遵循以下最佳实践的项目将能够自愿的自我认证,并显示他们已经实现了核心基础设施计划(OpenSSF)徽章。 显示详细资料
[](https://www.bestpractices.dev/projects/5823)
<a href="https://www.bestpractices.dev/projects/5823"><img src="https://www.bestpractices.dev/projects/5823/badge"></a>
macOS agent used to display custom notifications and alerts to the end user.
Contribution requirements are defined in the CONTRIBUTING.md file and in the Pull Request Template.
DCO check is in place on each pull request. We use ProBot Github actions for it: https://probot.github.io/apps/dco/
The governance of the project is defined in the Contribution guidelines. https://github.com/IBM/mac-ibm-notifications/blob/main/CONTRIBUTING.md
https://github.com/IBM/mac-ibm-notifications/blob/main/CODE_OF_CONDUCT.md
Key roles are defined in the contribution guidelines. https://github.com/IBM/mac-ibm-notifications/blob/main/CONTRIBUTING.md
Any developer listed in the Maintainers list: https://github.com/IBM/mac-ibm-notifications/blob/main/MAINTAINERS.md is able to do so since the app doesn't make use of any secret or key stored anywhere. Also the organisation administrators (IBM) can access the project and, if needed add, maintainers.
From the maintainers list: https://github.com/IBM/mac-ibm-notifications/blob/main/MAINTAINERS.md
Leveraging the GitHub Issue tracking feature and milestones the project provide a clear overview of what is expected to be implemented in the next future and a clear estimation of the release of the next versions https://github.com/IBM/mac-ibm-notifications/issues
https://github.com/IBM/mac-ibm-notifications/blob/main/IBM%20Notifier%20Structure.pdf
Security policy: https://github.com/IBM/mac-ibm-notifications/blob/main/SECURITY.md
https://github.com/IBM/mac-ibm-notifications/wiki
The documentation is always updated together with any new release of the software as per PR template checklist.
https://github.com/IBM/mac-ibm-notifications/blob/main/README.md
Everything inside the project follows accessibility guidelines (Github, Xcode, the project itself)
Internationalisation is enabled through Xcode using Localizable.strings files and localisable string keys in the code.
The project does not make any use of passwords and it doesn't need any user authentication
The project does not deprecate any older version of the produced software. It's choice of the audience to adopt or not the latest release in their workflow.
The project support the standard Github Issue Tracking feature.
No vulnerability in the last 12 months.
From the security policy: https://github.com/IBM/mac-ibm-notifications/blob/main/SECURITY.md To report a vulnerability, please e-mail to maintainers of this project with a description of the issue, the steps you took to create the issue, affected versions, and if known, mitigations for the issue.
We should reply within three working days, probably much sooner.
We use GitHub's security advisory feature to track open security issues. You should expect a close collaboration as we work to resolve the issue you have reported.
You may also reach out to the team via Github Discussions
SwiftLintFramework https://github.com/IBM/mac-ibm-notifications/blob/main/CONTRIBUTING.md
SwiftLintFramwork already force a defined code style. https://github.com/IBM/mac-ibm-notifications/blob/main/.swiftlint.yml The linter action on PR check if it has been respected.
No native binaries are being generated
No build or installation system
Xcode ensure the build process.
The produced software is release as .app file able to be directly installed to an user device. The audience should choose the correct way to integrate the software in their workflow then (ex. DMG archives, Packages).
Using Swift Package Manager for external dependencies. See Package.resolved file: https://github.com/IBM/mac-ibm-notifications/blob/main/Notification%20Agent.xcodeproj/project.xcworkspace/xcshareddata/swiftpm/Package.resolved
Dependabot checks are in place for external dependencies: https://github.com/IBM/mac-ibm-notifications/security/dependabot
Swift Package Manager handle the update of the external dependencies as soon as new version are available. See Package.resolved file: https://github.com/IBM/mac-ibm-notifications/blob/main/Notification%20Agent.xcodeproj/project.xcworkspace/xcshareddata/swiftpm/Package.resolved
The project make no use of deprecated APIs. The new deprecations are substituted with new code as soon as they are notified by Xcode.
The project use Xcode Test Plans to run automated tests on the code base. See NotificationAgentTP.xctestplan file: https://github.com/IBM/mac-ibm-notifications/blob/main/NotificationAgentTP.xctestplan
Currently the test coverage doesn't reach the 80%. Working on increasing the coverage percentage.
This is part of the pull request template. See pull_request_template.md file: https://github.com/IBM/mac-ibm-notifications/blob/main/.github/pull_request_template.md
See Pull Request template.
The project doesn't show any warning in Xcode.
The project implement secure design principles where applicable. The code must follow secure coding designs and this is checked with automated analysis (SonarCloud) and manual analysis (Pull Request reviews).
The project make no use of credentials, cryptography or network communications.
The project provide an IBM Signed and Notarised copy of the .app bundle. It is also explained how to sign and notarise the app with your own Apple Developer certificate. See wiki: https://github.com/IBM/mac-ibm-notifications/wiki/Archive,-sign-and-notarize-the-app
Every major release provide an IBM Signed and Notarised copy of the .app bundle.
The project is not based on any data or db that could be vulnerable.
The project use Xcode hardened runtime capability. https://developer.apple.com/documentation/security/hardened_runtime
Working on providing this documentation.
The project use SonarCloud analysis tool.
The project is written in Swift.
后退