遵循以下最佳实践的项目将能够自愿的自我认证,并显示他们已经实现了核心基础设施计划(OpenSSF)徽章。 显示详细资料
[](https://www.bestpractices.dev/projects/3303)
<a href="https://www.bestpractices.dev/projects/3303"><img src="https://www.bestpractices.dev/projects/3303/badge"></a>
The SPIFFE Runtime Environment
https://github.com/spiffe/spiffe/blob/master/CONTRIBUTING.md#coding-conventions-
https://github.com/spiffe/spire/blob/master/CONTRIBUTING.md
https://github.com/spiffe/spiffe/blob/master/GOVERNANCE.md
https://github.com/spiffe/spiffe/blob/master/CODE-OF-CONDUCT.md
https://github.com/spiffe/spiffe/blob/master/CODEOWNERS
https://github.com/spiffe/spire/blob/master/CODEOWNERS
https://github.com/spiffe/spire/wiki/Roadmap
https://spiffe.io/spire/concepts/
https://blog.scytale.io/scrutinizing-spire-security-9c82ba542019
https://spiffe.io/spire/try/getting-started-k8s/
Docs are generated with every release. https://github.com/spiffe/spiffe.io
https://github.com/spiffe/spire
The project's specification and runtime implementation are fairly accessible as-is.
the software doesn't generate text intended for end-users and doesn't sort human-readable text
The project site does not store passwords.
https://spiffe.io/downloads/
https://github.com/spiffe/spire/issues
https://github.com/spiffe/spire/blob/master/CONTRIBUTING.md#reporting-security-vulnerabilities
No FLOSS tools available for golang
No native binaries are being generated by the project.
The project does not restrict the user of relevant flags.
The project does not recursively build subdirectories. All of its dependencies are external to its installation.
https://travis-ci.org/github/spiffe/spire
https://spiffe.io/spire/docs/install-server/
No standard convention
https://spiffe.io/spire/docs/extending/
SPIRE has the following build-time dependencies: golang (BSD 3-clause), go.uuid (MIT), golang/protobuf (BSD 3-clause), logrus (MIT), go-grpc (Apache 2.0), go-plugin (MPL-2.0), hcl (MPL-2.0), gorm (MIT), gopsutil (BSD 3-clause), go-hclog (MIT), grpc-gateway (BSD 3-clause, Apache 2.0), inflection (MIT), go-bindata (CC0 1.0), go-sqlite3 (MIT), sqlite (public domain). As a golang project, SPIRE has no special runtime dependencies.
https://app.fossa.com/attribution/51437f53-9c25-41c0-b7f3-cb2bc0692912
The project does not rely on externally-maintained components.
The project makes an earnest attempt to make sure that it doesn't use deprecated or obsolete functions and APIs.
https://coveralls.io/github/spiffe/spire?branch=master
The project earnestly tries to ensure that tests are added for all bugs that are fixed. https://github.com/spiffe/spire/tree/master/test
https://github.com/spiffe/spire/tree/master/test
The project is strict with warnings and requires that pull requests emit no Linter warnings.
The project strives to implement secure design principles.
The project's default security mechanisms do not depend on weak algorithms or modes.
The project supports multiple cryptographic algorithms, where applicable.
The project supports the storage of private cryptographic keys
The project supports TLS for all of its network communications.
The project supports at TLS version 1.2, as provided by golang.
The project performs TLS certificate verification by default.
The project performs certificate verification, and before sending HTTP headers, but it does not need to send private information.
https://github.com/spiffe/spire/releases
The project check all inputs from potentially untrusted sources to ensure they are valid,
The project tries to use hardening mechanisms whenever possible and favor "secure by default". https://github.com/spiffe/spire/blob/master/MAINTAINERS.md#security-and-usability
No Floss tools available for golang.
The code is not written in a memory-unsafe language.
后退