| Info | ||
|---|---|---|
| ||
Read the FINOS security vulnerabilities responsible disclosure document to know how security incidents are managed across FINOS projects. Use WhiteSource to configure your FINOS project for automated scanning. |
In order to assess Security, Quality and /wiki/spaces/FINOS/pages/75530375 of software hosted by the Foundation, project leads and committers can configure integrations with third-party systems that are provided by the Foundation; the result of these processes can be published in the project's documentation to improve the final consumer experience and when /wiki/spaces/FINOS/pages/75530376.
Below is the list of code validation systems currently available, ordered by features and languages supported.
| Page Properties Report | ||||
|---|---|---|---|---|
|
...
| Child pages (Children Display) |
|---|
Project compliance scan
| Info | ||
|---|---|---|
| ||
We are working to align these checks with our Project Support Guidelines, read more on https://github.com/finos/open-developer-platform/issues/107 |
FINOS have developed a tool that scans all the GitHub repositories across all FINOS orgs and generates a report based on the following quality and compliance validations:
has-admin- One or more admin collaborators were found in this GitHub repository. FINOS Governance doesn't allow GitHub users to have Admin rights on repositories, therefore it must be removed.has-user- One or more user collaborators were found in this GitHub repository. FINOS Governance only allows GitHub users to be added via Teams. Please remove it, therefore it must be removed.disabled-issues- This GitHub repository does not have GitHub Issues enabled; make sure that there is a documented way to submit questions, feature requests and other communications to the project team.no-teams- This GitHub repository does not grant permissions to any FINOS Team, although it should be configured to grant access to the program and project specific teams defined in https://github.com/orgs/finos/teams. Please email help@finos.org and coordinate changes to the repository access permissions.no-issue-templates- This GitHub repository does not use issue templates; please check the issue template blueprints.no-contributing-CONTRIBUTING.mdfile is missing; check the CONTRIBUTING.md template.no-code-conduct-CODE_OF_CONDUCT.mdfile is missing; check the CODE_OF_CONDUCT.md template.notice-nok-NOTICEfile is incomplete; check line 4 of the NOTICE template.no-notice-NOTICEfile is missing; check the NOTICE template.no-readme-README.mdfile is missing; check the README.md template.no-description- This GitHub repository does not have a general description defined; theEditbutton is seen when on the repositories main page, which is theCodetab.is-archivable- This repository belongs to project{{project-name}}which is archived, therefore the GitHub repository is expected to be archived too. @finos-staff will get in touch with the project lead to sort it out.readme-nok-README.mdfile is incomplete; check the README.md template and make sure that## Contributingand## Licensesections exist.no-badge-README.mdfile is missing the FINOS badge; check the README.md template and make sure that it embeds one of SVG FINOS badges.wrong-badge- Our internal records state that this project is in {{project-state}} state, whereasREADME.mdstates{{readme-state}}; make sure thatREADME.mdembeds the right FINOS badge." :repo-not-on-file "We don't have this repository on file. We will fix this issue on our side as soon as possible and keep you posted.no-whitesource- WhiteSource configuration was not found; make sure that dependencies are scanned against security vulnerabilities. Read more on the WhiteSource Wiki page.
Code is publicly available on https://github.com/finos/metadata-tool, the command to invoke is check-project-repos.
...