{"date":"2025-12-20T13:18:07Z","repo":{"name":"github.com/tensorflow/tensorflow","commit":"4c4373fe645c803b5651e7fe6ad141839acc272f"},"scorecard":{"version":"v5.3.0","commit":"c22063e786c11f9dd714d777a687ff7c4599b600"},"score":7.3,"checks":[{"name":"Maintained","score":10,"reason":"30 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#maintained"}},{"name":"Code-Review","score":1,"reason":"Found 4/30 approved changesets -- score normalized to 1","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#code-review"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#packaging"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#security-policy"}},{"name":"Token-Permissions","score":9,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/issue-on-pr-rollback.yml:30","Info: jobLevel 'contents' permission set to 'read': .github/workflows/issue-on-pr-rollback.yml:28","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/update-nightly.yml:29","Info: topLevel 'contents' permission set to 'read': .github/workflows/arm-cd.yml:28","Info: topLevel 'contents' permission set to 'read': .github/workflows/arm-ci-extended-cpp.yml:26","Info: topLevel 'contents' permission set to 'read': .github/workflows/arm-ci-extended.yml:26","Info: topLevel 'contents' permission set to 'read': .github/workflows/arm-ci.yml:24","Info: topLevel 'contents' permission set to 'read': .github/workflows/cffconvert.yml:24","Info: found token with 'none' permissions: .github/workflows/issue-on-pr-rollback.yml:1","Warn: topLevel 'security-events' permission set to 'write': .github/workflows/osv-scanner-scheduled.yml:24","Info: topLevel 'contents' permission set to 'read': .github/workflows/osv-scanner-scheduled.yml:26","Info: topLevel 'contents' permission set to 'read': .github/workflows/pylint-presubmit.yml:23","Info: topLevel 'contents' permission set to 'read': .github/workflows/release-branch-cherrypick.yml:39","Info: topLevel permissions set to 'read-all': .github/workflows/scorecards-analysis.yml:29","Info: topLevel 'contents' permission set to 'read': .github/workflows/stale-issues.yml:22","Info: found token with 'none' permissions: .github/workflows/update-nightly.yml:1","Info: topLevel 'contents' permission set to 'read': .github/workflows/update-rbe.yml:24"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#token-permissions"}},{"name":"Dependency-Update-Tool","score":10,"reason":"update tool detected","details":["Info: detected update tool: Dependabot: .github/dependabot.yml:1"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#dependency-update-tool"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#dangerous-workflow"}},{"name":"CII-Best-Practices","score":5,"reason":"badge detected: Passing","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#cii-best-practices"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#signed-releases"}},{"name":"Binary-Artifacts","score":8,"reason":"binaries present in source code","details":["Warn: binary detected: tensorflow/lite/java/demo/gradle/wrapper/gradle-wrapper.jar:1","Warn: binary detected: tensorflow/lite/java/ovic/demo/gradle/wrapper/gradle-wrapper.jar:1"],"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#binary-artifacts"}},{"name":"Fuzzing","score":10,"reason":"project is fuzzed","details":["Info: OSSFuzz integration found","Info: PythonAtherisFuzzer integration found: tensorflow/security/fuzzing/abs_fuzz.py:16","Info: PythonAtherisFuzzer integration found: tensorflow/security/fuzzing/acos_fuzz.py:16","Info: PythonAtherisFuzzer integration found: tensorflow/security/fuzzing/acosh_fuzz.py:16","Info: PythonAtherisFuzzer integration found: tensorflow/security/fuzzing/add_fuzz.py:16","Info: PythonAtherisFuzzer integration found: tensorflow/security/fuzzing/constant_fuzz.py:16","Info: PythonAtherisFuzzer integration found: tensorflow/security/fuzzing/dataFormatVecPermute_fuzz.py:16","Info: PythonAtherisFuzzer integration found: tensorflow/security/fuzzing/immutableConst_fuzz.py:16","Info: PythonAtherisFuzzer integration found: tensorflow/security/fuzzing/python_fuzzing.py:17","Info: PythonAtherisFuzzer integration found: tensorflow/security/fuzzing/raggedCountSparseOutput_fuzz.py:16","Info: PythonAtherisFuzzer integration found: tensorflow/security/fuzzing/sparseCountSparseOutput_fuzz.py:16","Info: PythonAtherisFuzzer integration found: tensorflow/security/fuzzing/tf2migration_fuzz.py:16"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#license"}},{"name":"SAST","score":9,"reason":"SAST tool is not run on all commits -- score normalized to 9","details":["Warn: 25 commits out of 26 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#sast"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#branch-protection"}},{"name":"Pinned-Dependencies","score":1,"reason":"dependency not pinned by hash detected -- score normalized to 1","details":["Info: Possibly incomplete results: error parsing shell code: a command can only contain words and redirects; encountered (: ci/devinfra/docker/windows/Dockerfile:26","Info: Possibly incomplete results: error parsing shell code: statements must be separated by &, ; or a newline: ci/devinfra/docker/windows/Dockerfile:32-34","Info: Possibly incomplete results: error parsing shell code: statements must be separated by &, ; or a newline: ci/devinfra/docker/windows/Dockerfile:37","Info: Possibly incomplete results: error parsing shell code: statements must be separated by &, ; or a newline: ci/devinfra/docker/windows/Dockerfile:55-60","Info: Possibly incomplete results: error parsing shell code: statements must be separated by &, ; or a newline: ci/devinfra/docker/windows/Dockerfile:63-69","Info: Possibly incomplete results: error parsing shell code: a command can only contain words and redirects; encountered (: ci/devinfra/docker/windows/Dockerfile:83-100","Info: Possibly incomplete results: error parsing shell code: a command can only contain words and redirects; encountered (: ci/devinfra/docker/windows/Dockerfile:107-121","Info: Possibly incomplete results: error parsing shell code: statements must be separated by &, ; or a newline: ci/devinfra/docker/windows/Dockerfile:153-157","Info: Possibly incomplete results: error parsing shell code: statements must be separated by &, ; or a newline: ci/devinfra/docker/windows/Dockerfile:160-161","Info: Possibly incomplete results: error parsing shell code: & can only immediately follow a statement: ci/devinfra/docker/windows/Dockerfile:162","Info: Possibly incomplete results: error parsing shell code: \"foo(\" must be followed by ): ci/devinfra/docker/windows/Dockerfile:163-164","Info: Possibly incomplete results: error parsing shell code: statements must be separated by &, ; or a newline: ci/devinfra/docker/windows2022/Dockerfile:24-26","Info: Possibly incomplete results: error parsing shell code: statements must be separated by &, ; or a newline: ci/devinfra/docker/windows2022/Dockerfile:29","Info: Possibly incomplete results: error parsing shell code: statements must be separated by &, ; or a newline: ci/devinfra/docker/windows2022/Dockerfile:46-51","Info: Possibly incomplete results: error parsing shell code: statements must be separated by &, ; or a newline: ci/devinfra/docker/windows2022/Dockerfile:54-60","Info: Possibly incomplete results: error parsing shell code: \"foo(\" must be followed by ): ci/devinfra/docker/windows2022/Dockerfile:72-115","Info: Possibly incomplete results: error parsing shell code: a command can only contain words and redirects; encountered (: ci/devinfra/docker/windows2022/Dockerfile:123-137","Info: Possibly incomplete results: error parsing shell code: statements must be separated by &, ; or a newline: ci/devinfra/docker/windows2022/Dockerfile:170-174","Info: Possibly incomplete results: error parsing shell code: statements must be separated by &, ; or a newline: ci/devinfra/docker/windows2022/Dockerfile:178-179","Info: Possibly incomplete results: error parsing shell code: & can only immediately follow a statement: ci/devinfra/docker/windows2022/Dockerfile:180","Info: Possibly incomplete results: error parsing shell code: \"foo(\" must be followed by ): ci/devinfra/docker/windows2022/Dockerfile:181-182","Info: Possibly incomplete results: error parsing shell code: &> must be followed by a word: tensorflow/compiler/mlir/tensorflow/tests/reducer/unsupported-op-test.sh:0","Info: Possibly incomplete results: error parsing shell code: invalid var name: tensorflow/tools/ci_build/builds/test_user_ops.sh:0","Warn: third-party GitHubAction not pinned by hash: .github/workflows/osv-scanner-scheduled.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/tensorflow/tensorflow/osv-scanner-scheduled.yml/master?enable=pin","Warn: containerImage not pinned by hash: ci/devinfra/docker/windows/Dockerfile:15: pin your Docker image by updating mcr.microsoft.com/windows/servercore:ltsc2019 to mcr.microsoft.com/windows/servercore:ltsc2019@sha256:a3d7773c4a836c2efd3ecb89f4fcb41199ee56d454225cf72a65b603bf569eca","Warn: containerImage not pinned by hash: ci/devinfra/docker/windows2022/Dockerfile:11: pin your Docker image by updating mcr.microsoft.com/windows/servercore:ltsc2022 to mcr.microsoft.com/windows/servercore:ltsc2022@sha256:3750d7fcd320130cc2ce61954902b71729e85ec2c07c5a2e83a6d6c7f34a61e5","Warn: containerImage not pinned by hash: ci/official/containers/ml_build/Dockerfile:3","Warn: containerImage not pinned by hash: tensorflow/lite/tools/pip_package/Dockerfile.py3:16","Warn: containerImage not pinned by hash: tensorflow/lite/tools/tflite-android.Dockerfile:1: pin your Docker image by updating tensorflow/build:latest-python3.11 to tensorflow/build:latest-python3.11@sha256:15ce4d4aff708dba7720752587026d15c563c9078269c932abcfb50e9fd68f6c","Warn: containerImage not pinned by hash: tensorflow/tools/ci_build/Dockerfile.android:1: pin your Docker image by updating ubuntu:16.04 to ubuntu:16.04@sha256:1f1a2d56de1d604801a9671f301190704c25d604a416f59e03c04f5c6ffee0d6","Warn: containerImage not pinned by hash: tensorflow/tools/ci_build/Dockerfile.cmake:15: pin your Docker image by updating ubuntu:16.04 to ubuntu:16.04@sha256:1f1a2d56de1d604801a9671f301190704c25d604a416f59e03c04f5c6ffee0d6","Warn: containerImage not pinned by hash: tensorflow/tools/ci_build/Dockerfile.cpu:1: pin your Docker image by updating ubuntu:16.04 to ubuntu:16.04@sha256:1f1a2d56de1d604801a9671f301190704c25d604a416f59e03c04f5c6ffee0d6","Warn: containerImage not pinned by hash: tensorflow/tools/ci_build/Dockerfile.cpu-py36:1: pin your Docker image by updating ubuntu:16.04 to ubuntu:16.04@sha256:1f1a2d56de1d604801a9671f301190704c25d604a416f59e03c04f5c6ffee0d6","Warn: containerImage not pinned by hash: tensorflow/tools/ci_build/Dockerfile.cpu.arm64:1: pin your Docker image by updating linaro/tensorflow-arm64-build:2.17-multipython to linaro/tensorflow-arm64-build:2.17-multipython@sha256:71d97e638fc3059a38a94cd0af2935da0cce288ecec9a8bbebafe2fb150cd664","Warn: containerImage not pinned by hash: tensorflow/tools/ci_build/Dockerfile.cpu.ppc64le:1: pin your Docker image by updating ubuntu:16.04 to ubuntu:16.04@sha256:1f1a2d56de1d604801a9671f301190704c25d604a416f59e03c04f5c6ffee0d6","Warn: containerImage not pinned by hash: tensorflow/tools/ci_build/Dockerfile.cuda-clang:11","Warn: containerImage not pinned by hash: tensorflow/tools/ci_build/Dockerfile.custom_op_gpu:1","Warn: containerImage not pinned by hash: tensorflow/tools/ci_build/Dockerfile.custom_op_ubuntu_16:3: pin your Docker image by updating ubuntu:16.04 to ubuntu:16.04@sha256:1f1a2d56de1d604801a9671f301190704c25d604a416f59e03c04f5c6ffee0d6","Warn: containerImage not pinned by hash: tensorflow/tools/ci_build/Dockerfile.custom_op_ubuntu_16:34: pin your Docker image by updating ubuntu:16.04 to ubuntu:16.04@sha256:1f1a2d56de1d604801a9671f301190704c25d604a416f59e03c04f5c6ffee0d6","Warn: containerImage not pinned by hash: tensorflow/tools/ci_build/Dockerfile.custom_op_ubuntu_16_cuda10.0:3","Warn: containerImage not pinned by hash: tensorflow/tools/ci_build/Dockerfile.custom_op_ubuntu_16_cuda10.0:30","Warn: containerImage not pinned by hash: tensorflow/tools/ci_build/Dockerfile.custom_op_ubuntu_16_cuda10.1:3","Warn: containerImage not pinned by hash: tensorflow/tools/ci_build/Dockerfile.custom_op_ubuntu_16_cuda10.1:30","Warn: containerImage not pinned by hash: tensorflow/tools/ci_build/Dockerfile.custom_op_ubuntu_16_cuda11.2:3","Warn: containerImage not pinned by hash: tensorflow/tools/ci_build/Dockerfile.custom_op_ubuntu_16_cuda11.2:30","Warn: containerImage not pinned by hash: tensorflow/tools/ci_build/Dockerfile.debian.bullseye.cpu:1: pin your Docker image by updating debian:bullseye-20221219 to debian:bullseye-20221219@sha256:c66c0e5dc607baefefda1d9e64a3b3a317e4189c540c8eac0c1a06186fe353a1","Warn: containerImage not pinned by hash: tensorflow/tools/ci_build/Dockerfile.gpu:1","Warn: containerImage not pinned by hash: tensorflow/tools/ci_build/Dockerfile.gpu.ppc64le:1: pin your Docker image by updating nvidia/cuda-ppc64le:9.2-cudnn7-devel-ubuntu16.04 to nvidia/cuda-ppc64le:9.2-cudnn7-devel-ubuntu16.04@sha256:2f11acbd03c1f316f8bece8e850a8ebdc8cbaa262a4afd95c608e51062c0b344","Warn: containerImage not pinned by hash: tensorflow/tools/ci_build/Dockerfile.local-toolchain-ubuntu18.04-manylinux2010:10: pin your Docker image by updating ubuntu:18.04 to ubuntu:18.04@sha256:152dc042452c496007f07ca9127571cb9c29697f42acbfad72324b2bb2e43c98","Warn: containerImage not pinned by hash: tensorflow/tools/ci_build/Dockerfile.local-toolchain-ubuntu20.04-manylinux2014:13: pin your Docker image by updating ubuntu:20.04 to ubuntu:20.04@sha256:8feb4d8ca5354def3d8fce243717141ce31e2c428701f6682bd2fafe15388214","Warn: containerImage not pinned by hash: tensorflow/tools/ci_build/Dockerfile.micro:4: pin your Docker image by updating python:3.12.0a3-slim-bullseye to python:3.12.0a3-slim-bullseye@sha256:af6510dd0c93066231f4f5f0d6b399a47cf5f91c26c6797f5e145fab01d94316","Warn: containerImage not pinned by hash: tensorflow/tools/ci_build/Dockerfile.pi:1: pin your Docker image by updating ubuntu:14.04 to ubuntu:14.04@sha256:64483f3496c1373bfd55348e88694d1c4d0c9b660dee6bfef5e12f43b9933b30","Warn: containerImage not pinned by hash: tensorflow/tools/ci_build/Dockerfile.rbe.cpu:6: pin your Docker image by updating launcher.gcr.io/google/rbe-ubuntu16-04:r327695 to launcher.gcr.io/google/rbe-ubuntu16-04:r327695@sha256:b940d4f08ea79ce9a07220754052da2ac4a4316e035d8799769cea3c24d10c66","Warn: containerImage not pinned by hash: tensorflow/tools/ci_build/Dockerfile.rbe.ubuntu16.04-manylinux2010:11: pin your Docker image by updating ubuntu:16.04 to ubuntu:16.04@sha256:1f1a2d56de1d604801a9671f301190704c25d604a416f59e03c04f5c6ffee0d6","Warn: containerImage not pinned by hash: tensorflow/tools/ci_build/Dockerfile.rbe.ubuntu16.04-manylinux2010:40: pin your Docker image by updating ubuntu:16.04 to ubuntu:16.04@sha256:1f1a2d56de1d604801a9671f301190704c25d604a416f59e03c04f5c6ffee0d6","Warn: containerImage not pinned by hash: tensorflow/tools/ci_build/Dockerfile.rocm:3: pin your Docker image by updating ubuntu:focal to ubuntu:focal@sha256:8feb4d8ca5354def3d8fce243717141ce31e2c428701f6682bd2fafe15388214","Warn: containerImage not pinned by hash: tensorflow/tools/ci_build/linux/mkl/Dockerfile.devel-mkl:4: pin your Docker image by updating tensorflow/tensorflow:devel to tensorflow/tensorflow:devel@sha256:f76dcc958aaf85d3d55a53c811caa1559bea13b9195e2ba6ae4d0b6a1a9a31b9","Warn: pipCommand not pinned by hash: ci/devinfra/docker/windows/Dockerfile:104-105","Warn: pipCommand not pinned by hash: tensorflow/lite/tools/pip_package/Dockerfile.py3:55","Warn: pipCommand not pinned by hash: tensorflow/lite/tools/pip_package/Dockerfile.py3:56","Warn: pipCommand not pinned by hash: tensorflow/tools/ci_build/Dockerfile.cmake:26","Warn: pipCommand not pinned by hash: tensorflow/tools/ci_build/Dockerfile.cmake:27","Warn: pipCommand not pinned by hash: tensorflow/tools/ci_build/Dockerfile.cmake:28","Warn: pipCommand not pinned by hash: tensorflow/tools/ci_build/Dockerfile.cmake:29","Warn: pipCommand not pinned by hash: tensorflow/tools/ci_build/Dockerfile.cmake:30","Warn: pipCommand not pinned by hash: tensorflow/tools/ci_build/Dockerfile.cmake:31","Warn: pipCommand not pinned by hash: tensorflow/tools/ci_build/Dockerfile.custom_op_ubuntu_16:78","Warn: pipCommand not pinned by hash: tensorflow/tools/ci_build/Dockerfile.custom_op_ubuntu_16_cuda10.0:78","Warn: pipCommand not pinned by hash: tensorflow/tools/ci_build/Dockerfile.custom_op_ubuntu_16_cuda10.1:80","Warn: pipCommand not pinned by hash: tensorflow/tools/ci_build/Dockerfile.custom_op_ubuntu_16_cuda11.2:80","Warn: pipCommand not pinned by hash: tensorflow/tools/ci_build/Dockerfile.debian.bullseye.cpu:23","Warn: pipCommand not pinned by hash: tensorflow/tools/ci_build/Dockerfile.micro:22","Warn: pipCommand not pinned by hash: tensorflow/tools/ci_build/Dockerfile.micro:24","Warn: downloadThenRun not pinned by hash: tensorflow/tools/tf_sig_build_dockerfiles/Dockerfile:45","Warn: downloadThenRun not pinned by hash: ci/official/containers/ml_build/setup.python.sh:57","Warn: downloadThenRun not pinned by hash: ci/official/containers/ml_build_arm64/setup.python.sh:96","Warn: pipCommand not pinned by hash: ci/official/utilities/setup_macos.sh:121","Warn: goCommand not pinned by hash: tensorflow/go/genop/generate.sh:19","Warn: goCommand not pinned by hash: tensorflow/go/genop/generate.sh:20","Warn: pipCommand not pinned by hash: tensorflow/tools/ci_build/builds/docker_cpu_pip.sh:22","Warn: pipCommand not pinned by hash: tensorflow/tools/ci_build/builds/nightly_release_smoke_test.sh:45","Warn: pipCommand not pinned by hash: tensorflow/tools/ci_build/builds/nightly_release_smoke_test.sh:99","Warn: pipCommand not pinned by hash: tensorflow/tools/ci_build/builds/pip_new.sh:764","Warn: pipCommand not pinned by hash: tensorflow/tools/ci_build/builds/pip_new.sh:765","Warn: pipCommand not pinned by hash: tensorflow/tools/ci_build/install/install_auditwheel.sh:19","Warn: pipCommand not pinned by hash: tensorflow/tools/ci_build/install/install_auditwheel.sh:23","Warn: pipCommand not pinned by hash: tensorflow/tools/ci_build/install/install_centos_pip_packages.sh:20","Warn: pipCommand not pinned by hash: tensorflow/tools/ci_build/install/install_centos_pip_packages.sh:23","Warn: pipCommand not pinned by hash: tensorflow/tools/ci_build/install/install_centos_pip_packages.sh:28","Warn: pipCommand not pinned by hash: tensorflow/tools/ci_build/install/install_centos_pip_packages.sh:31","Warn: pipCommand not pinned by hash: tensorflow/tools/ci_build/install/install_centos_pip_packages.sh:35","Warn: pipCommand not pinned by hash: tensorflow/tools/ci_build/install/install_centos_pip_packages.sh:39","Warn: pipCommand not pinned by hash: tensorflow/tools/ci_build/install/install_centos_pip_packages.sh:43","Warn: pipCommand not pinned by hash: tensorflow/tools/ci_build/install/install_centos_pip_packages.sh:47","Warn: pipCommand not pinned by hash: tensorflow/tools/ci_build/install/install_centos_pip_packages.sh:51","Warn: pipCommand not pinned by hash: tensorflow/tools/ci_build/install/install_centos_pip_packages.sh:55","Warn: pipCommand not pinned by hash: tensorflow/tools/ci_build/install/install_centos_pip_packages.sh:58","Warn: pipCommand not pinned by hash: tensorflow/tools/ci_build/install/install_centos_pip_packages.sh:61","Warn: pipCommand not pinned by hash: tensorflow/tools/ci_build/install/install_centos_pip_packages.sh:64","Warn: pipCommand not pinned by hash: tensorflow/tools/ci_build/install/install_centos_pip_packages.sh:68","Warn: pipCommand not pinned by hash: tensorflow/tools/ci_build/install/install_centos_pip_packages.sh:73","Warn: pipCommand not pinned by hash: tensorflow/tools/ci_build/install/install_centos_pip_packages.sh:77","Warn: pipCommand not pinned by hash: tensorflow/tools/ci_build/install/install_centos_pip_packages.sh:81","Warn: pipCommand not pinned by hash: tensorflow/tools/ci_build/install/install_centos_pip_packages.sh:87","Warn: pipCommand not pinned by hash: tensorflow/tools/ci_build/install/install_centos_pip_packages.sh:91","Warn: pipCommand not pinned by hash: tensorflow/tools/ci_build/install/install_centos_pip_packages.sh:95","Warn: pipCommand not pinned by hash: tensorflow/tools/ci_build/install/install_centos_pip_packages.sh:97","Warn: pipCommand not pinned by hash: tensorflow/tools/ci_build/install/install_centos_pip_packages.sh:99","Warn: pipCommand not pinned by hash: tensorflow/tools/ci_build/install/install_centos_pip_packages.sh:103","Warn: pipCommand not pinned by hash: tensorflow/tools/ci_build/install/install_centos_pip_packages.sh:105","Warn: pipCommand not pinned by hash: tensorflow/tools/ci_build/install/install_pi_python3.9_toolchain.sh:25","Warn: pipCommand not pinned by hash: tensorflow/tools/ci_build/install/install_pip_packages.sh:29","Warn: pipCommand not pinned by hash: tensorflow/tools/ci_build/install/install_pip_packages.sh:33","Warn: pipCommand not pinned by hash: tensorflow/tools/ci_build/install/install_pip_packages.sh:35","Warn: pipCommand not pinned by hash: tensorflow/tools/ci_build/install/install_pip_packages.sh:38","Warn: pipCommand not pinned by hash: tensorflow/tools/ci_build/install/install_pip_packages.sh:39","Warn: pipCommand not pinned by hash: tensorflow/tools/ci_build/install/install_pip_packages.sh:42","Warn: pipCommand not pinned by hash: tensorflow/tools/ci_build/install/install_pip_packages.sh:45","Warn: pipCommand not pinned by hash: tensorflow/tools/ci_build/install/install_pip_packages.sh:48","Warn: pipCommand not pinned by hash: tensorflow/tools/ci_build/install/install_pip_packages.sh:51","Warn: pipCommand not pinned by hash: tensorflow/tools/ci_build/install/install_pip_packages.sh:54","Warn: pipCommand not pinned by hash: tensorflow/tools/ci_build/install/install_pip_packages.sh:63","Warn: pipCommand not pinned by hash: tensorflow/tools/ci_build/install/install_pip_packages.sh:65","Warn: pipCommand not pinned by hash: tensorflow/tools/ci_build/install/install_pip_packages.sh:68","Warn: pipCommand not pinned by hash: tensorflow/tools/ci_build/install/install_pip_packages.sh:70","Warn: pipCommand not pinned by hash: tensorflow/tools/ci_build/install/install_pip_packages.sh:73","Warn: pipCommand not pinned by hash: tensorflow/tools/ci_build/install/install_pip_packages.sh:76","Warn: pipCommand not pinned by hash: tensorflow/tools/ci_build/install/install_pip_packages.sh:77","Warn: pipCommand not pinned by hash: tensorflow/tools/ci_build/install/install_pip_packages.sh:82","Warn: pipCommand not pinned by hash: tensorflow/tools/ci_build/install/install_pip_packages.sh:85","Warn: pipCommand not pinned by hash: tensorflow/tools/ci_build/install/install_pip_packages.sh:87","Warn: pipCommand not pinned by hash: tensorflow/tools/ci_build/install/install_pip_packages.sh:90","Warn: pipCommand not pinned by hash: tensorflow/tools/ci_build/install/install_pip_packages.sh:93","Warn: pipCommand not pinned by hash: tensorflow/tools/ci_build/install/install_pip_packages.sh:94","Warn: pipCommand not pinned by hash: tensorflow/tools/ci_build/install/install_pip_packages.sh:95","Warn: pipCommand not pinned by hash: tensorflow/tools/ci_build/install/install_pip_packages.sh:98","Warn: pipCommand not pinned by hash: tensorflow/tools/ci_build/install/install_pip_packages.sh:99","Warn: pipCommand not pinned by hash: tensorflow/tools/ci_build/install/install_pip_packages.sh:102","Warn: pipCommand not pinned by hash: tensorflow/tools/ci_build/install/install_pip_packages.sh:105","Warn: pipCommand not pinned by hash: tensorflow/tools/ci_build/install/install_pip_packages.sh:108","Warn: pipCommand not pinned by hash: tensorflow/tools/ci_build/install/install_pip_packages.sh:112","Warn: pipCommand not pinned by hash: tensorflow/tools/ci_build/install/install_pip_packages.sh:113","Warn: pipCommand not pinned by hash: tensorflow/tools/ci_build/install/install_python3.6_pip_packages.sh:50","Warn: pipCommand not pinned by hash: tensorflow/tools/ci_build/install/install_python3.6_pip_packages.sh:54","Warn: pipCommand not pinned by hash: tensorflow/tools/ci_build/install/install_python3.6_pip_packages.sh:56","Warn: pipCommand not pinned by hash: tensorflow/tools/ci_build/install/install_python3.6_pip_packages.sh:61","Warn: pipCommand not pinned by hash: tensorflow/tools/ci_build/install/install_python3.6_pip_packages.sh:62","Warn: pipCommand not pinned by hash: tensorflow/tools/ci_build/install/install_python3.6_pip_packages.sh:65","Warn: pipCommand not pinned by hash: tensorflow/tools/ci_build/install/install_python3.6_pip_packages.sh:75","Warn: pipCommand not pinned by hash: tensorflow/tools/ci_build/install/install_python3.6_pip_packages.sh:77","Warn: pipCommand not pinned by hash: tensorflow/tools/ci_build/install/install_python3.6_pip_packages.sh:79","Warn: pipCommand not pinned by hash: tensorflow/tools/ci_build/install/install_python3.6_pip_packages.sh:82","Warn: pipCommand not pinned by hash: tensorflow/tools/ci_build/install/install_python3.6_pip_packages.sh:84","Warn: pipCommand not pinned by hash: tensorflow/tools/ci_build/install/install_python3.6_pip_packages.sh:86","Warn: pipCommand not pinned by hash: tensorflow/tools/ci_build/install/install_python3.6_pip_packages.sh:89","Warn: pipCommand not pinned by hash: tensorflow/tools/ci_build/install/install_python3.6_pip_packages.sh:91","Warn: pipCommand not pinned by hash: tensorflow/tools/ci_build/install/install_python3.6_pip_packages.sh:93","Warn: pipCommand not pinned by hash: tensorflow/tools/ci_build/install/install_python3.6_pip_packages.sh:95","Warn: pipCommand not pinned by hash: tensorflow/tools/ci_build/install/install_python3.6_pip_packages.sh:98","Warn: pipCommand not pinned by hash: tensorflow/tools/ci_build/install/install_python3.6_pip_packages.sh:99","Warn: pipCommand not pinned by hash: tensorflow/tools/ci_build/install/install_python3.6_pip_packages.sh:100","Warn: pipCommand not pinned by hash: tensorflow/tools/ci_build/install/install_python3.6_pip_packages.sh:102","Warn: pipCommand not pinned by hash: tensorflow/tools/ci_build/install/install_python3.6_pip_packages.sh:105","Warn: pipCommand not pinned by hash: tensorflow/tools/ci_build/install/install_python3.6_pip_packages.sh:108","Warn: pipCommand not pinned by hash: tensorflow/tools/ci_build/linux/cmake/run.sh:44","Warn: pipCommand not pinned by hash: tensorflow/tools/ci_build/linux/gpu/run_mkl.sh:34","Warn: pipCommand not pinned by hash: tensorflow/tools/ci_build/linux/gpu/run_mkl.sh:35","Warn: pipCommand not pinned by hash: tensorflow/tools/ci_build/linux/mkl/install_openmpi_horovod.sh:101","Warn: pipCommand not pinned by hash: tensorflow/tools/ci_build/linux/mkl/install_openmpi_horovod.sh:104","Warn: pipCommand not pinned by hash: tensorflow/tools/ci_build/rel/ubuntu/cpu_arm64_test_build.sh:58","Warn: pipCommand not pinned by hash: tensorflow/tools/ci_build/release/common.sh:220","Warn: pipCommand not pinned by hash: tensorflow/tools/ci_build/release/common.sh:250","Warn: pipCommand not pinned by hash: tensorflow/tools/ci_build/windows/bazel/cpu_win_test.sh:130","Warn: pipCommand not pinned by hash: tensorflow/tools/tf_sig_build_dockerfiles/setup.python.sh:60","Warn: pipCommand not pinned by hash: tensorflow/tools/tf_sig_build_dockerfiles/setup.python.sh:61","Warn: pipCommand not pinned by hash: tensorflow/tools/tf_sig_build_dockerfiles/setup.python.sh:64","Warn: downloadThenRun not pinned by hash: third_party/xla/build_tools/sycl/install_oneapi.sh:27","Warn: pipCommand not pinned by hash: third_party/xla/xla/backends/cpu/benchmarks/e2e/gemma2/flax_2b/setup.sh:31","Warn: pipCommand not pinned by hash: third_party/xla/xla/backends/cpu/benchmarks/e2e/gemma2/keras/setup.sh:25","Warn: pipCommand not pinned by hash: third_party/xla/xla/backends/cpu/benchmarks/e2e/gemma2/pytorch_2b/setup.sh:32","Warn: pipCommand not pinned by hash: .github/workflows/pylint-presubmit.yml:46","Warn: pipCommand not pinned by hash: .github/workflows/pylint-presubmit.yml:47","Info:  19 out of  19 GitHub-owned GitHubAction dependencies pinned","Info:   6 out of   7 third-party GitHubAction dependencies pinned","Info:  12 out of  45 containerImage dependencies pinned","Info:   2 out of 121 pipCommand dependencies pinned","Info:   0 out of   4 downloadThenRun dependencies pinned","Info:   0 out of   2 goCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#pinned-dependencies"}},{"name":"CI-Tests","score":9,"reason":"25 out of 26 merged PRs checked by a CI test -- score normalized to 9","details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#ci-tests"}},{"name":"Contributors","score":10,"reason":"project has 20 contributing companies or organizations","details":["Info: found contributions from: NVIDIA, coredns, google, google germany gmbh, googlers, haskell-ro, https://github.com/google, iesl, iree-org, keras-team, llvm, moby, nvidia, openxla, ray-project @anyscale ex-@tensorflow, rosedu, scikit-learn, sosy-lab, tensorflow, xinutec"],"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#contributors"}},{"name":"Vulnerabilities","score":0,"reason":"44 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: PYSEC-2021-142 / GHSA-8q59-q68h-6hv4","Warn: Project is vulnerable to: PYSEC-2018-49 / GHSA-rprw-h62v-c2w7","Warn: Project is vulnerable to: PYSEC-2014-14 / GHSA-652x-xj99-gmcc","Warn: Project is vulnerable to: GHSA-9hjg-9r4m-mvj7","Warn: Project is vulnerable to: GHSA-9wx4-h78v-vm56","Warn: Project is vulnerable to: PYSEC-2014-13 / GHSA-cfj3-7x9c-4p3h","Warn: Project is vulnerable to: PYSEC-2018-28 / GHSA-x84v-xcm2-53pg","Warn: Project is vulnerable to: GHSA-34jh-p97f-mpxf","Warn: Project is vulnerable to: PYSEC-2023-212 / GHSA-g4mx-q9vg-27p4","Warn: Project is vulnerable to: PYSEC-2023-207 / GHSA-gwvm-45gx-3cf8","Warn: Project is vulnerable to: PYSEC-2019-133 / GHSA-mh33-7rrq-662w","Warn: Project is vulnerable to: GHSA-pq67-6m6q-mj2v","Warn: Project is vulnerable to: PYSEC-2019-132 / GHSA-r64q-w8jr-g9qp","Warn: Project is vulnerable to: PYSEC-2023-192 / GHSA-v845-jxx5-vc9f","Warn: Project is vulnerable to: PYSEC-2020-148 / GHSA-wqvq-5m8c-6g24","Warn: Project is vulnerable to: PYSEC-2018-32 / GHSA-www2-v7xj-xrc6","Warn: Project is vulnerable to: PYSEC-2021-108","Warn: Project is vulnerable to: GHSA-8qf3-x8v5-2pj8","Warn: Project is vulnerable to: GHSA-pqhf-p39g-3x64","Warn: Project is vulnerable to: GHSA-w476-p2h3-79g9","Warn: Project is vulnerable to: PYSEC-2018-34 / GHSA-2fc2-6r4j-p65h","Warn: Project is vulnerable to: PYSEC-2021-856 / GHSA-5545-2q6w-2gh6","Warn: Project is vulnerable to: PYSEC-2019-108 / GHSA-9fq2-x9r6-wfmf","Warn: Project is vulnerable to: PYSEC-2018-33 / GHSA-cw6w-4rcx-xphc","Warn: Project is vulnerable to: PYSEC-2021-857 / GHSA-f7c7-j99h-c22f","Warn: Project is vulnerable to: GHSA-fpfv-jqm9-f5jm","Warn: Project is vulnerable to: PYSEC-2017-1 / GHSA-frgw-fgh6-9g52","Warn: Project is vulnerable to: GHSA-8qvm-5x2c-j2w7","Warn: Project is vulnerable to: PYSEC-2019-156 / GHSA-xp76-357g-9wqq","Warn: Project is vulnerable to: PYSEC-2023-102","Warn: Project is vulnerable to: PYSEC-2023-114","Warn: Project is vulnerable to: PYSEC-2024-230 / GHSA-248v-346w-9cwc","Warn: Project is vulnerable to: PYSEC-2013-22 / GHSA-27x4-j476-jp5f","Warn: Project is vulnerable to: PYSEC-2025-49 / GHSA-5rjg-fvgr-3xxf","Warn: Project is vulnerable to: GHSA-cx63-2mw6-8hw5","Warn: Project is vulnerable to: PYSEC-2022-43012 / GHSA-r9hx-vwmv-q579","Warn: Project is vulnerable to: GHSA-3749-ghw9-m3mg","Warn: Project is vulnerable to: GHSA-887c-mr87-cxwp","Warn: Project is vulnerable to: PYSEC-2022-43015 / GHSA-47fc-vmwq-366v","Warn: Project is vulnerable to: PYSEC-2025-41 / GHSA-53q9-r3pm-6pq6","Warn: Project is vulnerable to: PYSEC-2024-252 / GHSA-5pcm-hx3q-hm94","Warn: Project is vulnerable to: PYSEC-2024-251 / GHSA-pg7h-5qx3-wjr3","Warn: Project is vulnerable to: PYSEC-2024-250","Warn: Project is vulnerable to: PYSEC-2024-259"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#vulnerabilities"}}]}