crtrott
commented
1 month ago I propose we add a new number 12:
12. Please describe Software Quality efforts (CI, security, auditing)
For Kokkos I answered this tentatively this way:
Kokkos uses mandatory pull request testing, with the level of comprehensiveness determined by perceived risk and impact level of the subprojects. Kokkos Core for example has 36 test configurations as part of PR testing covering different combination of toolchains, hardware and OS through a combination of GitHub runners and institutional resources. This includes:
- Linux, OSX (only CPU) and Windows (CPU and NVIDIA GPU)
- clang, gcc, intel, ROCM, CUDA, OneAPI (SYCL), MSVC
- X86, NVIDIA GPUs, AMD GPUs
Nightly testing expands this by several dozen more configurations including ARM CPUs and Intel GPUs. We report OpenSSF Scorecard and run codeQL on PRs (https://securityscorecards.dev/viewer/?uri=github.com/kokkos/kokkos-kernels, https://securityscorecards.dev/viewer/?uri=github.com/kokkos/kokkos).
Kokkos is also subject to Sandia's formal software quality auditing process, through which we have been run about every three years. This quality control process is ISO 9001 certified, Kokkos has been part of the ISO 9001 external auditing process in 2023.
ax3l
Proposal to fine-tune the questions in the new project template: https://github.com/hpsfoundation/tac/blob/main/.github/ISSUE_TEMPLATE/new-project-proposal.md
Moved out from #2
I think also relevant for us is to know are (e.g., as we evaluate criteria for Core level later on):
https://github.com/<org>/<subproject>/graphs/contributors