vulnerabilities to the vendor of the affected hardware accelerator.

## Reporting vulnerabilities

### Vulnerabilities in TensorFlow

This document covers different use cases for TensorFlow together with comments
whether these uses were recommended or considered safe, or where we recommend
some form of isolation when dealing with untrusted data. As a result, this
document also outlines what issues we consider as TensorFlow security

# explicitly, *after* checking if update_version.py needs to be run for a
# nightly job. update_version.py affects TF_VER_SUFFIX, TF_VER_PYTHON, and
# TF_VER_FULL.

# Note: in awk, the command '/search/ {commands}' applies the commands to any line that
# matches the /search/ regular expression. "print $N" prints the Nth "field",
# where fields are strings separated by whitespace.

on:
  push:
    branches:
      - master
      
permissions: {}

jobs:
  create-issue-on-pr-rollback:
    runs-on: ubuntu-latest
    permissions:
      contents: read
      issues: write
      pull-requests: read
    if: |
      github.repository == 'tensorflow/tensorflow' &&
      startsWith(github.event.head_commit.message, 'Rollback of PR #')
    steps:

# limitations under the License.
# ==============================================================================

name: ARM CI

on:
  push:
    branches:
      - master
      - r2.**
permissions:
  contents: read

jobs:
  build:
    # Don't do this in forks, and if labeled, only for 'kokoro:force-run'

  EXPECT_EQ(TF_INT32, TF_TensorType(out));
  EXPECT_EQ(0, TF_NumDims(out));  // scalar
  ASSERT_EQ(sizeof(int32), TF_TensorByteSize(out));
  int32* output_contents = static_cast<int32*>(TF_TensorData(out));
  EXPECT_EQ(3 + 2, *output_contents);

  // Add another operation to the graph.
  TF_Operation* neg = Neg(add, graph, s);
  ASSERT_EQ(TF_OK, TF_GetCode(s)) << TF_Message(s);

    if (TF_GetCode(status.get()) != TF_OK) {
      ADD_FAILURE() << tag << " -- " << TF_Message(status.get());
      continue;
    }
    TFE_DeleteTensorHandle(hdevice2);

    // Ensure that the contents are the same!
    TF_Tensor* tcopy = TFE_TensorHandleResolve(hcopy, status.get());
    TFE_DeleteTensorHandle(hcopy);
    if (TF_GetCode(status.get()) != TF_OK) {
      ADD_FAILURE() << tag;
      continue;
    }

name: OSV-Scanner Scheduled Scan

on:
  schedule:
    - cron: 0 4 * * 1

permissions:
  # Require writing security events to upload SARIF file to security tab
  security-events: write
  # Only need to read contents
  contents: read

jobs:
  scan-scheduled:
    if: github.repository == 'tensorflow/tensorflow'
    uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@v1.6.2-beta1"
    with:
      scan-args: |-

# security path
security_path:
   - tensorflow/security
# words checklist
segfault_memory:
   - segfault
   - memory leaks
# assignees
filesystem_security_assignee:
   - mihaimaruseac
   
# Cuda Comment
cuda_comment: >
   From the template it looks like you are installing **TensorFlow** (TF) prebuilt binaries:
      * For TF-GPU - See point 1
      * For TF-CPU - See point 2

            type=registry,ref=gcr.io/tensorflow-sigs/build:${{ github.event.number }}-${{ matrix.python-version }}
          cache-to: type=inline
      -
        name: Add a comment with the pushed containers
        uses: mshick/add-pr-comment@a65df5f64fc741e91c59b8359a4bc56e57aaf5b1 # v2
        if: contains(github.event.pull_request.labels.*.name, 'build and push to gcr.io for staging')
        with:

# script to run pip-compile for each requirement.
# if there is a change in requirements.in then all lock files will be updated
# accordingly

# All commands run relative to this directory
cd "$(dirname "${BASH_SOURCE[0]}")"

mv BUILD.bazel BUILD

SUPPORTED_VERSIONS=("3_9" "3_10" "3_11" "3_12")

for VERSION in "${SUPPORTED_VERSIONS[@]}"
do