scikit-learn was selected for Cohort 2 of the GitHub Secure Open Source Fund (OSF) Training Program, which ran in June 2025 with 52 projects. The program delivered an intense three-week training that included over 90 open source maintainers. GitHub Security Lab experts delivered numerous workshops and made many learning materials publicly available. Trainings covered CodeQL fundamentals for static analysis and vulnerability detection, a Developing Secure Software course from the Open Source Security Foundation (OpenSSF) with self-paced labs and quizzes, and other resources including OSS-Fuzz for fuzz testing.
scikit-learn was honored to be selected to participate in Cohort 2 of the GitHub Secure Open Source Fund (OSF) Training Program. Cohort 1 took place earlier in 2025 with 19 projects, and Cohort 2 took place with 52 projects during June 2025. It was an intense 3-week intense training program, with over 90 open source maintainers joining the training. Read the announcement from GitHub: Securing the supply chain at scale: Starting with 71 important open source projects There were numerous workshops delivered by experts in the GitHub Security Lab. For many of these workshops, the learning materials are publicly available, and they are shared below.
GitHub has its own security department, and GitHub Security Lab's mission is to empower developers and secure open source. Resources for Security Training The training provided many trainings by experts in the field. Below we share trainings that are available to the public. CodeQL: From Zero to Hero This workshop introduces fundamentals of security research and static analysis used when looking for vulnerabilities in software. They use an example of a simple vulnerability, walk through how CodeQL could detect it, and provide examples on how the audience could use CodeQL to find vulnerabilities themselves. slides: Finding Vulnerabilities with CodeQL
Collection
[
|
...
]