New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

OSS implementation -- more feedback #105

Closed
rdgsa opened this Issue Apr 26, 2017 · 1 comment

Comments

Projects
None yet
2 participants
@rdgsa
Member

rdgsa commented Apr 26, 2017

I sent a pull request with all of the changes that I could recommend. Here are a couple of additional items that occurred to me in review of in the https://open.gsa.gov/oss-implementation/ page:

  1. Not sure what this sentence means
    Furthermore, the twelve factors are for consideration with modern DevOps practices for custom SaaS.

  2. Is this sentence referring to app scanning or source code scanning?

The project team should be working with security on a regular basis to have the code scanned for vulnerabilities.

It is unclear here and down below in the "Scanning Code for Public Release" section what kind of scanning you're referring to.

  1. The section titled "Start with moving to public repositories" kind of seems to actually suggest starting with private GitHub repos. And then go to public. If that is the case, would a better title for this section be "Start by moving to private repositories"?

  2. We mention the benefit of better turnover of code from vendors. However, wouldn't that also be true if the code is in a private repo? Might explain more why having the repo public is better in that regard.

  3. Some inconsistent use of terminology for VCS, version control system, source code repository. Might be good to do a once-over to make all of that consistent and define the acronym at the top instead of bottom.

@jcastle

This comment has been minimized.

Show comment
Hide comment
@jcastle

jcastle May 26, 2017

Contributor

Thanks for the comments, updates being pushed today. Also going to start using GSAOpenSourcePolicy repo for Open Source Workgroup outputs and eventually port over to this site.

Contributor

jcastle commented May 26, 2017

Thanks for the comments, updates being pushed today. Also going to start using GSAOpenSourcePolicy repo for Open Source Workgroup outputs and eventually port over to this site.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment