遵循以下最佳实践的项目将能够自愿的自我认证,并显示他们已经实现了核心基础设施计划(OpenSSF)徽章。 显示详细资料
[](https://www.bestpractices.dev/projects/6313)
<a href="https://www.bestpractices.dev/projects/6313"><img src="https://www.bestpractices.dev/projects/6313/badge"></a>
Fluid Attacks' core software repository.
Here are our members https://gitlab.com/fluidattacks/universe/-/project_members There are multiple owners, maintainers, and developers who can replace one another.
https://gitlab.com/fluidattacks/universe/-/graphs/trunk
All commits must be signed by the developer using GPG.
All files have a license statement
We use GitLab, which uses Git.
We have complexity labels for our project, identifying easy tasks ordering them using this label https://gitlab.com/fluidattacks/universe/-/issues
Every contributor must have 2FA configured on GitLab to be able to make changes.
We use GitLab's mechanism for 2FA.
https://docs.fluidattacks.com/development/contributing#review-process
All releases are controlled by a merge request approved by someone different to the author.
The project uses an open source tool Makes to create reproducible builds for every product, the process is explained Here
Tests are done using the recommended test suites for each language: Jest, Pytest. We have separated and invocable test suites for each product, the invocation process is explained Here
The project uses GitLab CI. https://help.fluidattacks.com/portal/en/kb/articles/developing-for-integrity#Continuous_Deployment
Coverage is measured by codecov and is 90% or superior.
https://docs.fluidattacks.com/about/security/integrity/certified-cloud-provider
Found all required security hardening headers. https://gitlab.com/fluidattacks/universe
We are a cybersecurity company, which means that we make security reviews of our projects constatly.
https://docs.fluidattacks.com/about/security/privacy/secure-data-delivery
We use our own DAST tool, which is executed on every CI pipeline on development and production branches.
We add assertions everywhere it should be done.
后退