Open source library for machine learning in Python.

3 minute read

Author: Author IconReshama Shaikh

Summary

scikit-learn was honored to be selected to participate in Cohort 2 of the GitHub Secure Open Source Fund (OSF) Training Program. Cohort 1 took place earlier in 2025 with 19 projects, and Cohort 2 took place with 52 projects during June 2025.

GitHub announcement of GH-S-OS Fund
Original post: GH Secure OSS Announcement

It was an intense 3-week intense training program, with over 90 open source maintainers joining the training. Read the announcement from GitHub: Securing the supply chain at scale: Starting with 71 important open source projects

There were numerous workshops delivered by experts in the GitHub Security Lab. For many of these workshops, the learning materials are publicly available, and they are shared below.

GitHub Security Lab

GitHub has its own security department, and GitHub Security Lab’s mission is to empower developers and secure open source.

GitHub Security Lab
Original post: GitHub Security Lab

Resources for Security Training

The training provided many trainings by experts in the field. Below we share trainings that are available to the public.

CodeQL: From Zero to Hero

This workshop introduces fundamentals of security research and static analysis used when looking for vulnerabilities in software. They use an example of a simple vulnerability, walk through how CodeQL could detect it, and provide examples on how the audience could use CodeQL to find vulnerabilities themselves.

slides: Finding Vulnerabilities with CodeQL

CodeQL audience and topics covered
Original post: Finding Vulnerabilities with CodeQL

Developing Secure Software

This course includes specific tips on how to use and develop open source and other software securely. Learn the security basics to develop software that is hardened against attacks, and understand how you can reduce the damage and speed the response when a vulnerability is exploited.

It was developed by the Open Source Security Foundation (OpenSSF), a cross-industry collaboration that brings together leaders to improve the security of open source software by building a broader community, targeted initiatives, and best practices.

  • Online, Self Paced
  • 16-20 Hours of Course Material
  • Quizzes and Hands-on Labs
course: Developing Secure Software
Original post: LFD121: Developing Secure Software

OSS-Fuzz

Fuzz testing is a well-known technique for uncovering programming errors in software.

OSS-Fuzz
Original post: OSS-Fuzz

Secure Code Game

Secure Code Game is a GitHub Security Lab initiative, providing an in-repo learning experience, where learners to secure intentionally vulnerable code. At the same time, this is an open source project that welcomes your contributions as a way to give back to the community.

Secure Code Game
Original post: Secure Code Game

Participate in Future Cohorts of the GitHub Secure Open Source Training

If you are a maintainer of an open source project, this training is an excellent opportunity to secure your project with guidance from highly trained experts in the security field. Applications are open.

References

Blogs from Participating Open Source Projects

Acknowledgments

Thank you to the funders and ecosystem partners of the GitHub Secure Open Source Fund.

Funding Partners: Alfred P. Sloan Foundation, American Express, Chainguard, Datadog, Herodevs, Kraken, Mayfield, Microsoft, Shopify, Stripe, Superbloom, Vercel, Zerodha, 1Password

Sponsors

Ecosystem Partners: Ecosyste.ms, CURIOSS, Digital Data Design Institute Lab for Innovation Science, Digital Infrastructure Insights Fund, Microsoft for Startups, Mozilla, OpenForum Europe, Open Source Collective, OpenUK, Open Technology Fund, OpenSSF, Open Source Initiative, OpenJS Foundation, University of California, Santa Cruz OSPO, Sovereign Tech Agency, SustainOSS

Ecosystem Partners

You May Also Enjoy