Meet Zalando's OSS requirements

[dmitrykrivaltsevich]

Checklist:

Before Review Group approval:

• [x] Use the MIT license only. Include an edited license file in every repository.
• [x] Include a MAINTAINERS file. Every project MUST have at least two named maintainers.
• [x] Include an SECURITY. md file in the main root folder of your repository. E.g.: “If you have discovered a security vulnerability, please email tech-security@zalando.de .”
• [x] Create a README covering the points provided in Zalando's standard README template. The README MUST include a note about the MIT license at the bottom.
• [x] Include a CONTRIBUTING guidelines file, plus a note in your README that you welcome community contributions.
• [x] Answer this security questionnaire
• [x] Contact the appropriate language/technology guild to request a code review (reviewed by Simon Leo Hafner from scala guild, #28 - review summary)
• [x] Contact Engineering Productivity ( tech-ba-ep@zalando.de ) to request a basic code review and recommendation (approved by Diego Fernando Molina Bocanegra).
• [x] Estimate and provide the project’s current level of automated test coverage, and how you plan on maintaining or increasing that level over time. (current value: 92%)
• [x] Complete this product analysis. Provide some evidence that your work is unique and does not imitate an existing, actively maintained project. Usually a one-paragraph summary/list of 3-4 bullet points defining your project’s innovative features and distinct advantages is sufficient (see key points in README.md)
• [x] Contact OSS Evangelist Lauri Apple (lauri.apple@zalando.de) for help in satisfying these criteria.
• [x] Send a review request email to the Open Source Review Group including the project name and link: OSS-Review@zalando.de
• [ ] Receive approval from the Review Group

After approval from Review Group:

• [x] enable Two-Factor Authentication (2FA/MFA)
• [x] MUST NOT, at any time, include Zalando specifics such as credentials and private identifiers
• [x] SDLC: 4 eyes principle implemented
• [x] SDLC: history of master branch MUST NEVER be changed
• [ ] Tag all versions in GitHub with the exact version name
• [ ] Use GitHub pull requests to make all repository changes, including those made by maintainers, so that we can streamline review and change tracking
• [ ] SDLC: Zappr configured, Team ID entered into Zappr file
• [ ] SDLC: every Pull Request MUST contain or reference the specification for the code change.
• [ ] SDLC: enforced reviews for backdoors
• [ ] SDLC: enforced reviews for vulnerable code fragments
• [ ] If you use third-party OSS, you MUST create a workflow to clear combinations of different licenses within a project.
• [ ] honor the original license of third-party code
• [ ] contact Zalando Legal (bernd.suchomski@zalando.de) if you are unsure about how to create corresponding license files

[dmitrykrivaltsevich]

Sent code review request to "Engineering Productivity" team 2017-06-27

[dmitrykrivaltsevich]

Contacted scala guild in Zalando 2017-06-27

[dmitrykrivaltsevich]

Contacted Lauri 2017-07-03

[dmitrykrivaltsevich]

OSS Review request sent 2017-08-17