Hey group, it has been some time. I hope all is well. This is a bit important so I had to tag the Modular community. Will there be a security policy implemented for gh ci. I went ahead and added Codeql and Bandit to my fork to scan Python code for the time being.
Robert
Hi @rcmpge,
Thanks for sharing this question. Are you referring to the modular-community channel repo? Or to the modular repo?
Hey Caroline. Originally mainline Modular. But the community repository is important as well
For the community channel, source repos are required to have CodeQL scanning enabled if they aren’t 100% Mojo (since CodeQL scanning won’t do anything for Mojo).
For the main Modular repo, can you expand a little bit on what you mean by a security policy? It doesn’t look like we have CodeQL scanning enabled on the repo, if that’s what you’re asking.
This is a growing field in R&D and cybersecurity. Model injection in code and specifics too many to name. Protect AI is building in this space. More info here: Insights DB
Gotcha, thanks for sharing that context! Can you clarify what kind of security policy you’re looking for in terms of the modular/modular repo?
Security policy - don’t be a bad person 
This topic was automatically closed 180 days after the last reply. New replies are no longer allowed.