Skip to content
🏆Core Infrastructure Initiative Best Practices Badge
Ruby HTML JavaScript Shell CSS Dockerfile
Branch: master
Clone or download

Latest commit

david-a-wheeler rake translation:sync
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
Latest commit 179493a Jun 4, 2020

Files

Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.circleci Update ruby to 2.6.6 (#1417) Apr 11, 2020
app Remove x-xss-protection hardening criterion, fixes #1426 (#1427) Jun 4, 2020
bin Remove obsolete m binstub Jun 10, 2017
config rake translation:sync Jun 4, 2020
criteria Allow N/A in implement_secure_design, fixes #1354 (#1358) Oct 22, 2019
db Report achievement of higher badge levels (#1421) May 18, 2020
doc Tweak doc/security.md - modified GitHub edit check (#1420) Apr 28, 2020
dockerfiles Update ruby to 2.6.6 (#1417) Apr 11, 2020
favicon Change favicon to be correctly transparent at edges Apr 25, 2016
lib Report achievement of higher badge levels (#1421) May 18, 2020
log Moved BadgeApp to root level Oct 24, 2015
public Add .well-known/security.txt, fixes #1372 (#1400) Feb 26, 2020
script Re-enable railroader static analyzer (#1380) Jan 31, 2020
test Report achievement of higher badge levels (#1421) May 18, 2020
vendor/assets Moved BadgeApp to root level Oct 24, 2015
.env Encrypt email using attr_encrypted and blind_index gems (#1141, fixes #… May 28, 2018
.eslintignore Fix spelling of JavaScript (#544) Dec 16, 2016
.eslintrc Add a few more rules to .eslintrc for Javascript Apr 23, 2016
.fasterer.yml Add rake ci tasks May 3, 2016
.gitignore Check GitHub permissions using repos API; Fixes #1418 (#1419) Apr 19, 2020
.pryrc Moved BadgeApp to root level Oct 24, 2015
.rubocop.yml Re-enable railroader static analyzer (#1380) Jan 31, 2020
.ruby-version Update ruby to 2.6.6 (#1417) Apr 11, 2020
.slugignore Remove more unused files from the run-time slug Jun 10, 2017
AUTHORS Use CREDITS, not AUTHORS, for list of contributors May 10, 2017
CHANGELOG.md Update CHANGELOG.md Mar 10, 2017
CODE_OF_CONDUCT.md Code of conduct (#833) Jun 18, 2017
CONTRIBUTING.md Document that we send emails to correct place (#1401) Feb 26, 2020
CREDITS Add .well-known/security.txt, fixes #1372 (#1400) Feb 26, 2020
Gemfile Bump puma from 4.3.3 to 4.3.5 (#1422) May 25, 2020
Gemfile.lock Bump puma from 4.3.3 to 4.3.5 (#1422) May 25, 2020
LICENSE Merge copyrights in LICENSE file to work around licensee bug Jan 23, 2017
LICENSE.spdx Replace new repo url everywhere Jun 15, 2017
NEWS Add a NEWS file (for those who look for one), refer to CHANGELOG.md Nov 1, 2015
Procfile Modify Heroku startup to stop reporting on SIGTERM (#1048) Feb 10, 2018
README.md Add more about vetting (#1352) Oct 22, 2019
Rakefile Upgrade rubocop to 0.48.1; Closes #577; Upgrade pronto-rubocop to 0.8.1 Apr 19, 2017
SECURITY.md Add ./SECURITY.md (#1227) Sep 1, 2018
codecov.yml Automatically detect implementation languages on GitHub (#1203) Aug 6, 2018
compute-criteria-stats Update compute-criteria-stats and record statistics from 2017-09-06 Sep 6, 2017
config.ru Upgrade rubocop to 0.48.1; Closes #577; Upgrade pronto-rubocop to 0.8.1 Apr 19, 2017
gen_markdown.rb Add empty lines after guard clauses (prep rubocop 0.54.0) Mar 24, 2018
ignore-termerr Modify Heroku startup to stop reporting on SIGTERM (#1048) Feb 10, 2018
install-badge-dev-env Update badge install (#1309) Jul 23, 2019
raw-bad-passwords-lowercase.txt.gz Forbid known passwords per NIST SP 800-63B Nov 24, 2016
update-ruby Modify update-ruby in an attempt to make it work on the Mac Oct 23, 2017

README.md

Core Infrastructure Initiative Best Practices Badge

CII Best Practices CircleCI Build Status codecov FOSSA Status License

This project identifies best practices for Free/Libre and Open Source Software (FLOSS) and implements a badging system for those best practices. The "BadgeApp" badging system is a simple web application that lets projects self-certify that they meet the criteria and show a badge. The real goal of this project is to encourage projects to apply best practices, and to help users determine which FLOSS projects do so. We believe that FLOSS projects that implement best practices are more likely to produce better software, including more secure software.

See the Core Infrastructure Initiative (CII) Best Practices badge website if you want to try to actually get a badge.

This is the development site for the criteria and badge application software that runs the website. Feedback is very welcome via the GitHub site as issues or pull (merge) requests. There is also a mailing list for general discussion.

Summary of Best Practices Criteria "passing" level

This is a summary of the passing criteria, with requirements in bold (for details, see the full list of criteria):

Summary of Best Practices Criteria for higher levels

Getting a passing badge is a significant achievement; on average only about 10% of pursuing projects have a passing badge. That said, some projects would like to meet even stronger criteria, and many users would like projects to do so. We have established two higher levels beyond passing: silver and gold. The higher levels strengthen some of the passing criteria and add new criteria of their own.

Silver

Here is a summary of the silver criteria, with requirements in bold (for details, see the full list of silver criteria):

Gold

Here is a summary of the gold criteria, with requirements in bold (for details, see the full list of gold criteria):

License

All material here is released under the MIT license. All material that is not executable, including all text when not executed, is also released under the Creative Commons Attribution 3.0 International (CC BY 3.0) license or later. In SPDX terms, everything here is licensed under MIT; if it's not executable, including the text when extracted from code, it's "(MIT OR CC-BY-3.0+)".

Like almost all software today, this software depends on many other components with their own licenses. Not all components we depend on are MIT-licensed, but all required components are FLOSS. We prevent licensing issues using various processes (see CONTRIBUTING).

You can’t perform that action at this time.