Closed ax3l closed 1 month ago
I propose we add a new number 12:
12. Please describe Software Quality efforts (CI, security, auditing)
For Kokkos I answered this tentatively this way:
Kokkos uses mandatory pull request testing, with the level of comprehensiveness determined by perceived risk and impact level of the subprojects. Kokkos Core for example has 36 test configurations as part of PR testing covering different combination of toolchains, hardware and OS through a combination of GitHub runners and institutional resources. This includes:
Nightly testing expands this by several dozen more configurations including ARM CPUs and Intel GPUs. We report OpenSSF Scorecard and run codeQL on PRs (https://securityscorecards.dev/viewer/?uri=github.com/kokkos/kokkos-kernels, https://securityscorecards.dev/viewer/?uri=github.com/kokkos/kokkos).
Kokkos is also subject to Sandia's formal software quality auditing process, through which we have been run about every three years. This quality control process is ISO 9001 certified, Kokkos has been part of the ISO 9001 external auditing process in 2023.
Discussed today: all agreed in the TAG these are good ideas. @crtrott will open a PR and we will vote on it next meeting.
Proposal to fine-tune the questions in the new project template: https://github.com/hpsfoundation/tac/blob/main/.github/ISSUE_TEMPLATE/new-project-proposal.md
Moved out from #2
I think also relevant for us is to know are (e.g., as we evaluate criteria for Core level later on):
https://github.com/<org>/<subproject>/graphs/contributors