microsoft / code-with-engineering-playbook

This is the playbook for "code-with" customer or partner engagements
https://microsoft.github.io/code-with-engineering-playbook/
Creative Commons Attribution 4.0 International
2.27k stars 598 forks source link

Add a section on evaluating OSS #1039

Open balteravishay opened 8 months ago

balteravishay commented 8 months ago

Is your feature request related to a problem? Please describe. The playbook lacks guidance on how to evaluate an open source dependency that is being taken.

Describe the solution you'd like What tools can developers use to evaluate OSS. what are potential decision drivers, what are some common things to look for.

Additional context Based on a recent engagement where the crew was unsure if to take a dependency on OSS package given the rise in OSS supply chain attacks.

balteravishay commented 1 month ago

can be closed, fixed by #1040 @shiranr @TessFerrandez