Added CodeQL and Bandit security checks as GitHub Actions#3625
Added CodeQL and Bandit security checks as GitHub Actions#3625fmassa merged 9 commits intopytorch:masterfrom
Conversation
|
I see that the In `.circleci/config.yml: workflows:
build:
jobs:
- circleci_consistency
- binary_linux_wheel:
conda_docker_image: pytorch/conda-builder:cpu
cu_version: cpu
name: binary_linux_wheel_py3.6_cpu
python_version: '3.6'
wheel_docker_image: pytorch/manylinux-cuda102
- binary_linux_wheel:
conda_docker_image: pytorch/conda-builder:cuda101
cu_version: cu101
name: binary_linux_wheel_py3.6_cu101
python_version: '3.6'Whereas before it was: workflows:
build:
jobs:
- circleci_consistency
- binary_linux_wheel:
conda_docker_image: pytorch/conda-builder:cpu
cu_version: cpu
name: binary_linux_wheel_py3.6_cpu
python_version: '3.6'
wheel_docker_image: pytorch/manylinux-cuda102
- binary_linux_wheel:
conda_docker_image: pytorch/conda-builder:cuda101
cu_version: cu101
name: binary_linux_wheel_py3.6_cu101
python_version: '3.6'What is the correct fix for this? Edit: This issues has been fixed with |
|
I think these changes occur because you changed |
There was a problem hiding this comment.
Thanks for the PR!
I'm leaving this to @malfet and @seemethere to decide if we should move forward with this change, but if we do I'd rather have this as an optional dependency.
|
Hi @NicolasHug , yes this was intentional. It has now been fixed with |
malfet
left a comment
malfet
left a comment
There was a problem hiding this comment.
LGTM, but please move defusedxml import to the regular import block
fmassa
left a comment
fmassa
left a comment
There was a problem hiding this comment.
I'm merging this to unblock, but for a follow-up PR could you please update the workflow to use PyTorch nightly instead?
| python -m pip install torch==1.8.1+cpu -f https://download.pytorch.org/whl/torch_stable.html | ||
| sudo ln -s /usr/bin/ninja /usr/bin/ninja-build |
There was a problem hiding this comment.
(Can be done in a follow-up PR): torchvision from master uses PyTorch nightly, so it would be better to change this to instead install PyTorch from a nightly release
…3625) Summary: * Added CodeQL and Bandit security checks as GitHub Actions * Nit fix on defusedxml.ElementTree * Remove defusedxml as hard requirement * Changed diffusedxml/xml importing * Fix compilation * Removed Bandit specific changes Reviewed By: NicolasHug Differential Revision: D27706940 fbshipit-source-id: c6a9d46d814aabd38e2b2d609d495427c5f2d591 Co-authored-by: Nikita Shulga <[email protected]> Co-authored-by: Nicolas Hug <[email protected]> Co-authored-by: Francisco Massa <[email protected]>
5 participants
This PR adds the CodeQL and Bandit Security checks in the form of GitHub Action Workflows, where the two workflows run with each opened PR to the master branch.
For CodeQL, the task will upload CodeQL results under the "Security" GitHub repo tab and in the "Code scanning results" section.
For Bandit, the task will pass if no high-severity issues have been found in the repo (outside of the ./third-party submodules directory).