Info | ||
---|---|---|
| ||
Read the FINOS security vulnerabilities responsible disclosure document to know how security incidents are managed across FINOS projects. Use WhiteSource to configure your FINOS project for automated scanning. |
In order to assess Security, Quality and /wiki/spaces/FINOS/pages/75530375 of software hosted by the Foundation, project leads and committers can configure integrations with third-party systems that are provided by the Foundation; the result of these processes can be published in the project's documentation to improve the final consumer experience and when /wiki/spaces/FINOS/pages/75530376.
Below is the list of code validation systems currently available, ordered by features and languages supported.
Page Properties Report | ||||
---|---|---|---|---|
|
...
Child pages (Children Display) |
---|
Project compliance scan
Info | ||
---|---|---|
| ||
We are working to align these checks with our Project Support Guidelines, read more on https://github.com/finos/open-developer-platform/issues/107 |
FINOS have developed a tool that scans all the GitHub repositories across all FINOS orgs and generates a report based on the following quality and compliance validations:
has-admin
- One or more admin collaborators were found in this GitHub repository. FINOS Governance doesn't allow GitHub users to have Admin rights on repositories, therefore it must be removed.has-user
- One or more user collaborators were found in this GitHub repository. FINOS Governance only allows GitHub users to be added via Teams. Please remove it, therefore it must be removed.disabled-issues
- This GitHub repository does not have GitHub Issues enabled; make sure that there is a documented way to submit questions, feature requests and other communications to the project team.no-teams
- This GitHub repository does not grant permissions to any FINOS Team, although it should be configured to grant access to the program and project specific teams defined in https://github.com/orgs/finos/teams. Please email help@finos.org and coordinate changes to the repository access permissions.no-issue-templates
- This GitHub repository does not use issue templates; please check the issue template blueprints.no-contributing
-CONTRIBUTING.md
file is missing; check the CONTRIBUTING.md template.no-code-conduct
-CODE_OF_CONDUCT.md
file is missing; check the CODE_OF_CONDUCT.md template.notice-nok
-NOTICE
file is incomplete; check line 4 of the NOTICE template.no-notice
-NOTICE
file is missing; check the NOTICE template.no-readme
-README.md
file is missing; check the README.md template.no-description
- This GitHub repository does not have a general description defined; theEdit
button is seen when on the repositories main page, which is theCode
tab.is-archivable
- This repository belongs to project{{project-name}}
which is archived, therefore the GitHub repository is expected to be archived too. @finos-staff will get in touch with the project lead to sort it out.readme-nok
-README.md
file is incomplete; check the README.md template and make sure that## Contributing
and## License
sections exist.no-badge
-README.md
file is missing the FINOS badge; check the README.md template and make sure that it embeds one of SVG FINOS badges.wrong-badge
- Our internal records state that this project is in {{project-state}} state, whereasREADME.md
states{{readme-state}}
; make sure thatREADME.md
embeds the right FINOS badge." :repo-not-on-file "We don't have this repository on file. We will fix this issue on our side as soon as possible and keep you posted.no-whitesource
- WhiteSource configuration was not found; make sure that dependencies are scanned against security vulnerabilities. Read more on the WhiteSource Wiki page.
Code is publicly available on https://github.com/finos/metadata-tool, the command to invoke is check-project-repos
.
...