遵循以下最佳实践的项目将能够自愿的自我认证,并显示他们已经实现了核心基础设施计划(OpenSSF)徽章。 显示详细资料
[](https://www.bestpractices.dev/projects/3777)
<a href="https://www.bestpractices.dev/projects/3777"><img src="https://www.bestpractices.dev/projects/3777/badge"></a>
ONAP-DCAE-Designtime will include components to support microservice onboarding and design. GUI is provided for designer to construct service flow and distribute to DCAE runtime environment
https://wiki.onap.org/display/DW/Resources+and+Repositories#ResourcesandRepositories-DataCollectionAnalyticsandEvents
all source and documentation files are required to have copyright notices
all source and documentation files are required to have license statements
Git and and its code review add-on Gerrit are used.
https://wiki.onap.org/display/DW/DCAE+Committer+Guidelines (and pages pointed to by it) explains how a committer is to look at each pull request submitted via Gerritt.
Self-commits are not allowed. https://wiki.onap.org/display/DW/Code+Review
https://jenkins.onap.org/dcaegen2
Junit tests are invoked from mvn. Pytest tests are invoked by running pytest from command line. Rebar3 tests are invoked from command line by running rebarr3. All are included as part of Jenkin builds. All are standard testing tools invoked in standard way. Robot Framework tests are invoked by standard Robot methodology, also triggered by Jenkins build jobs. https://wiki.onap.org/display/DW/Continuous+Integration https://wiki.onap.org/pages/viewpage.action?pageId=4718718
For each pull request, the project needs to be built successfully before the Merge option becomes activated. The test will be run automatically during the building process as well. Once build successfully and all tests has past, the Merge option will be activated.
https://wiki.onap.org/display/DW/Continuous+Integration https://wiki.onap.org/pages/viewpage.action?pageId=4718718
all TLS libraries are current
// X-Content-Type-Options was not set to "nosniff". // One or more of the required security hardening headers is missing.
MOD NiFI currently does not use headers like CSP currently.
ONAP does not employ dynamic code analysis beyond what SONAR and CLM (Nexus IQ) analysis. The security subcommittee is undergoing a task identifying suitable dynamic analysis tool but at this time none has been identified.
后退