Core Infrastructure Initiative Best Practices Badge
Ruby HTML JavaScript Shell CSS Makefile
Latest commit 5598466 Jan 21, 2017 @david-a-wheeler david-a-wheeler Clean up assurance case
Clean up the assurance case ( so that the
images and text match, and make some minor fixes while doing so.

Signed-off-by: David A. Wheeler <>
Failed to load latest commit information.
app More informatative 404 page (#589) Jan 21, 2017
bin Upgrade BadgeApp to Rails 5 (#556) Jan 4, 2017
config Remove extra space before "#" comment Jan 21, 2017
db Enable optimistic locking on the projects. (#568) Jan 10, 2017
doc Clean up assurance case Jan 21, 2017
favicon Change favicon to be correctly transparent at edges Apr 25, 2016
lib Tweak Rails.root.join for upcoming rubocop 0.47.1 Jan 19, 2017
log Moved BadgeApp to root level Oct 24, 2015
public Make it clear that a 404 can be caused by deletion Nov 21, 2016
script More rubocop updates and related improvements (#364) May 16, 2016
test Reduce log noise in specific common cases Jan 21, 2017
vendor/assets Moved BadgeApp to root level Oct 24, 2015
.env Add GitHub oauth tests May 11, 2016
.eslintignore Fix spelling of JavaScript (#544) Dec 16, 2016
.eslintrc Add a few more rules to .eslintrc for Javascript Apr 23, 2016
.fasterer.yml Add rake ci tasks May 3, 2016
.gitignore Update installation script for success on Fedora 22, (#368) May 17, 2016
.pryrc Moved BadgeApp to root level Oct 24, 2015
.rubocop.yml Exclude old db migrations from Rubocop (prep for rubocop 0.47.1) Jan 19, 2017
.ruby-version Upgrade Ruby to 2.3.1 (#357) May 13, 2016
.slugignore Add .slugignore to shrink slug in Heroku Nov 29, 2015
AUTHORS Move AUTHORS into main directory (its conventional location) Nov 25, 2015 Fix spelling of JavaScript (#544) Dec 16, 2016 Documentation updates Jan 5, 2017
CREDITS Add a CREDITS file Feb 12, 2016
Gemfile Update gem spring Jan 21, 2017
Gemfile.lock Update gem spring Jan 21, 2017
LICENSE Change copyright statement in LICENSE file to include 2016 Apr 29, 2016
LICENSE.spdx Restate license using SPDX file format Nov 25, 2015
NEWS Add a NEWS file (for those who look for one), refer to Nov 1, 2015
Procfile Switch to puma webserver (improved scalability) Nov 30, 2015 MIT License badge style (#591) Jan 21, 2017
Rakefile More rubocop updates and related improvements (#364) May 16, 2016
circle.yml Fix "wrong rake version" error in circleCI use Jan 8, 2017 More rubocop updates and related improvements (#364) May 16, 2016
criteria.yml Extend detailed discussion about SemVer Jan 18, 2017
gen_markdown.rb Tweak format of so lower-level headings are bold Jan 18, 2017
install-badge-dev-env Edit install-badge-dev-env to fix feed test failure (#579) Jan 14, 2017
raw-bad-passwords-lowercase.txt.gz Forbid known passwords per NIST SP 800-63B Nov 24, 2016

Core Infrastructure Initiative Best Practices Badge

CII Best Practices CircleCI Build Status codecov Dependency Status License Changelog #215

This project identifies best practices for Free/Libre and Open Source Software (FLOSS) and implements a badging system for those best practices. The "BadgeApp" badging system is a simple web application that lets projects self-certify that they meet the criteria and show a badge. The real goal of this project is to encourage projects to apply best practices, and to help users determine which FLOSS projects do so. We believe that FLOSS projects that implement best practices are more likely to produce better software, including more secure software.

See the Core Infrastructure Initiative (CII) Best Practices badge website if you want to try to actually get a badge.

This is the development site for the criteria and badge application software that runs the website. Feedback is very welcome via the GitHub site as issues or pull (merge) requests. There is also a mailing list for general discussion.

Summary of Best Practices Criteria

This is a summary of the criteria, with requirements in bold (for details, see the full list of criteria):


All material is released under the MIT license. All material that is not executable, including all text when not executed, is also released under the Creative Commons Attribution 3.0 International (CC BY 3.0) license or later. In SPDX terms, everything here is licensed under MIT; if it's not executable, including the text when extracted from code, it's "(MIT OR CC-BY-3.0+)".