遵循以下最佳实践的项目将能够自愿的自我认证,并显示他们已经实现了核心基础设施计划(OpenSSF)徽章。 显示详细资料
[](https://www.bestpractices.dev/projects/6309)
<a href="https://www.bestpractices.dev/projects/6309"><img src="https://www.bestpractices.dev/projects/6309/badge"></a>
License Pre-Validation Service analyzes which open source components and licenses are used in every patch. It returns the list of restricted licenses and the possibility of license violation on the comment with the exact code location and the open source component information.
We're having everything extensively documented and tested. There are no secrets. Referring to the different forms (one of: https://www.process.st/bus-factor/#how ) of calculating "bus factor" can be said with certainty that it is not less than 2.
Our contributors
All source files include a copyright statement. Examples: - https://github.com/Samsung/LPVS/blob/main/src/main/java/com/lpvs/LicensePreValidationSystem.java - https://github.com/Samsung/LPVS/blob/main/src/main/java/com/lpvs/controller/GitHubWebhooksController.java
MIT license conventions Example of the source file
Repository on GitHub, which uses git. git is distributed.
or quick entry into the project, tasks for beginners are labeled as "good first issue" https://github.com/Samsung/LPVS/issues
The Samsung organization has set up two-factor authentication for maintainers.
The Samsung organization recommends to use applications for authentication (Ex. Authy).
Project code review policy
The "least two approvals for merging PR to upstream" option is enabled in the project settings.
Instructions on how to check a reproducible build
mvn -B package --file pom.xml https://github.com/Samsung/LPVS/actions/workflows/test-suite.yml
During any pull request or push command, autotests are started https://github.com/Samsung/LPVS/actions/workflows/test-suite.yml
pull request
push
92% statement coverage https://app.codecov.io/gh/Samsung/LPVS
80% branch coverage https://app.codecov.io/gh/Samsung/LPVS
TLS are used in the 3rd-party components of project.
3rd-party components support TLS 1.2 version
Found all required security hardening headers
One of the project's maintainers (o-kopysov) analyzes security every half year.
Hardening mechanisms are used in project
The project is in the grow stage. The project uses a ClusterFuzzLite (jazzer) for Fuzz testing. We have launched a process to increase fuzzing test coverage.
Runtime assertions are disabled by default in Java, so instead we are changing most of them to explicit runtime checks. Violations of runtime checks will throw some sort of Exception.
后退