遵循以下最佳实践的项目将能够自愿的自我认证,并显示他们已经实现了核心基础设施计划(OpenSSF)徽章。 显示详细资料
[](https://www.bestpractices.dev/projects/7179)
<a href="https://www.bestpractices.dev/projects/7179"><img src="https://www.bestpractices.dev/projects/7179/badge"></a>
Open Source Inventory Management System
The codestyles (PEP8 for python, google for docstrings) are mentioned in the contribution docs: https://docs.inventree.org/en/latest/sref/contrib .
Currently not seen as required by the project
Governance is documented, available online and shipped with code https://docs.inventree.org/en/latest/project/governance/
InvenTree follows the Contributor Covenant Code of Conduct https://github.com/inventree/InvenTree/blob/855e2627674f8ff50a97038b52ebd0c0eb8631da/CODE_OF_CONDUCT.md
https://inventree.org/about/team
2 significant contributors can merge and release updates https://docs.inventree.org/en/latest/project/governance/#write-access-to-the-code-base
bus factor of 2 https://docs.inventree.org/en/latest/project/governance/#write-access-to-the-code-base
Included in docs. https://docs.inventree.org/en/latest/sref/roadmap
Documented in the architecture docs. https://docs.inventree.org/en/latest/sref/architecture
Assumed threat model is documented https://docs.inventree.org/en/latest/concepts/threat_model/
https://docs.inventree.org/en/latest/start/intro/
Documentation is tagged with the same version as the main code
The badge is on the main Readme - https://github.com/inventree/inventree
The project tries to follow WAI-ARIA standards
The project uses standard translation mechanisms see https://github.com/inventree/InvenTree/tree/master/InvenTree/locale/en/LC_MESSAGES
The project uses PBKDF2
The project includes migrations, single-line upgrades https://docs.inventree.org/en/latest/start/installer/#updating-inventree and instructions https://docs.inventree.org/en/latest/start/docker_prod/#updating-inventree
https://docs.inventree.org/en/latest/sref/issues
https://github.com/inventree/InvenTree/security/advisories/GHSA-mmm6-rwf8-ghv3
https://docs.inventree.org/en/latest/sref/security-policy
PEP as mentioned in CONTRIBUTING https://docs.inventree.org/en/latest/sref/contrib
https://docs.inventree.org/en/latest/sref/ci-sample
Python is not using a compiler
The project is using Python
Invoke with setup tasks is provided
Package distributions follow deb conventions
A development Dockerfile is included in the source
Requirements.txt is provided https://github.com/inventree/InvenTree/blob/master/requirements.txt
Dependabot is activated
The project follows djangoproject recommendations where available.
Tests are added for all major bugs.
The general testing policy applies for all new code - https://docs.inventree.org/en/latest/sref/contrib#unit-testing
See https://docs.inventree.org/en/latest/sref/contrib#unit-testing
PRs with failing checks are not merged.
The project is trying to follow industry standards and limit the stored information
The default settings are following Django recommendations.
All listed SHA variants are supported
Secrets can be stored in files and are accessed dynmaically
By default, only secure links are supported
Depends on the user's setup. By default, no webserver is included.
The used libaries use TLS where possible and support verification using the systems trust store. The application itself relies on a reverse proxy ( by default caddy) to provide TLS
Debian releases are signed, GitHub releases include attestations
Tags are singed using GPG
The application uses various libaries to check inputs for code injections etc. and follows django best practices
CSRF and similar mechanisms are used; https://docs.inventree.org/en/latest/concepts/threat_model/
Included in architecture document. https://docs.inventree.org/en/latest/sref/architecture
the project uses flake8 with bandit enabled
Prject uses python
后退