Skip to content

Adds SECURITY.md file #1989

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
May 30, 2024
Merged

Adds SECURITY.md file #1989

merged 1 commit into from
May 30, 2024

Conversation

@zachgk
Copy link
Contributor

@zachgk zachgk commented May 29, 2024

Adds a new file to introduce the security policy. The initial version is based off of torchserve: https://github.com/pytorch/serve/blob/master/SECURITY.md.

@zachgk zachgk requested review from a team and frankfliu as code owners May 29, 2024 23:15
frankfliu
frankfliu reviewed May 29, 2024
View reviewed changes
SECURITY.md
The default DJL Serving configuration in the container, which is executed by the docker entrypoint, will expose both the inference and management APIs set to `http://0.0.0.0:8080`.
This is designed for internal isolated services or development work. For other use cases, provide alternative configurations to avoid exposing the management API.

3. Be sure to validate the authenticity of all model files and model artifacts being used with DJL Serving.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We might want to mention about

  1. requirements.txt
  2. options.trust_remote_code
  3. environment variable

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I added mentions on those topics as well. Feel free to let me know or just change it if it doesn't match up with what you had in mind

@zachgk
Adds SECURITY.md file
532b512 
Adds a new file to introduce the security policy. The initial version is based
off of torchserve: https://github.com/pytorch/serve/blob/master/SECURITY.md.
@zachgk zachgk merged commit 2bf31b6 into deepjavalibrary:master May 30, 2024
@zachgk zachgk deleted the secMd branch May 30, 2024 19:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@frankfliu frankfliu frankfliu approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@zachgk @frankfliu