遵循以下最佳实践的项目将能够自愿的自我认证,并显示他们已经实现了核心基础设施计划(OpenSSF)徽章。 显示详细资料
[](https://www.bestpractices.dev/projects/9278)
<a href="https://www.bestpractices.dev/projects/9278"><img src="https://www.bestpractices.dev/projects/9278/badge"></a>
Kexa's simple rules (Open Source) guarantee the security of your entire cloud. With real-time monitoring, instant alerts and detailed, scalable and integrable reporting, it turns complexity into simplicity, turning compliance into a competitive advantage.
https://kexa.io/contact has a redirect link to the github page, which has a CONTRIBUTION.md that explain all the contribution process
https://github.com/4urcloud/Kexa/blob/main/RESPONSIBILITIES.md
https://github.com/4urcloud/Kexa/blob/main/CODE_OF_CONDUCT.md
https://github.com/4urcloud/Kexa/blob/main/documentation/Documentation-Kexa.md
https://github.com/4urcloud/Kexa/blob/main/SECURITY.md
https://github.com/4urcloud/Kexa/blob/main/README.md
All the project is a client sided. No data is provided to us.
https://github.com/4urcloud/Kexa/blob/main/documentation/Documentation-Kexa.md#downloads-or-update-kexa
We have setup Github issue template for issues & bug report : https://github.com/4urcloud/Kexa/issues
We have a little community all issue are discovered by us
"If there is no build or installation system (e.g., typical JavaScript libraries), select "not applicable" (N/A)" The application are made with Typescript
"If no building occurs (e.g., scripting languages where the source code is used directly instead of being compiled), select "not applicable" (N/A)." The application are made with Typescript
https://github.com/4urcloud/Kexa/blob/main/documentation/Documentation-Kexa.md#setup-configuration
"If there is no installation system or no standard convention, select "not applicable" (N/A)." We don't have a installation system
https://github.com/4urcloud/Kexa/blob/main/pnpm-lock.yaml
We use dependabot and code scanning from GitHub
We have some unit test. All of this test are run during PR in GitHub to assure good quality
警告:需要更长的理由。
We have a built-in tool that involves key vault either via environment variables or third-party key vaults: Google, Azure, AWS, Hashicorp
All out and in communication support secure channel
All out and in communication support secure channel like TLS version 1.2 and higher (1.3)
All outgoing communications are on the latest communication format supported by the receiver. Verifications on the certificate are carried out for the export of data. For incoming data, all are done at the initiative of the application and are designated by the user.
"If releases are not intended for widespread use, select "not applicable" (N/A)."
We do not distribute our releases, it is the user's responsibility to come and get the update on our GitHub repository ONLY
We have dedicated modules to cover undesirable values as much as possible and alert the user of missed or erroneous information.
后退