Skip to content

Commit

Permalink
add code quality doc to project
Browse files Browse the repository at this point in the history
Signed-off-by: Michael Robinson <merobi@gmail.com>
  • Loading branch information
merobi-hub committed Nov 8, 2022
1 parent 2913809 commit 9ce16e5
Showing 1 changed file with 30 additions and 0 deletions.
30 changes: 30 additions & 0 deletions CODE_QUALITY_AND_SECURITY.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
# Code Quality and Security Assurance Statement

The authors of Marquez are committed to providing secure software of the highest quality possible. To this end, we employ a number of tools and methodologies to ensure that our design, build, maintenance and testing practices maximize efficiency and minimize risk.

The specific security and analysis methodologies that we employ include but are not limited to:

## Security

- Participation in the [OpenSSF Best Practices Badge Program](https://bestpractices.coreinfrastructure.org/en/projects/5106) for Free/Libre and FLOSS projects to ensure that we follow current best practices for quality and security
- Use of [HTTPS](https://en.wikipedia.org/wiki/HTTPS) for network communication
- Support for multiple cryptographic algorithms (through the use of HTTPS)
- Separate storage of authentication credentials according to best practices
- Use of secure protocols for network communication (through the use of HTTPS)
- Up-to-date support for TLS/SSL (through the use of [OpenSSL](https://www.openssl.org/))
- Performance of TLS certificate verification by default before sending HTTP headers with private information (through the use of OpenSSL and HTTPS)
- Distribution of the software via cryptographically signed releases (on the [PyPI](https://pypi.org/) and [Maven](https://mvnrepository.com/) package repositories)
- Use of [GitHub](https://github.com/) Issues for vulnerability reporting and tracking

## Analysis

- Use of [PMD](https://pmd.github.io/) and [Spotless](https://github.com/diffplug/spotless) for Java code linting on pull requests and builds
- Use of [Flake8](https://flake8.pycqa.org/en/latest/) for Python code linting on pull requests and builds
- Use of GitHub Issues for bug reporting and tracking

## Contact

For more information about our approach to quality and security, feel free to reach out to the Marquez development team:

- Slack: [Marquezproject.slack.com](http://bit.ly/MarquezSlack)
- Twitter: [@MarquezProject](https://twitter.com/MarquezProject)

0 comments on commit 9ce16e5

Please sign in to comment.