Skip to content

Latest commit

 

History

History
34 lines (24 loc) · 2.14 KB

CODE_QUALITY_AND_SECURITY.md

File metadata and controls

34 lines (24 loc) · 2.14 KB

Code Quality and Security Assurance Statement

The authors of Marquez are committed to providing secure software of the highest quality possible. To this end, we employ a number of tools and methodologies to ensure that our design, build, maintenance and testing practices maximize efficiency and minimize risk.

The specific security and analysis methodologies that we employ include but are not limited to:

Security

  • Participation in the OpenSSF Best Practices Badge Program for Free/Libre and FLOSS projects to ensure that we follow current best practices for quality and security
  • Use of HTTPS for network communication
  • Support for multiple cryptographic algorithms (through the use of HTTPS)
  • Separate storage of authentication credentials according to best practices
  • Use of secure protocols for network communication (through the use of HTTPS)
  • Up-to-date support for TLS/SSL (through the use of OpenSSL)
  • Performance of TLS certificate verification by default before sending HTTP headers with private information (through the use of OpenSSL and HTTPS)
  • Distribution of the software via cryptographically signed releases (on the PyPI and Maven package repositories)
  • Use of GitHub Issues for vulnerability reporting and tracking

Analysis

  • Use of PMD and Spotless for Java code linting on pull requests and builds
  • Use of Flake8 and Pytest for Python code linting on pull requests and builds
  • Use of GitHub Issues for bug reporting and tracking

Contact

For more information about our approach to quality and security, feel free to reach out to the Marquez development team:


SPDX-License-Identifier: Apache-2.0 Copyright 2018-2023 contributors to the Marquez project.