From 9f5f3dcfd8801b9632c6b3ad288b251a7694998c Mon Sep 17 00:00:00 2001
From: Erika Hunhoff <erika.hunhoff@amd.com>
Date: Wed, 13 May 2026 08:53:50 -0600
Subject: [PATCH 1/4] Add Dependabot config and OSSF Scorecard workflow

Enables weekly Dependabot updates for GitHub Actions and the four
Python manifest directories (python/, utils/mlir_aie_wheels/,
utils/mlir_wheels/), with grouped minor/patch PRs to keep noise down.

Adds an OSSF Scorecard workflow that publishes results to the
GitHub Security tab and the public Scorecard registry, giving us a
running grade on supply-chain posture (token permissions, pinned
dependencies, branch protection, etc.).

Co-Authored-By: Claude Opus 4 (1M context) <noreply@anthropic.com>
---
 .github/dependabot.yml          | 31 ++++++++++++++++++++++++
 .github/workflows/scorecard.yml | 43 +++++++++++++++++++++++++++++++++
 2 files changed, 74 insertions(+)
 create mode 100644 .github/dependabot.yml
 create mode 100644 .github/workflows/scorecard.yml

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 00000000000..7889ed8f7ea
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,31 @@
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    open-pull-requests-limit: 5
+    groups:
+      actions-minor-patch:
+        update-types: ["minor", "patch"]
+
+  - package-ecosystem: "pip"
+    directory: "/python"
+    schedule:
+      interval: "weekly"
+    open-pull-requests-limit: 5
+    groups:
+      python-minor-patch:
+        update-types: ["minor", "patch"]
+
+  - package-ecosystem: "pip"
+    directory: "/utils/mlir_aie_wheels"
+    schedule:
+      interval: "weekly"
+    open-pull-requests-limit: 3
+
+  - package-ecosystem: "pip"
+    directory: "/utils/mlir_wheels"
+    schedule:
+      interval: "weekly"
+    open-pull-requests-limit: 3
diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
new file mode 100644
index 00000000000..4b4f1264258
--- /dev/null
+++ b/.github/workflows/scorecard.yml
@@ -0,0 +1,43 @@
+name: Scorecard supply-chain security
+on:
+  branch_protection_rule:
+  schedule:
+    - cron: '32 7 * * 2'
+  push:
+    branches: [ "main" ]
+
+permissions: read-all
+
+jobs:
+  analysis:
+    name: Scorecard analysis
+    runs-on: ubuntu-latest
+    permissions:
+      security-events: write
+      id-token: write
+      contents: read
+      actions: read
+    steps:
+      - name: Checkout
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11  # v4.1.1
+        with:
+          persist-credentials: false
+
+      - name: Run analysis
+        uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736  # v2.3.1
+        with:
+          results_file: results.sarif
+          results_format: sarif
+          publish_results: true
+
+      - name: Upload artifact
+        uses: actions/upload-artifact@26f96dfa697d77e81fd5907df203aa23a56210a8  # v4.3.0
+        with:
+          name: SARIF file
+          path: results.sarif
+          retention-days: 5
+
+      - name: Upload to code-scanning
+        uses: github/codeql-action/upload-sarif@012739e5082ff0c22ca6d6ab32e07c36df03c4a4  # v3.22.12
+        with:
+          sarif_file: results.sarif

From 38338538eae25b3938b0dd1a15c7febc455a367e Mon Sep 17 00:00:00 2001
From: Erika Hunhoff <erika.hunhoff@amd.com>
Date: Wed, 13 May 2026 09:11:27 -0600
Subject: [PATCH 2/4] Add SECURITY.md pointing to private vulnerability
 reporting

Provides a private channel for vulnerability disclosure (GitHub's
private advisory flow), removing the need for reporters to choose
between filing a public issue and emailing maintainers directly.

Co-Authored-By: Claude Opus 4 (1M context) <noreply@anthropic.com>
---
 SECURITY.md | 35 +++++++++++++++++++++++++++++++++++
 1 file changed, 35 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 00000000000..44fffff3c20
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,35 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+If you believe you have found a security vulnerability in mlir-aie, please
+report it privately rather than opening a public issue.
+
+The preferred channel is GitHub's private vulnerability reporting:
+
+  https://github.com/Xilinx/mlir-aie/security/advisories/new
+
+This opens a private advisory thread visible only to the maintainers. You
+should expect an initial acknowledgement within 5 business days.
+
+Please include, where possible:
+- A description of the vulnerability and its potential impact.
+- Steps to reproduce, or a minimal proof-of-concept.
+- The commit hash or release tag the issue was observed against.
+- Any suggested mitigation.
+
+## Supported Versions
+
+mlir-aie tracks the tip of `main`. Security fixes are applied to `main` and
+will appear in the next wheel build; older wheel releases are not patched
+in place.
+
+## Scope
+
+In-scope: code in this repository, including build tooling, Python
+bindings, and CI workflows.
+
+Out-of-scope: vulnerabilities in upstream LLVM/MLIR (please report to the
+LLVM project), in the AMD XDNA driver (please report through AMD's
+disclosure channel), or in third-party dependencies (please report to the
+respective project).

From 8767905c9f30d26b30c5771d899a5d7f5bdfe65e Mon Sep 17 00:00:00 2001
From: Erika Hunhoff <erika.hunhoff@amd.com>
Date: Wed, 13 May 2026 09:11:29 -0600
Subject: [PATCH 3/4] scorecard: allow workflow_dispatch for ad-hoc runs

Lets the workflow be triggered manually from the Actions tab in
addition to the weekly cron and push-to-main triggers, useful for
on-demand reruns and for validating the workflow on forks before
merging.

Co-Authored-By: Claude Opus 4 (1M context) <noreply@anthropic.com>
---
 .github/workflows/scorecard.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
index 4b4f1264258..07c886fc8e9 100644
--- a/.github/workflows/scorecard.yml
+++ b/.github/workflows/scorecard.yml
@@ -5,6 +5,7 @@ on:
     - cron: '32 7 * * 2'
   push:
     branches: [ "main" ]
+  workflow_dispatch:
 
 permissions: read-all
 

From a77768a897b2ce64a09c52900a99d1efe1df4b00 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 13 May 2026 15:42:44 +0000
Subject: [PATCH 4/4] Update nanobind requirement from >=2.9 to >=2.12.0 in
 /python

Updates the requirements on [nanobind](https://github.com/wjakob/nanobind) to permit the latest version.
- [Changelog](https://github.com/wjakob/nanobind/blob/master/docs/changelog.rst)
- [Commits](https://github.com/wjakob/nanobind/compare/v2.9.0...v2.12.0)

---
updated-dependencies:
- dependency-name: nanobind
  dependency-version: 2.12.0
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 python/requirements_dev.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/python/requirements_dev.txt b/python/requirements_dev.txt
index 670bc774e8f..7848e6afb22 100644
--- a/python/requirements_dev.txt
+++ b/python/requirements_dev.txt
@@ -5,7 +5,7 @@ wheel
 ninja!=1.13.0
 cibuildwheel
 pre-commit
-nanobind>=2.9
+nanobind>=2.12.0
 lit
 matplotlib
 # lit requires psutil to set timeouts