Make sure all core repo's follow Github best practices in terms of license, description, contributing guidelines, Issue and PR templates, readme's, etc. etc. - Githubissues

owaspsamm / samm-suite

This is an issues-only repository.

0 stars 1 forks source link

Make sure all core repo's follow Github best practices in terms of license, description, contributing guidelines, Issue and PR templates, readme's, etc. etc. #14

Open johnellingsworth opened 2 years ago

johnellingsworth commented 2 years ago

Standardize GitHub Organization Best Practices

As a Org Owner, I want to implement GitHub security best practices across the org and all core repositories, So that we have secure, consistent, well-documented, and maintainer/contributor-friendly projects

Acceptance Criteria

Repository Documentation

[ ] Each repository has a complete README.md with:
- Project description and purpose
- Installation/setup instructions
- Usage examples
- Development environment setup
- Link to documentation
- Build/test instructions
- Status badges (CI/CD, security, code coverage)

Legal and Licensing

[ ] Clear LICENSE file in repository root
[ ] Copyright notices where applicable
[ ] Code of Conduct file present
[ ] Contributing guidelines that:
- Explain the development process
- Define coding standards
- Describe commit message conventions
- Detail PR submission process

Templates

[ ] Issue templates for:
- Bug reports
- Feature requests
- Security vulnerabilities
- Documentation improvements
[ ] Pull Request template with:
- Description of changes
- Related issue references
- Testing instructions
- Checklist for submitters
- Checklist for reviewers

Repository Settings

[ ] Branch protection rules configured
[ ] Required status checks enabled
[ ] Required reviews before merging
[ ] Appropriate repository visibility settings
[ ] Defined merge strategy (squash, rebase, etc.)
[ ] Automated dependency updates enabled

Repository Organization

[ ] Consistent folder structure
[ ] .gitignore file properly configured
[ ] GitHub Actions workflows documented
[ ] Security policy (SECURITY.md) defined
[ ] Changelog maintenance process documented

Definition of Done

All core repositories follow the standardized structure
Documentation is complete and up-to-date
Templates are tested and functional
Repository settings are uniformly applied
Team members are trained on new standards
Automated checks verify compliance where possible

Notes

Consider automation scripts to verify compliance
Consider multi-language template variations
Document exceptions process
Plan regular review of standards
Include repository archival criteria

This is a medium priority issue as an insecure organization increases the risk of unintended consequences that could impact the project.

johnellingsworth commented 2 weeks ago

I have submitted a request for access to new GitHub Issues features: https://github.blog/changelog/2024-10-01-evolving-github-issues-public-beta/