Open Source Checklist - Githubissues

LLNL / open-source-guidelines

Information about working with LLNL open source projects

MIT License

7 stars 2 forks source link

Open Source Checklist #8

Open IanLee1521 opened 7 years ago

IanLee1521 commented 7 years ago

We should see about adding something like https://github.com/cfpb/open-source-checklist into our best practices so that we can make sure whatever is released and pushed out is, and stays, "clean" for however we end up defining that.

Some things to watch out for include:

checked in passwords (see also: https://github.com/18F/seekret)
internal bitbucket URLs
others?

konklone commented 7 years ago

API tokens :)

IanLee1521 commented 7 years ago

Further resource, pointed out to me by @benbalter https://opensource.guide

pombredanne commented 6 years ago

You may want to consider suggesting a scan for licenses with https://github.com/nexB/scancode-toolkit I maintain this

IanLee1521 commented 6 years ago

Content from #13

https://before-you-ship.18f.gov/security/scanning/

CI options:

Travis CI (has a free option, integrated with GitHub)
Buildbot (open source, free to use, integration with Amazon Web Services)
Jenkins

Code Coverage:

codecov

Static Analysis:

Coverity

Patch Review/Management:

Gerrit