```Python hl_lines="8  49  56-57  60-61  70-76"
{!> ../../docs_src/security/tutorial004_an_py310.py!}
```

////

//// tab | Python 3.9+

```Python hl_lines="8  49  56-57  60-61  70-76"
{!> ../../docs_src/security/tutorial004_an_py39.py!}
```

////

//// tab | Python 3.8+

```Python hl_lines="8  50  57-58  61-62  71-77"
{!> ../../docs_src/security/tutorial004_an.py!}
```

////

//// tab | Python 3.10+

```Python hl_lines="4  78"
{!> ../../docs_src/security/tutorial003_an_py310.py!}
```

////

//// tab | Python 3.9+

```Python hl_lines="4  78"
{!> ../../docs_src/security/tutorial003_an_py39.py!}
```

////

//// tab | Python 3.8+

```Python hl_lines="4  79"
{!> ../../docs_src/security/tutorial003_an.py!}
```

////

//// tab | Python 3.10+ non-Annotated

{* ../../docs_src/security/tutorial005_an_py310.py hl[5,9,13,47,65,106,108:116,122:125,129:135,140,156] *}

Now let's review those changes step by step.

## OAuth2 Security scheme

The first change is that now we are declaring the OAuth2 security scheme with two available scopes, `me` and `items`.

name: OSV-Scanner Scheduled Scan

on:
  schedule:
    - cron: 0 4 * * 1

permissions:
  # Require writing security events to upload SARIF file to security tab
  security-events: write
  # Only need to read contents
  contents: read

jobs:
  scan-scheduled:
    if: github.repository == 'tensorflow/tensorflow'

	quarkus/test-framework/security-oidc/pom.xml
	quarkus/test-framework/junit5/pom.xml
	quarkus/extensions/elytron-security-properties-file/deployment/pom.xml
quarkus/extensions/elytron-security-oauth2/deployment/pom.xml
	quarkus/core/deployment/pom.xml
	quarkus/extensions/elytron-security-oauth2/runtime/pom.xml
	quarkus/extensions/elytron-security/deployment/pom.xml
	quarkus/extensions/jsonp/deployment/pom.xml

## Simple HTTP Basic Auth

* Import `HTTPBasic` and `HTTPBasicCredentials`.
* Create a "`security` scheme" using `HTTPBasic`.
* Use that `security` with a dependency in your *path operation*.
* It returns an object of type `HTTPBasicCredentials`:
    * It contains the `username` and `password` sent.

{* ../../docs_src/security/tutorial006_an_py39.py hl[4,8,12] *}

* Importieren Sie `HTTPBasic` und `HTTPBasicCredentials`.
* Erstellen Sie mit `HTTPBasic` ein „`security`-Schema“.
* Verwenden Sie dieses `security` mit einer Abhängigkeit in Ihrer *Pfadoperation*.
* Diese gibt ein Objekt vom Typ `HTTPBasicCredentials` zurück:
    * Es enthält den gesendeten `username` und das gesendete `password`.

{* ../../docs_src/security/tutorial006_an_py39.py hl[4,8,12] *}

# See the License for the specific language governing permissions and
# limitations under the License.
# ============================================================================

name: Scorecards supply-chain security
on:
  # For Branch-Protection check. Only the default branch is supported. See
  # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection
  branch_protection_rule:

## About security, APIs, and docs

Hiding your documentation user interfaces in production *shouldn't* be the way to protect your API.

That doesn't add any extra security to your API, the *path operations* will still be available where they are.

If there's a security flaw in your code, it will still exist.

- Better security: separate Istio components reside in different namespaces, allowing different teams or
roles to manage different parts of Istio. For example, a security team would maintain the
root CA and policy, a telemetry team may only have access to Prometheus,
and a different team may maintain the control plane components (which are highly security sensitive).