遵循以下最佳实践的项目将能够自愿的自我认证,并显示他们已经实现了核心基础设施计划(OpenSSF)徽章。 显示详细资料
[](https://www.bestpractices.dev/projects/9373)
<a href="https://www.bestpractices.dev/projects/9373"><img src="https://www.bestpractices.dev/projects/9373/badge"></a>
OWASP Project Developer Guide - Document and Project Web pages
The OWASP Developer Guide project has 5 project leaders all with full admin rights to the repository: https://github.com/OWASP/www-project-developer-guide/blob/main/leaders.md In addition the OWASP foundation also has admin rights to the github OWASP organization area, which encompasses the Developer Guide, and so even if all 5 leaders were to become unavailable all files would still be fully accessible by the OWASP organization
Repository on GitHub, which uses git. git is distributed.
The automated tests applied by the pipelines (link checks, spell checks and markdown lint) are invoked in a standard way from the command line or from a github action. This is done on both pull request and commit: https://github.com/OWASP/www-project-developer-guide/blob/main/.github/workflows/ci.yaml https://github.com/OWASP/www-project-developer-guide/blob/main/.github/workflows/pr.yaml
The automated tests (checks, spell checks and markdown lint) are applied as part of the continuous integration pipelines for pull-request, commit, release and nightly: https://github.com/OWASP/www-project-developer-guide/blob/main/.github/workflows/pr.yaml https://github.com/OWASP/www-project-developer-guide/blob/main/.github/workflows/ci.yaml https://github.com/OWASP/www-project-developer-guide/blob/main/.github/workflows/release.yaml https://github.com/OWASP/www-project-developer-guide/blob/main/.github/workflows/housekeeping.yaml
The OWASP Developer Guide is a documentation project with no cryptographic security mechanisms
The OWASP Developer Guide is project repository is on GitHub and this is known to meet the requirement (see details to this section): https://github.com/OWASP/www-project-developer-guide
The OWASP Developer Guide project is a documentation project hosted by the OWASP organization itself, and as such does not require hardening mechanisms: https://owasp.org/www-project-developer-guide/
The OWASP Developer Guide is not an application that runs dynamically, it is a web document that is browsed as part of the OWASP web site: https://owasp.org/www-project-developer-guide/release/
The OWASP Developer Guide is not an application that runs dynamically, it is a web document that is browsed as part of the OWASP web site: https://owasp.org/www-project-developer-guide/release/ as such there are no run-time assertions that are practical and no dynamic analysis
后退