遵循以下最佳实践的项目将能够自愿的自我认证,并显示他们已经实现了核心基础设施计划(OpenSSF)徽章。 显示详细资料
[](https://www.bestpractices.dev/projects/5405)
<a href="https://www.bestpractices.dev/projects/5405"><img src="https://www.bestpractices.dev/projects/5405/badge"></a>
Notify LA-County users about available vaccine appointments.
All original source files include the copyright notice.
All original source files include the license notice.
Repository on GitHub, which uses git. git is distributed.
Small, introductory tasks are labeled up-for-grabs.
We require two-factor authentication for all organization members and outside collaborators as described in Requiring two-factor authentication in your organization.
2FA is required, but SMS is unacceptable.
The pull-request template specifies code-review requirements.
This project is written in Ruby and so does not require compilation.
CI runs RSpec with every commit.
CI currently shows 96% coverage.
There are no top-to-bottom FLOSS tools available in Ruby which can measure branch coverage. Ruby version 2.5 was the first version that enabled capturing branch coverage, and it was only released on 2017-12-25. Other tools on top of Ruby need to be modified so that they can use this information.
GitHub hosts the source.
This project is a strict wrapper of the Twitter-client gem; hardened response headers are up to the library to apply. Since it isn't compiled, compiler flags don't appy. We believe the scope for attack is limited to direct-message input from Twitter and vulnerabilities in dependencies and Ruby itself. We mitigate the former's risk by discarding any untrusted input, while we address the latter risks by using Dependabot to patch known vulnerabilities automatically.
Any untrusted (non zip-code) input is discarded and RSpec, moreover, covers some edge cases.
RSpec runs with 55 assertions.
后退