遵循以下最佳实践的项目将能够自愿的自我认证,并显示他们已经实现了核心基础设施计划(OpenSSF)徽章。 显示详细资料
[](https://www.bestpractices.dev/projects/725)
<a href="https://www.bestpractices.dev/projects/725"><img src="https://www.bestpractices.dev/projects/725/badge"></a>
The Gitano project is a git server which aims to keep everything in Git repositories, rather than using additional database stores.
This is met via the ability to recover the project from Daniel's cold dead hands - see https://wiki.gitano.org.uk/about/governance/
Contributions from others are detailed at https://git.gitano.org.uk/gitano.git/log/
This is a requirement of submissions to the project.
This is covered by a top level licence statement.
We use git, https://git.gitano.org.uk/
Cards tagged 'low hanging' on https://trello.com/b/l4Id6iiC/gitano
Contribution occurs via SSH keys and those are locked by 2FA
2FA for ssh keys is via yubikeys
https://wiki.gitano.org.uk/contributing/
Review is always done by someone other than the author where possible, release cannot happen unless code is merged.
Via Debian reproducible build effort. As per https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/gitano.html our only issue is in an external tool (dblatex)
Testing is documented at https://git.gitano.org.uk/gitano.git/tree/TESTING
The project does not have a centralised CI, instead core developers must run package builds in order to create releases and those force the full test suites to run.
Libraries have over 90% coverage, the main app has over 90% coverage in core areas. Some plugins are less covered, but they are not supported content.
Coverage calculators cover branches as well as lines. Thus the above statement holds.
X-Content-Type-Options was not set to "nosniff". // X-Content-Type-Options was not set to "nosniff".
We performed a security audit before the release of 1.0 and we consider security implications of every change.
Such mechanisms are usually not applicable to languages such as Lua
No dynamic analysis tools of this kind exist for Lua code.
As above, no dynamic analysis tooling available.
后退