遵循以下最佳实践的项目将能够自愿的自我认证,并显示他们已经实现了核心基础设施计划(OpenSSF)徽章。 显示详细资料
[](https://www.bestpractices.dev/projects/3055)
<a href="https://www.bestpractices.dev/projects/3055"><img src="https://www.bestpractices.dev/projects/3055/badge"></a>
Tool to develop directly in your dev Kubernetes cluster
Code of Conduct and Contribution guide is available on github: https://github.com/okteto/okteto/blob/master/code-of-conduct.md https://github.com/okteto/okteto/blob/master/contributing.md
We require a DCO on all contributions https://github.com/okteto/okteto/blob/master/contributing.md#sign-your-work
https://github.com/okteto/okteto/blob/master/code-of-conduct.md
There are three maintainers that are owners of the repo and the organization. all keys are stored as github secrets that can be regenerated if needed. https://github.com/okteto/okteto/#stay-in-touch
There are three maintainers: https://github.com/okteto/okteto/blob/master/CODEOWNERS
https://github.com/okteto/okteto/blob/master/docs/how-does-it-work.md
https://github.com/okteto/okteto/#getting-started
docs are available at https://okteto.com/docs/reference/cli/index.html
All badges are displayed at https://github.com/okteto/okteto
we have not yet implemented any accessibility best practices
we have not yet implemented i18n
project doesn't store passwords
All public versions are available on github for reference.
https://github.com/okteto/okteto/issues
Release notes include credit for bugs and reports https://github.com/okteto/okteto/releases
https://github.com/okteto/okteto/blob/master/contributing.md#report-security-issues
requirements are listed in the contribution docs https://github.com/okteto/okteto/blob/master/contributing.md#contributions, and are enforced on commit.
we use golang-cilint to enforce it.
We use golang's compiler for this, invoked via a Makefile
We fallback on golang's compiler for this.
The project generates a single binary.
We don't have an installer, it's a single binary.
All the requirements come with the source code.
Dependencies are documented via https://github.com/okteto/okteto/blob/master/go.mod
Github's dependbot checks hits.
All external dependencies are documented via https://github.com/okteto/okteto/blob/master/go.mod and updated via go mod
This is verified on PR and with linters
Every PR has a CI job, currently on circleci. The report is part of the status of the PR.
Every PR has a codecoverage job, currently on circleci. The report is part of the status of the PR.
We use codeconv to measure coverage on PRs
It's listed in our contribution guide https://github.com/okteto/okteto/blob/master/contributing.md#pull-requests
We build with strict flags.
Tool depends on user's level of access to the cluster.
Our code analysis tools catch this issues.
We relay on go's core classes for this.
Tokens are stored in the user directory.
project uses SSL and HTTPS
we use the latest crypto libraries from golang.
We check for TLS when accessing resources or clusters.
We depend on golang's core http libraries for this.
We relay on github and git for this.
our test suite covers these scenarios in our inputs
We use golanng's leak detectors as well as static anaysis tools in our CI/CD https://github.com/okteto/okteto
Every PR and master is analyzed by https://github.com/golangci/golangci-lint
We don't use memory-unsafe language.
后退