Make sure all core repo's follow Github best practices in terms of license, description, contributing guidelines, Issue and PR templates, readme's, etc. etc. #14
As a Org Owner,
I want to implement GitHub security best practices across the org and all core repositories,
So that we have secure, consistent, well-documented, and maintainer/contributor-friendly projects
Acceptance Criteria
Repository Documentation
[ ] Each repository has a complete README.md with:
Project description and purpose
Installation/setup instructions
Usage examples
Development environment setup
Link to documentation
Build/test instructions
Status badges (CI/CD, security, code coverage)
Legal and Licensing
[ ] Clear LICENSE file in repository root
[ ] Copyright notices where applicable
[ ] Code of Conduct file present
[ ] Contributing guidelines that:
Explain the development process
Define coding standards
Describe commit message conventions
Detail PR submission process
Templates
[ ] Issue templates for:
Bug reports
Feature requests
Security vulnerabilities
Documentation improvements
[ ] Pull Request template with:
Description of changes
Related issue references
Testing instructions
Checklist for submitters
Checklist for reviewers
Repository Settings
[ ] Branch protection rules configured
[ ] Required status checks enabled
[ ] Required reviews before merging
[ ] Appropriate repository visibility settings
[ ] Defined merge strategy (squash, rebase, etc.)
[ ] Automated dependency updates enabled
Repository Organization
[ ] Consistent folder structure
[ ] .gitignore file properly configured
[ ] GitHub Actions workflows documented
[ ] Security policy (SECURITY.md) defined
[ ] Changelog maintenance process documented
Definition of Done
All core repositories follow the standardized structure
Documentation is complete and up-to-date
Templates are tested and functional
Repository settings are uniformly applied
Team members are trained on new standards
Automated checks verify compliance where possible
Notes
Consider automation scripts to verify compliance
Consider multi-language template variations
Document exceptions process
Plan regular review of standards
Include repository archival criteria
This is a medium priority issue as an insecure organization increases the risk of unintended consequences that could impact the project.
Standardize GitHub Organization Best Practices
As a Org Owner, I want to implement GitHub security best practices across the org and all core repositories, So that we have secure, consistent, well-documented, and maintainer/contributor-friendly projects
Acceptance Criteria
Repository Documentation
Legal and Licensing
Templates
Repository Settings
Repository Organization
.gitignore
file properly configuredDefinition of Done
Notes
This is a medium priority issue as an insecure organization increases the risk of unintended consequences that could impact the project.