{"id":13428993,"url":"https://github.com/occlum/occlum","last_synced_at":"2026-01-14T17:04:04.144Z","repository":{"id":37334832,"uuid":"157422219","full_name":"occlum/occlum","owner":"occlum","description":"Occlum is a memory-safe, multi-process library OS for Intel SGX","archived":false,"fork":false,"pushed_at":"2025-10-29T06:38:28.000Z","size":9824,"stargazers_count":1492,"open_issues_count":262,"forks_count":247,"subscribers_count":43,"default_branch":"master","last_synced_at":"2025-10-29T08:33:37.272Z","etag":null,"topics":["cloud","enclave","intel-sgx","os","rust","security"],"latest_commit_sha":null,"homepage":"https://occlum.io/","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/occlum.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2018-11-13T17:49:56.000Z","updated_at":"2025-10-28T07:31:33.000Z","dependencies_parsed_at":"2023-09-25T07:18:04.480Z","dependency_job_id":"630b648c-eb6e-4ff1-bc60-d91e2030640c","html_url":"https://github.com/occlum/occlum","commit_stats":{"total_commits":1409,"total_committers":63,"mean_commits":"22.365079365079364","dds":0.8019872249822569,"last_synced_commit":"0c9a44fc60ed9b4db5f0c7009299760c8c865c2f"},"previous_names":[],"tags_count":57,"template":false,"template_full_name":null,"purl":"pkg:github/occlum/occlum","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/occlum%2Focclum","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/occlum%2Focclum/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/occlum%2Focclum/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/occlum%2Focclum/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/occlum","download_url":"https://codeload.github.com/occlum/occlum/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/occlum%2Focclum/sbom","scorecard":{"id":208419,"data":{"date":"2025-08-11","repo":{"name":"github.com/occlum/occlum","commit":"690d5dbf34f3b08e4b5e48e16ce16231550e78c4"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":2.9,"checks":[{"name":"Code-Review","score":10,"reason":"all changesets reviewed","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Maintained","score":1,"reason":"2 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 1","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"CII-Best-Practices","score":2,"reason":"badge detected: InProgress","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"License","score":9,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Warn: project license file does not contain an FSF or OSI license."],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Binary-Artifacts","score":9,"reason":"binaries present in source code","details":["Warn: binary detected: demos/tensorflow/tensorflow_serving/client/__pycache__/utils.cpython-36.pyc:1"],"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/build_and_push_docker_image.yml:17"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Dangerous-Workflow","score":0,"reason":"dangerous workflow patterns detected","details":["Warn: untrusted code checkout 'refs/pull/${{ github.event.pull_request.number }}/merge': .github/workflows/benchmarks.yml:34","Warn: untrusted code checkout 'refs/pull/${{ github.event.pull_request.number }}/merge': .github/workflows/benchmarks.yml:98","Warn: untrusted code checkout 'refs/pull/${{ github.event.pull_request.number }}/merge': .github/workflows/benchmarks.yml:162","Warn: untrusted code checkout 'refs/pull/${{ github.event.pull_request.number }}/merge': .github/workflows/hw_mode_test.yml:44","Warn: untrusted code checkout 'refs/pull/${{ github.event.pull_request.number }}/merge': .github/workflows/hw_mode_test.yml:312","Warn: untrusted code checkout 'refs/pull/${{ github.event.pull_request.number }}/merge': .github/workflows/hw_mode_test.yml:510","Warn: untrusted code checkout 'refs/pull/${{ github.event.pull_request.number }}/merge': .github/workflows/hw_mode_test.yml:1068","Warn: untrusted code checkout 'refs/pull/${{ github.event.pull_request.number }}/merge': .github/workflows/hw_mode_test.yml:100","Warn: untrusted code checkout 'refs/pull/${{ github.event.pull_request.number }}/merge': .github/workflows/hw_mode_test.yml:200","Warn: untrusted code checkout 'refs/pull/${{ github.event.pull_request.number }}/merge': .github/workflows/hw_mode_test.yml:452","Warn: untrusted code checkout 'refs/pull/${{ github.event.pull_request.number }}/merge': .github/workflows/hw_mode_test.yml:259","Warn: untrusted code checkout 'refs/pull/${{ github.event.pull_request.number }}/merge': .github/workflows/hw_mode_test.yml:408","Warn: untrusted code checkout 'refs/pull/${{ github.event.pull_request.number }}/merge': .github/workflows/hw_mode_test.yml:554","Warn: untrusted code checkout 'refs/pull/${{ github.event.pull_request.number }}/merge': .github/workflows/hw_mode_test.yml:836","Warn: untrusted code checkout 'refs/pull/${{ github.event.pull_request.number }}/merge': .github/workflows/hw_mode_test.yml:892","Warn: untrusted code checkout 'refs/pull/${{ github.event.pull_request.number }}/merge': .github/workflows/hw_mode_test.yml:941","Warn: untrusted code checkout 'refs/pull/${{ github.event.pull_request.number }}/merge': .github/workflows/hw_mode_test.yml:360","Warn: untrusted code checkout 'refs/pull/${{ github.event.pull_request.number }}/merge': .github/workflows/hw_mode_test.yml:682","Warn: untrusted code checkout 'refs/pull/${{ github.event.pull_request.number }}/merge': .github/workflows/hw_mode_test.yml:740","Warn: untrusted code checkout 'refs/pull/${{ github.event.pull_request.number }}/merge': .github/workflows/hw_mode_test.yml:781"],"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/benchmarks.yml:1","Warn: no topLevel permission defined: .github/workflows/benchmarks_dev.yml:1","Warn: no topLevel permission defined: .github/workflows/build_and_push_aliyunlinux_image.yml:1","Warn: no topLevel permission defined: .github/workflows/build_and_push_docker_image.yml:1","Warn: no topLevel permission defined: .github/workflows/build_and_push_docker_rt_image.yml:1","Warn: no topLevel permission defined: .github/workflows/code_coverage.yaml:1","Warn: no topLevel permission defined: .github/workflows/demo_test.yml:1","Warn: no topLevel permission defined: .github/workflows/hw_mode_test.yml:1","Warn: no topLevel permission defined: .github/workflows/main.yml:1","Warn: no topLevel permission defined: .github/workflows/package_repo_setup_and_test.yml:1","Warn: no topLevel permission defined: .github/workflows/rune_test.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: third-party GitHubAction not pinned by hash: .github/workflows/benchmarks.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/benchmarks.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/benchmarks.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/benchmarks.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/benchmarks.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/benchmarks.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/benchmarks.yml:56: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/benchmarks.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/benchmarks.yml:90: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/benchmarks.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/benchmarks.yml:94: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/benchmarks.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/benchmarks.yml:101: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/benchmarks.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/benchmarks.yml:120: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/benchmarks.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/benchmarks.yml:154: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/benchmarks.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/benchmarks.yml:158: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/benchmarks.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/benchmarks.yml:165: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/benchmarks.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/benchmarks.yml:184: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/benchmarks.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/benchmarks_dev.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/benchmarks_dev.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/benchmarks_dev.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/benchmarks_dev.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/benchmarks_dev.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/benchmarks_dev.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/benchmarks_dev.yml:75: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/benchmarks_dev.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/benchmarks_dev.yml:78: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/benchmarks_dev.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/benchmarks_dev.yml:96: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/benchmarks_dev.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/benchmarks_dev.yml:128: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/benchmarks_dev.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/benchmarks_dev.yml:131: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/benchmarks_dev.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/benchmarks_dev.yml:149: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/benchmarks_dev.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/benchmarks_dev.yml:181: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/benchmarks_dev.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/benchmarks_dev.yml:184: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/benchmarks_dev.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/benchmarks_dev.yml:202: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/benchmarks_dev.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_push_aliyunlinux_image.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/build_and_push_aliyunlinux_image.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build_and_push_aliyunlinux_image.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/build_and_push_aliyunlinux_image.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build_and_push_aliyunlinux_image.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/build_and_push_aliyunlinux_image.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build_and_push_aliyunlinux_image.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/build_and_push_aliyunlinux_image.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build_and_push_aliyunlinux_image.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/build_and_push_aliyunlinux_image.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_push_aliyunlinux_image.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/build_and_push_aliyunlinux_image.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_push_docker_image.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/build_and_push_docker_image.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build_and_push_docker_image.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/build_and_push_docker_image.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build_and_push_docker_image.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/build_and_push_docker_image.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build_and_push_docker_image.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/build_and_push_docker_image.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build_and_push_docker_image.yml:66: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/build_and_push_docker_image.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_push_docker_image.yml:82: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/build_and_push_docker_image.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build_and_push_docker_image.yml:117: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/build_and_push_docker_image.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build_and_push_docker_image.yml:120: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/build_and_push_docker_image.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build_and_push_docker_image.yml:125: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/build_and_push_docker_image.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build_and_push_docker_image.yml:131: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/build_and_push_docker_image.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_push_docker_rt_image.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/build_and_push_docker_rt_image.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build_and_push_docker_rt_image.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/build_and_push_docker_rt_image.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build_and_push_docker_rt_image.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/build_and_push_docker_rt_image.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build_and_push_docker_rt_image.yml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/build_and_push_docker_rt_image.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build_and_push_docker_rt_image.yml:62: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/build_and_push_docker_rt_image.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/code_coverage.yaml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/code_coverage.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/code_coverage.yaml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/code_coverage.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/demo_test.yml:346: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/demo_test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/demo_test.yml:694: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/demo_test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/demo_test.yml:905: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/demo_test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/demo_test.yml:281: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/demo_test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/demo_test.yml:820: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/demo_test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/demo_test.yml:981: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/demo_test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/demo_test.yml:1138: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/demo_test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/demo_test.yml:1174: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/demo_test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/demo_test.yml:416: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/demo_test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/demo_test.yml:566: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/demo_test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/demo_test.yml:782: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/demo_test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/demo_test.yml:169: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/demo_test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/demo_test.yml:448: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/demo_test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/demo_test.yml:522: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/demo_test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/demo_test.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/demo_test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/demo_test.yml:861: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/demo_test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/demo_test.yml:1053: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/demo_test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/demo_test.yml:1017: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/demo_test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/demo_test.yml:1099: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/demo_test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/demo_test.yml:204: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/demo_test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/demo_test.yml:314: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/demo_test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/demo_test.yml:381: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/demo_test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/demo_test.yml:611: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/demo_test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/demo_test.yml:651: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/demo_test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/demo_test.yml:750: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/demo_test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/demo_test.yml:1206: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/demo_test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/demo_test.yml:1238: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/demo_test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/demo_test.yml:244: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/demo_test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/demo_test.yml:490: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/demo_test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/demo_test.yml:949: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/demo_test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/demo_test.yml:1270: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/demo_test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/demo_test.yml:131: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/demo_test.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/hw_mode_test.yml:192: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/hw_mode_test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/hw_mode_test.yml:196: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/hw_mode_test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/hw_mode_test.yml:202: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/hw_mode_test.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/hw_mode_test.yml:251: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/hw_mode_test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/hw_mode_test.yml:255: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/hw_mode_test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/hw_mode_test.yml:261: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/hw_mode_test.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/hw_mode_test.yml:674: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/hw_mode_test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/hw_mode_test.yml:678: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/hw_mode_test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/hw_mode_test.yml:684: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/hw_mode_test.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/hw_mode_test.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/hw_mode_test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/hw_mode_test.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/hw_mode_test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/hw_mode_test.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/hw_mode_test.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/hw_mode_test.yml:304: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/hw_mode_test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/hw_mode_test.yml:308: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/hw_mode_test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/hw_mode_test.yml:314: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/hw_mode_test.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/hw_mode_test.yml:444: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/hw_mode_test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/hw_mode_test.yml:448: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/hw_mode_test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/hw_mode_test.yml:454: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/hw_mode_test.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/hw_mode_test.yml:634: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/hw_mode_test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/hw_mode_test.yml:638: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/hw_mode_test.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/hw_mode_test.yml:732: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/hw_mode_test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/hw_mode_test.yml:736: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/hw_mode_test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/hw_mode_test.yml:742: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/hw_mode_test.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/hw_mode_test.yml:989: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/hw_mode_test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/hw_mode_test.yml:992: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/hw_mode_test.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/hw_mode_test.yml:773: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/hw_mode_test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/hw_mode_test.yml:777: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/hw_mode_test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/hw_mode_test.yml:783: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/hw_mode_test.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/hw_mode_test.yml:828: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/hw_mode_test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/hw_mode_test.yml:832: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/hw_mode_test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/hw_mode_test.yml:838: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/hw_mode_test.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/hw_mode_test.yml:884: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/hw_mode_test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/hw_mode_test.yml:888: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/hw_mode_test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/hw_mode_test.yml:894: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/hw_mode_test.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/hw_mode_test.yml:933: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/hw_mode_test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/hw_mode_test.yml:937: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/hw_mode_test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/hw_mode_test.yml:943: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/hw_mode_test.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/hw_mode_test.yml:1025: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/hw_mode_test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/hw_mode_test.yml:1028: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/hw_mode_test.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/hw_mode_test.yml:1060: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/hw_mode_test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/hw_mode_test.yml:1064: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/hw_mode_test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/hw_mode_test.yml:1070: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/hw_mode_test.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/hw_mode_test.yml:92: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/hw_mode_test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/hw_mode_test.yml:96: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/hw_mode_test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/hw_mode_test.yml:102: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/hw_mode_test.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/hw_mode_test.yml:352: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/hw_mode_test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/hw_mode_test.yml:356: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/hw_mode_test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/hw_mode_test.yml:362: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/hw_mode_test.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/hw_mode_test.yml:400: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/hw_mode_test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/hw_mode_test.yml:404: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/hw_mode_test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/hw_mode_test.yml:410: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/hw_mode_test.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/hw_mode_test.yml:502: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/hw_mode_test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/hw_mode_test.yml:506: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/hw_mode_test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/hw_mode_test.yml:512: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/hw_mode_test.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/hw_mode_test.yml:546: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/hw_mode_test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/hw_mode_test.yml:550: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/hw_mode_test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/hw_mode_test.yml:556: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/hw_mode_test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/main.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/package_repo_setup_and_test.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/package_repo_setup_and_test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/package_repo_setup_and_test.yml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/package_repo_setup_and_test.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/package_repo_setup_and_test.yml:211: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/package_repo_setup_and_test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/rune_test.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/occlum/occlum/rune_test.yml/master?enable=pin","Warn: containerImage not pinned by hash: demos/flink/Dockerfile:1: pin your Docker image by updating ubuntu:20.04 to ubuntu:20.04@sha256:8feb4d8ca5354def3d8fce243717141ce31e2c428701f6682bd2fafe15388214","Warn: containerImage not pinned by hash: demos/font/font_support_for_java/Dockerfile:1: pin your Docker image by updating alpine:3.12 to alpine:3.12@sha256:c75ac27b49326926b803b9ed43bf088bc220d22556de1bc5f72d742c91398f69","Warn: containerImage not pinned by hash: demos/tensorflow/tensorflow_serving/docker/Dockerfile.devel:14","Warn: containerImage not pinned by hash: demos/tensorflow/tensorflow_serving/docker/Dockerfile.devel:46","Warn: containerImage not pinned by hash: example/container/Dockerfile_client:1: pin your Docker image by updating python:3.8 to python:3.8@sha256:d411270700143fa2683cc8264d9fa5d3279fd3b6afff62ae81ea2f9d070e390c","Warn: containerImage not pinned by hash: example/container/Dockerfile_occlum_instance.ubuntu20.04:1: pin your Docker image by updating ubuntu:20.04 to ubuntu:20.04@sha256:8feb4d8ca5354def3d8fce243717141ce31e2c428701f6682bd2fafe15388214","Warn: containerImage not pinned by hash: tools/docker/Dockerfile.aliyunlinux3:1","Warn: containerImage not pinned by hash: tools/docker/Dockerfile.aliyunlinux3:6: pin your Docker image by updating registry.cn-hangzhou.aliyuncs.com/alinux/alinux3:3.210714.1 to registry.cn-hangzhou.aliyuncs.com/alinux/alinux3:3.210714.1@sha256:b13ee33ddf5cb046c23e2a5573ca04bd09bbb5afe55487d2a6055a496f2e8bba","Warn: containerImage not pinned by hash: tools/docker/Dockerfile.anolis8.8:2","Warn: containerImage not pinned by hash: tools/docker/Dockerfile.anolis8.8:7: pin your Docker image by updating openanolis/anolisos:8.8 to openanolis/anolisos:8.8@sha256:b5aceb026244814de1a1ab62a8cc3dc322fcff1578c58de2722035ef47669da5","Warn: containerImage not pinned by hash: tools/docker/Dockerfile.ubuntu20.04:1","Warn: containerImage not pinned by hash: tools/docker/Dockerfile.ubuntu20.04:8: pin your Docker image by updating ubuntu:20.04 to ubuntu:20.04@sha256:8feb4d8ca5354def3d8fce243717141ce31e2c428701f6682bd2fafe15388214","Warn: containerImage not pinned by hash: tools/docker/Dockerfile.ubuntu20.04-rt:1: pin your Docker image by updating ubuntu:20.04 to ubuntu:20.04@sha256:8feb4d8ca5354def3d8fce243717141ce31e2c428701f6682bd2fafe15388214","Warn: containerImage not pinned by hash: tools/docker/Dockerfile.ubuntu22.04:1","Warn: containerImage not pinned by hash: tools/docker/Dockerfile.ubuntu22.04:8: pin your Docker image by updating ubuntu:22.04 to ubuntu:22.04@sha256:1aa979d85661c488ce030ac292876cf6ed04535d3a237e49f61542d8e5de5ae0","Warn: containerImage not pinned by hash: tools/docker/Dockerfile.ubuntu22.04-rt:1: pin your Docker image by updating ubuntu:22.04 to ubuntu:22.04@sha256:1aa979d85661c488ce030ac292876cf6ed04535d3a237e49f61542d8e5de5ae0","Warn: pipCommand not pinned by hash: example/container/Dockerfile_client:10","Warn: downloadThenRun not pinned by hash: tools/docker/Dockerfile.aliyunlinux3:149-152","Warn: downloadThenRun not pinned by hash: tools/docker/Dockerfile.anolis8.8:75-78","Warn: downloadThenRun not pinned by hash: tools/docker/Dockerfile.ubuntu20.04:83-86","Warn: downloadThenRun not pinned by hash: tools/docker/Dockerfile.ubuntu22.04:83-86","Warn: downloadThenRun not pinned by hash: demos/bigdl-llm/install_python_with_conda.sh:7","Warn: downloadThenRun not pinned by hash: demos/paddlepaddle/install_python_with_conda.sh:10","Warn: downloadThenRun not pinned by hash: demos/python/flask/install_python_with_conda.sh:10","Warn: downloadThenRun not pinned by hash: demos/python/python_glibc/install_python_with_conda.sh:10","Warn: downloadThenRun not pinned by hash: demos/python/python_glibc/python3.10-multiprocessing/install_python3.10.sh:10","Warn: downloadThenRun not pinned by hash: demos/pytorch/distributed/install_python_with_conda.sh:7","Warn: downloadThenRun not pinned by hash: demos/pytorch/standalone/install_python_with_conda.sh:10","Warn: pipCommand not pinned by hash: demos/tensorflow/tensorflow_serving/client/prepare_client_env.sh:11","Warn: pipCommand not pinned by hash: demos/tensorflow/tensorflow_serving/prepare_model_and_env.sh:11","Warn: pipCommand not pinned by hash: demos/tensorflow/tensorflow_serving/prepare_model_and_env.sh:12","Warn: downloadThenRun not pinned by hash: demos/tensorflow/tensorflow_training/install_python_with_conda.sh:7","Warn: pipCommand not pinned by hash: demos/xgboost/preinstall_deps.sh:14","Warn: downloadThenRun not pinned by hash: .github/workflows/demo_test.yml:216","Warn: downloadThenRun not pinned by hash: .github/workflows/hw_mode_test.yml:859","Warn: downloadThenRun not pinned by hash: .github/workflows/hw_mode_test.yml:868","Warn: downloadThenRun not pinned by hash: .github/workflows/hw_mode_test.yml:274","Warn: pipCommand not pinned by hash: .github/workflows/hw_mode_test.yml:712","Info:   0 out of  89 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of  52 third-party GitHubAction dependencies pinned","Info:   0 out of  16 containerImage dependencies pinned","Info:   0 out of   6 pipCommand dependencies pinned","Info:   0 out of  16 downloadThenRun dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Vulnerabilities","score":0,"reason":"116 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GO-2023-2402 / GHSA-45x7-px36-x8w8","Warn: Project is vulnerable to: GO-2024-3321 / GHSA-v778-237x-gjrc","Warn: Project is vulnerable to: GO-2025-3487 / GHSA-hcg3-q754-cr77","Warn: Project is vulnerable to: GO-2023-1988 / GHSA-2wrh-6pvc-2jm9","Warn: Project is vulnerable to: GO-2023-2102 / GHSA-4374-p667-p6c8","Warn: Project is vulnerable to: GO-2023-2153 / GHSA-m425-mq94-257g / GHSA-qppj-fm5r-hxr3","Warn: Project is vulnerable to: GO-2024-2687 / GHSA-4v7x-pqxf-cx7m","Warn: Project is vulnerable to: GO-2024-3333","Warn: Project is vulnerable to: GO-2025-3503 / GHSA-qxp5-gwg8-xv66","Warn: Project is vulnerable to: GO-2025-3595 / GHSA-vvgc-356p-c3xw","Warn: Project is vulnerable to: GO-2024-2611 / GHSA-8r3f-844c-mc37","Warn: Project is vulnerable to: RUSTSEC-2024-0003 / GHSA-8r5v-vm4m-4g25","Warn: Project is vulnerable to: RUSTSEC-2024-0332 / GHSA-q6cp-qfwq-4gcv","Warn: Project is vulnerable to: RUSTSEC-2024-0421 / GHSA-h97m-ww89-6jmq","Warn: Project is vulnerable to: RUSTSEC-2024-0384","Warn: Project is vulnerable to: RUSTSEC-2024-0019 / GHSA-r8w9-5wcg-vfj7","Warn: Project is vulnerable to: RUSTSEC-2023-0044 / GHSA-xcf7-rvmh-g6q4","Warn: Project is vulnerable to: RUSTSEC-2023-0072 / GHSA-xphf-cx8h-7q9g","Warn: Project is vulnerable to: GHSA-q445-7m23-qrmw","Warn: Project is vulnerable to: RUSTSEC-2024-0357","Warn: Project is vulnerable to: RUSTSEC-2025-0004 / GHSA-rpmj-rpgj-qmpm","Warn: Project is vulnerable to: GHSA-4fcv-w3qc-ppgg","Warn: Project is vulnerable to: RUSTSEC-2025-0022","Warn: Project is vulnerable to: RUSTSEC-2023-0018 / GHSA-mc8h-8q98-g5hr","Warn: Project is vulnerable to: RUSTSEC-2023-0081","Warn: Project is vulnerable to: GHSA-rr8g-9fpq-6wmg","Warn: Project is vulnerable to: RUSTSEC-2025-0023","Warn: Project is vulnerable to: PYSEC-2023-120 / GHSA-45c4-8wx5-qw6w","Warn: Project is vulnerable to: PYSEC-2024-24 / GHSA-5h86-8mv2-jq9f","Warn: Project is vulnerable to: GHSA-5m98-qgg9-wh84","Warn: Project is vulnerable to: GHSA-7gpw-8wmc-pm8g","Warn: Project is vulnerable to: GHSA-8495-4g3g-x7pr","Warn: Project is vulnerable to: PYSEC-2024-26 / GHSA-8qpw-xqxj-h4r2","Warn: Project is vulnerable to: GHSA-9548-qrrj-x5pj","Warn: Project is vulnerable to: PYSEC-2023-246 / GHSA-gfw2-4jvh-wgfg","Warn: Project is vulnerable to: GHSA-pjjw-qhg8-p2p9","Warn: Project is vulnerable to: PYSEC-2023-250 / GHSA-q3qx-c6g2-7pw2","Warn: Project is vulnerable to: PYSEC-2023-251 / GHSA-qvrw-v9rv-5rjx","Warn: Project is vulnerable to: PYSEC-2021-76 / GHSA-v6wp-4m6f-gcjg","Warn: Project is vulnerable to: PYSEC-2023-247 / GHSA-xx9p-xxvh-7g8j","Warn: Project is vulnerable to: GHSA-496j-2rq6-j6cc","Warn: Project is vulnerable to: GHSA-qr4w-53vh-m672","Warn: Project is vulnerable to: PYSEC-2023-183","Warn: Project is vulnerable to: GHSA-8qvm-5x2c-j2w7","Warn: Project is vulnerable to: GHSA-3f63-hfp8-52jq","Warn: Project is vulnerable to: GHSA-44wm-f244-xhp3","Warn: Project is vulnerable to: PYSEC-2023-227 / GHSA-8ghj-p4vj-mr35","Warn: Project is vulnerable to: GHSA-j7hp-h8jx-5ppr","Warn: Project is vulnerable to: PYSEC-2023-175","Warn: Project is vulnerable to: GHSA-gjh7-xx4r-x345","Warn: Project is vulnerable to: GHSA-3c5c-7235-994j","Warn: Project is vulnerable to: PYSEC-2021-41 / GHSA-3wvg-mj6g-m9cv","Warn: Project is vulnerable to: PYSEC-2020-77 / GHSA-3xv8-3j54-hgrp","Warn: Project is vulnerable to: PYSEC-2020-80 / GHSA-43fq-w8qq-v88h","Warn: Project is vulnerable to: GHSA-4fx9-vc88-q2xc","Warn: Project is vulnerable to: PYSEC-2021-35 / GHSA-57h3-9rgr-c24m","Warn: Project is vulnerable to: PYSEC-2020-172 / GHSA-5gm3-px64-rw72","Warn: Project is vulnerable to: PYSEC-2021-331 / GHSA-7534-mm45-c74v","Warn: Project is vulnerable to: PYSEC-2021-92 / GHSA-7r7m-5h27-29hp","Warn: Project is vulnerable to: PYSEC-2020-78 / GHSA-8843-m7mw-mxqm","Warn: Project is vulnerable to: PYSEC-2014-87 / GHSA-8m9x-pxwq-j236","Warn: Project is vulnerable to: PYSEC-2022-10 / GHSA-8vj2-vxx3-667w","Warn: Project is vulnerable to: PYSEC-2021-36 / GHSA-8xjq-8fcg-g5hw","Warn: Project is vulnerable to: PYSEC-2016-6 / GHSA-8xjv-v9xq-m5h9","Warn: Project is vulnerable to: PYSEC-2021-42 / GHSA-95q3-8gr9-gm8w","Warn: Project is vulnerable to: PYSEC-2022-168 / GHSA-9j59-75qj-795w","Warn: Project is vulnerable to: PYSEC-2014-10 / GHSA-cfmr-38g9-f2h7","Warn: Project is vulnerable to: PYSEC-2020-76 / GHSA-cqhg-xjhh-p8hf","Warn: Project is vulnerable to: PYSEC-2021-40 / GHSA-f4w8-cv6p-x6r5","Warn: Project is vulnerable to: PYSEC-2021-69 / GHSA-f5g8-5qq7-938w","Warn: Project is vulnerable to: PYSEC-2021-139 / GHSA-g6rj-rv7j-xwp4","Warn: Project is vulnerable to: PYSEC-2015-16 / GHSA-h5rf-vgqx-wjv2","Warn: Project is vulnerable to: PYSEC-2016-5 / GHSA-hggx-3h72-49ww","Warn: Project is vulnerable to: PYSEC-2020-84 / GHSA-hj69-c76v-86wr","Warn: Project is vulnerable to: PYSEC-2016-7 / GHSA-hvr8-466p-75rh","Warn: Project is vulnerable to: PYSEC-2015-15 / GHSA-j6f7-g425-4gmx","Warn: Project is vulnerable to: PYSEC-2019-110 / GHSA-j7mj-748x-7p78","Warn: Project is vulnerable to: GHSA-jgpv-4h4c-xhw3","Warn: Project is vulnerable to: PYSEC-2022-42979 / GHSA-m2vv-5vj5-2hm7","Warn: Project is vulnerable to: PYSEC-2021-37 / GHSA-mvg9-xffr-p774","Warn: Project is vulnerable to: PYSEC-2020-83 / GHSA-p49h-hjvm-jg3h","Warn: Project is vulnerable to: PYSEC-2022-8 / GHSA-pw3c-h7wp-cvhx","Warn: Project is vulnerable to: PYSEC-2021-93 / GHSA-q5hq-fp76-qmrc","Warn: Project is vulnerable to: PYSEC-2020-82 / GHSA-r7rm-8j6h-r933","Warn: Project is vulnerable to: PYSEC-2014-23 / GHSA-r854-96gq-rfg3","Warn: Project is vulnerable to: PYSEC-2016-8 / GHSA-rwr3-c2q8-gm56","Warn: Project is vulnerable to: PYSEC-2020-81 / GHSA-vcqg-3p29-xw73","Warn: Project is vulnerable to: PYSEC-2020-79 / GHSA-vj42-xq3r-hr3r","Warn: Project is vulnerable to: PYSEC-2021-70 / GHSA-vqcj-wrf2-7v73","Warn: Project is vulnerable to: PYSEC-2016-9 / GHSA-w4vg-rf63-f3j3","Warn: Project is vulnerable to: PYSEC-2014-22 / GHSA-x895-2wrm-hvp7","Warn: Project is vulnerable to: PYSEC-2022-9 / GHSA-xrcv-f9gm-v42c","Warn: Project is vulnerable to: PYSEC-2021-137","Warn: Project is vulnerable to: PYSEC-2021-138","Warn: Project is vulnerable to: PYSEC-2021-317","Warn: Project is vulnerable to: PYSEC-2021-38","Warn: Project is vulnerable to: PYSEC-2021-39","Warn: Project is vulnerable to: PYSEC-2021-94","Warn: Project is vulnerable to: RUSTSEC-2021-0145 / GHSA-g98v-hv3f-hcfr","Warn: Project is vulnerable to: RUSTSEC-2024-0375","Warn: Project is vulnerable to: RUSTSEC-2022-0078 / GHSA-f85w-wvc7-crwc","Warn: Project is vulnerable to: RUSTSEC-2020-0016","Warn: Project is vulnerable to: GHSA-2gh3-rmm4-6rq5","Warn: Project is vulnerable to: RUSTSEC-2024-0437","Warn: Project is vulnerable to: RUSTSEC-2018-0017","Warn: Project is vulnerable to: RUSTSEC-2020-0071 / GHSA-wcg3-cvx6-7396","Warn: Project is vulnerable to: RUSTSEC-2021-0124 / GHSA-fg7r-2g4j-5cgr","Warn: Project is vulnerable to: RUSTSEC-2023-0005 / GHSA-4q83-7cq4-p6wg","Warn: Project is vulnerable to: RUSTSEC-2021-0065","Warn: Project is vulnerable to: RUSTSEC-2023-0089","Warn: Project is vulnerable to: RUSTSEC-2023-0045 / GHSA-wfg4-322g-9vqv","Warn: Project is vulnerable to: RUSTSEC-2024-0436","Warn: Project is vulnerable to: RUSTSEC-2022-0013 / GHSA-m5pq-gvj9-9vr8","Warn: Project is vulnerable to: RUSTSEC-2021-0139","Warn: Project is vulnerable to: RUSTSEC-2024-0370","Warn: Project is vulnerable to: RUSTSEC-2024-0320"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-17T00:15:59.149Z","repository_id":37334832,"created_at":"2025-08-17T00:15:59.149Z","updated_at":"2025-08-17T00:15:59.149Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28427184,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-14T16:38:47.836Z","status":"ssl_error","status_checked_at":"2026-01-14T16:34:59.695Z","response_time":107,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cloud","enclave","intel-sgx","os","rust","security"],"created_at":"2024-07-31T02:00:16.823Z","updated_at":"2026-01-14T17:04:04.134Z","avatar_url":"https://github.com/occlum.png","language":"Rust","funding_links":[],"categories":["Rust","Runtime Framework","LibOS","其他_安全与渗透","CC Software Stack (Active and Open source)"],"sub_categories":["Industrial Leading Projects","网络服务_其他"],"readme":"![Occlum logo](docs/images/logo.png)\n## \u003c!-- render a nicely looking grey line to separate the logo from the content  --\u003e\n[![All Contributors](https://img.shields.io/badge/all_contributors-7-orange.svg?style=flat-square)](CONTRIBUTORS.md)\n[![Essential Test](https://github.com/occlum/occlum/actions/workflows/main.yml/badge.svg?branch=master)](https://github.com/occlum/occlum/actions/workflows/main.yml)\n[![SGX Hardware Mode Test](https://github.com/occlum/occlum/actions/workflows/hw_mode_test.yml/badge.svg?branch=master)](https://github.com/occlum/occlum/actions/workflows/hw_mode_test.yml)\n[![Demo Test](https://github.com/occlum/occlum/actions/workflows/demo_test.yml/badge.svg?branch=master)](https://github.com/occlum/occlum/actions/workflows/demo_test.yml)\n[![OpenSSF Best Practices](https://www.bestpractices.dev/projects/8917/badge)](https://www.bestpractices.dev/projects/8917)\n\n**NEWS:** Our paper _Occlum: Secure and Efficient Multitasking Inside a Single Enclave of Intel SGX_ has been accepted by [ASPLOS'20](https://asplos-conference.org/programs/). This research paper highlights the advantages of the single-address-space architecture adopted by Occlum and describes a novel in-enclave isolation mechanism that complements this approach. The paper can be found on [ACM Digital Library](https://dl.acm.org/doi/abs/10.1145/3373376.3378469) and [Arxiv](https://arxiv.org/abs/2001.07450).\n\nOcclum is a *memory-safe*, *multi-process* library OS (LibOS) for [Intel SGX](https://software.intel.com/en-us/sgx). As a LibOS, it enables *legacy* applications to run on SGX with *little or even no modifications* of source code, thus protecting the confidentiality and integrity of user workloads transparently.\n\nOcclum has the following salient features:\n\n  * **Efficient multitasking.** Occlum offers _light-weight_ LibOS processes: they are light-weight in the sense that all LibOS processes share the same SGX enclave. Compared to the heavy-weight, per-enclave LibOS processes, Occlum's light-weight LibOS processes is up to _1,000X faster_ on startup and _3X faster_ on IPC. In addition, Occlum offers an optional [**PKU**](./docs/pku_manual.md) (Protection Keys for Userspace) feature to enhance fault isolation between Occlum's LibOS and userspace processes if needed.\n  * **Multiple file system support.** Occlum supports various types of file systems, e.g., _read-only hashed FS_ (for integrity protection), _writable encrypted FS_ (for confidentiality protection), _untrusted host FS_ (for convenient data exchange between the LibOS and the host OS).\n  * **Memory safety.** Occlum is the _first_ SGX LibOS written in a memory-safe programming language ([Rust](https://www.rust-lang.org/)). Thus, Occlum is much less likely to contain low-level, memory-safety bugs and is more trustworthy to host security-critical applications.\n  * **Ease-of-use.** Occlum provides user-friendly build and command-line tools. Running applications on Occlum inside SGX enclaves can be as simple as only typing several shell commands (see the next section).\n\nSince version 0.30.0, Occlum has introduced EDMM as an optional feature. With EDMM, Occlum configurations become more flexible, and enclave loading time is significantly reduced. More details please refer to [edmm_config_guide](./docs/edmm/edmm_config_guide.md).\n\n## Occlum Documentation\n\nThe official Occlum documentation can be found at [`https://occlum.readthedocs.io`](https://occlum.readthedocs.io).\n\nSome quick links are as below.\n\n* [`Quick Start`](https://occlum.readthedocs.io/en/latest/quickstart.html#)\n* [`Build and Install`](https://occlum.readthedocs.io/en/latest/build_and_install.html#)\n* [`Occlum Configuration`](https://occlum.readthedocs.io/en/latest/occlum_configuration.html)\n* [`Occlum Compatible Executable Binaries`](https://occlum.readthedocs.io/en/latest/binaries_compatibility.html)\n* [`Demos`](https://occlum.readthedocs.io/en/latest/Demos/demos.html)\n* [`Q \u0026 A`](https://occlum.readthedocs.io/en/latest/qa.html)\n\n## What is the Implementation Status?\n\nOcclum is being actively developed. We now focus on implementing more system calls and additional features required in the production environment, including baremetal server and public cloud (Aliyun, Azure, ...) VM.\n\nAlso, a dedicated branch **1.0.0-preview** is used for next generation Occlum development.\n\n## How about the Internal Working?\n\nThe high-level architecture of Occlum is summarized in the figure below:\n\n![Arch Overview](docs/images/arch_overview.png)\n\n## Why the Name?\n\nThe project name Occlum stems from the word *Occlumency* coined in Harry Potter series by J. K. Rowling. In *Harry Potter and the Order of Phoenix*, Occlumency is described as:\n\n\u003e The magical defence of the mind against external penetration. An obscure branch of magic, but a highly useful one... Used properly, the power of Occlumency will help shield you from access or influence.\n\nThe same thing can be said for Occlum, not for the mind, but for the program:\n\n\u003e The magical defence of the program against external penetration. An obscure branch of technology, but a highly useful one... Used properly, the power of Occlum will help shield your program from access or influence.\n\nOf course, Occlum must be run on Intel x86 CPUs with SGX support to do its magic.\n\n## Contributors\n\nContributions of any kind are welcome! We will publish contributing guidelines and accept pull requests after the project gets more stable.\n\nThanks go to [all these wonderful contributors to this project](CONTRIBUTORS.md).\n\n## License\n\nOcclum is released under BSD License. See the copyright information [here](LICENSE).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Focclum%2Focclum","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Focclum%2Focclum","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Focclum%2Focclum/lists"}