You can find my open source projects here.

Our projects follow the certain guidelines and best practices as described below.

We want our community to be a place to share constructively. Personal viewpoints are welcome to foster out-of-the-box ideas and innovative contributions. But harassment is NOT welcome and will not be tolerated. Harassment includes deliberate intimidation and targeting individuals in a manner that makes them feel uncomfortable, unwelcome, or afraid to participate.

See the Contributor Covenant for details.

We believe in the power of open source software as defined by the Open Source Initiative (OSI) definition. We aim to exchange knowledge freely in order to achieve the best possible software and to grow our community and its knowledge along with the way.

All the projects are continuously scanned for known vulnerabilities (CVE). Releases uses semantic versioning. All commits go through a code review before being merged. All the merged commits and the resulting published artifacts are digitally signed:

• GitHub commits are signed using GitHub's verified signature.
• Docker Hub artifacts are signed using Sigstore.
• Maven Central artifacts are signed using public key 4C155617 which you can verity using this docker image for example.

All the third-party (open source) dependencies are linked to a specific version to keep builds reproducible and to prevent supply chain attacks (cryptographic hashes are used instead or on top of numerical versions wherever possible in order to pin mutable versions, e.g. for Docker containers or GitHub Actions). Software Bill of Materials (SBOM) are also produced along the artifacts to provide to visibility necessary to ensure supply chain security and transparency.

Memory-safe programming languages are used whenever possible.

Other incubating and personal projects of Thomas Leplus can be found here.