Add SECURITY.md, restrict github actions permissions

isl-org · Jul 17, 2024 · 473592d · 473592d
1 parent b07a6a6
commit 473592d
Show file tree

Hide file tree

Showing 3 changed files with 24 additions and 8 deletions.
diff --git a/.github/workflows/style.yml b/.github/workflows/style.yml
@@ -1,4 +1,5 @@
 name: Style check
+permissions: {}
 
 on:
   workflow_dispatch:
@@ -9,16 +10,18 @@ on:
 
 jobs:
   style-check:
-    runs-on: ubuntu-20.04
+    permissions:
+      contents: read
+    runs-on: ubuntu-latest
     steps:
       - name: Checkout source code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           submodules: true
       - name: Set up Python version
-        uses: actions/setup-python@v4
+        uses: actions/setup-python@v5
         with:
-          python-version: 3.6
+          python-version: '3.10'
       - name: Install dependencies
         run: |
           python -m pip install -U clang-format==10.0.1.1 yapf==0.30.0 nbformat pydocstyle==6.0.0

diff --git a/.github/workflows/ubuntu.yml b/.github/workflows/ubuntu.yml
@@ -1,4 +1,5 @@
 name: Ubuntu CI
+permissions: {}
 
 on:
   workflow_dispatch:
@@ -7,13 +8,20 @@ on:
   pull_request:
     types: [opened, reopened, synchronize]
 
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: true
+
+env:
+  NPROC: 3
+
 jobs:
   ubuntu:
-    runs-on: ubuntu-20.04
+    permissions:
+      contents: read
+    runs-on: ubuntu-latest
     strategy:
       fail-fast: false
-    env:
-      NPROC: 2
     steps:
       - name: Checkout source code
         uses: actions/checkout@v4
@@ -31,7 +39,7 @@ jobs:
           restore-keys: |
             ${{ runner.os }}-ccache
       - name: Set up Python version
-        uses: actions/setup-python@v4
+        uses: actions/setup-python@v5
         with:
           python-version: "3.11"
       # Pre-installed  packages: https://github.com/actions/runner-images/tree/main/images

diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,5 @@
+# Security Policy
+Intel is committed to rapidly addressing security vulnerabilities affecting our customers and providing clear guidance on the solution, impact, severity and mitigation. 
+
+## Reporting a Vulnerability
+Please report any security vulnerabilities in this project utilizing the guidelines [here](https://www.intel.com/content/www/us/en/security-center/vulnerability-handling-guidelines.html).