Home/determined/Trust report

Trust and health report

determined - trust report

Sourced, dated trust signals - maintenance label posture, repository provenance, and security scan status. Not a composite safety grade.

GraphCanon updated today · GitHub synced today

Maintenance

Recency and activity heuristics from public GitHub metadata (maintenance label, momentum); methodology: github_public_v1.

Dormant18% signal

last push 478d ago · last release 1y

Provenance

Repository identity and fork provenance (github_public_v1).

Security scan

Dependency advisory security scan when a lockfile is present. Not a full code audit.

Status
39 low
Last scan
today
Scanner
osv@v1

Findings

GHSA-3936-cmfr-pm3m
black@23.3.0 · requirements.txt
GHSA-fj7x-q9j7-g6q6
black@23.3.0 · requirements.txt
PYSEC-2024-48
black@23.3.0 · requirements.txt
GHSA-73jc-5mrq-prw7
sqlfluff@2.1.4 · requirements.txt
GHSA-wmhf-fqc8-vxhh
sqlfluff@2.1.4 · requirements.txt
PYSEC-2026-209
sqlfluff@2.1.4 · requirements.txt
PYSEC-2026-210
sqlfluff@2.1.4 · requirements.txt
GHSA-5rjg-fvgr-3xxf
setuptools@70.0.0 · requirements.txt
PYSEC-2025-49
setuptools@70.0.0 · requirements.txt
GO-2022-0635
github.com/aws/aws-sdk-go@v1.40.34 · go.sum
GO-2022-0646
github.com/aws/aws-sdk-go@v1.40.34 · go.sum
GHSA-w73w-5m7g-f7qc
github.com/dgrijalva/jwt-go@v3.2.0+incompatible · go.sum
GO-2020-0017
github.com/dgrijalva/jwt-go@v3.2.0+incompatible · go.sum
GHSA-4vq8-7jfc-9cvp
github.com/docker/docker@v25.0.6+incompatible · go.sum
GHSA-pxq6-2prw-chj9
github.com/docker/docker@v25.0.6+incompatible · go.sum
GHSA-rg2x-37c3-w2rh
github.com/docker/docker@v25.0.6+incompatible · go.sum
GHSA-vp62-88p7-qqf5
github.com/docker/docker@v25.0.6+incompatible · go.sum
GHSA-x744-4wpc-v9h2
github.com/docker/docker@v25.0.6+incompatible · go.sum
GHSA-x86f-5xw2-fm2r
github.com/docker/docker@v25.0.6+incompatible · go.sum
GO-2025-3829
github.com/docker/docker@v25.0.6+incompatible · go.sum
GO-2026-4883
github.com/docker/docker@v25.0.6+incompatible · go.sum
GO-2026-4887
github.com/docker/docker@v25.0.6+incompatible · go.sum
GO-2026-5617
github.com/docker/docker@v25.0.6+incompatible · go.sum
GO-2026-5668
github.com/docker/docker@v25.0.6+incompatible · go.sum
GO-2026-5746
github.com/docker/docker@v25.0.6+incompatible · go.sum
GHSA-78h2-9frx-2jm8
github.com/go-jose/go-jose/v3@v3.0.3 · go.sum
GHSA-c6gw-w398-hv78
github.com/go-jose/go-jose/v3@v3.0.3 · go.sum
GO-2025-3485
github.com/go-jose/go-jose/v3@v3.0.3 · go.sum
GO-2026-4945
github.com/go-jose/go-jose/v3@v3.0.3 · go.sum
GHSA-6xp3-p59p-q4fj
github.com/go-pg/pg/v10@v10.10.6 · go.sum
GO-2025-3764
github.com/go-pg/pg/v10@v10.10.6 · go.sum
GHSA-mh63-6h87-95cp
github.com/golang-jwt/jwt@v3.2.2+incompatible · go.sum
GO-2025-3553
github.com/golang-jwt/jwt@v3.2.2+incompatible · go.sum
GHSA-29wx-vh33-7x7r
github.com/golang-jwt/jwt/v4@v4.4.3 · go.sum
GO-2024-3250
github.com/golang-jwt/jwt/v4@v4.4.3 · go.sum
GHSA-jqcq-xjh3-6g23
github.com/jackc/pgproto3/v2@v2.3.3 · go.sum
GO-2026-4518
github.com/jackc/pgproto3/v2@v2.3.3 · go.sum
GHSA-j88v-2chj-qfwx
github.com/jackc/pgx/v4@v4.18.2 · go.sum
GO-2026-5004
github.com/jackc/pgx/v4@v4.18.2 · go.sum

Method and caveats:these are sourced, dated heuristics from public GitHub data and optional dependency scans. A status like "no criticals found on 2026-07-11" is not a guarantee of safety. Read the full trust methodology · JSON report at /api/graphcanon/tools/determined-ai-determined/trust.

Common questions

Is determined maintained?
GraphCanon rates determined "Dormant" (18% maintenance signal from public GitHub metadata, computed today). Last push was 478 days ago. This is a recency heuristic, not a guarantee the project will stay maintained.
Is determined safe to use?
Last scanned today (deps profile). Status: 39 low - 39 low finding(s) in the latest scan. GraphCanon does not claim the project is safe or vulnerability-free; review findings on the trust report. GraphCanon does not certify determined as safe - review maintenance, provenance, and scan findings on this page before adopting.
Is determined a fork?
No. determined is not flagged as a fork in GitHub metadata at the time of the last refresh.
Does determined have known security vulnerabilities?
Last scanned today (deps profile). Status: 39 low - 39 low finding(s) in the latest scan. GraphCanon does not claim the project is safe or vulnerability-free; review findings on the trust report.
How often is the determined trust report updated?
Trust signals refresh on GitHub ingest/refresh cycles and optional dependency/MCP scans. This report was computed today (methodology github_public_v1).
What does GraphCanon never claim about determined?
We never publish a composite safety grade, pen-test endorsement, or "verified secure" label for determined. Signals are sourced heuristics with explicit limits - see trust methodology.
How does GraphCanon assess trust for determined?
Signals are sourced from public GitHub metadata and optional dependency/MCP manifest scans, each tagged with methodology version and computed date. GraphCanon does not publish a composite safety grade. Read trust methodology for full scope and limits.