# Using TensorFlow Securely

This document discusses the TensorFlow security model. It describes the security
risks to consider when using models, checkpoints or input data for training or
serving. We also provide guidelines on what constitutes a vulnerability in
TensorFlow and how to report them.

This document applies to other repositories in the TensorFlow organization,
covering security practices for the entirety of the TensorFlow ecosystem.

# Security Policy

Security is very important for FastAPI and its community. 🔒

Learn more about it below. 👇

## Versions

The latest version of FastAPI is supported.

You are encouraged to [write tests](https://fastapi.tiangolo.com/tutorial/testing/) for your application and update your FastAPI version frequently after ensuring that your tests are passing. This way you will benefit from the latest features, bug fixes, and **security fixes**.

# Security Policy

## Supported Versions

We support the past two Go releases (for example, Go 1.17.x and Go 1.18.x when Go 1.18.x is the latest stable release).

See https://go.dev/wiki/Go-Release-Cycle and in particular the
[Release Maintenance](https://go.dev/wiki/Go-Release-Cycle#release-maintenance)
part of that page.

## Reporting a Vulnerability

::: fastapi.security.APIKeyCookie

::: fastapi.security.APIKeyHeader

::: fastapi.security.APIKeyQuery

## HTTP Authentication Schemes

::: fastapi.security.HTTPBasic

::: fastapi.security.HTTPBearer

::: fastapi.security.HTTPDigest

## HTTP Credentials

::: fastapi.security.HTTPAuthorizationCredentials

::: fastapi.security.HTTPBasicCredentials

## OAuth2 Authentication

But when you want to also declare OAuth2 scopes, you can use `Security()` instead of `Depends()`.

You can import `Security()` directly from `fastapi`:

```python
from fastapi import Security
```

            // When
            ACE[] security1 = mockResource.getSecurity();
            ACE[] security2 = mockResource.getSecurity(true);
            ACE[] shareSecurity = mockResource.getShareSecurity(false);

            // Then
            assertNotNull(security1, "Security ACEs should not be null");
            assertNotNull(security2, "Security ACEs with resolve should not be null");

///

{* ../../docs_src/security/tutorial005_an_py310.py hl[155] *}

## Scopes in *Pfadoperationen* und Abhängigkeiten deklarieren

Jetzt deklarieren wir, dass die *Pfadoperation* für `/users/me/items/` den Scope `items` erfordert.

Dazu importieren und verwenden wir `Security` von `fastapi`.

        'interceptors.md': 'features/interceptors.md'
        'r8_proguard.md': 'features/r8_proguard.md'
        # Redirect all Security pages to security/*
        'security.md': 'security/security.md'
        'security_providers.md': 'security/security_providers.md'
        'tls_configuration_history.md': 'security/tls_configuration_history.md'
        # Redirect all changelog pages to changelog/*
        'changelog.md': 'changelogs/changelog.md'

All the security utilities that integrate with OpenAPI (and the automatic API docs) inherit from `SecurityBase`, that's how **FastAPI** can know how to integrate them in OpenAPI.

///

# Security { #security }

There are many ways to handle security, authentication and authorization.

And it normally is a complex and "difficult" topic.

In many frameworks and systems just handling security and authentication takes a big amount of effort and code (in many cases it can be 50% or more of all the code written).