Build 17582427745: 0.0%
Covered Lines: 1025
Relevant Lines: 1966
💛 - Coveralls

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jinchihe jinchihe Awaiting requested review from jinchihe

@kuizhiqing kuizhiqing Awaiting requested review from kuizhiqing

Assignees

No one assigned

Labels

ok-to-test-gpu-runner size/M

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@AdamKorcz @coveralls @andreyvelich