Standards

Analytics

ID: analytics

Project websites provide some web analytics.

This check passes if:

  • A Google Analytics 3 (Universal Analytics) Tracking ID is found in the source of the website configured in GitHub. Regexps used:

"UA-[0-9]+-[0-9]+"

  • A Google Analytics 4 Measurement ID is found in the source of the website configured in Github. Regexps used:

"G-[A-Z0-9]+"

  • The HubSpot tracking code is found in the source of the website configured in Github. Regexps used:

"//js.hs-scripts.com/.+\.js"

Artifact Hub badge

ID: artifacthub_badge

Projects can list their content on Artifact Hub to improve their discoverability.

This check passes if:

  • An Artifact Hub badge is found in the repository’s README file. Regexps used:

"https://artifacthub.io/badge/repository/.*

Contributor license agreement

ID: cla

The CLA defines the conditions under which intellectual property is contributed to a business or project.

This check passes if:

  • A CLA check is found in the latest merged PR on GitHub. Regexps used:

"(?i)cncf-cla"
"(?i)cla/linuxfoundation"
"(?i)easycla"
"(?i)license/cla"
"(?i)cla/google"

This check will be automatically marked as exempt if the DCO check passes but this one does not.

Community meeting

ID: community_meeting

Community meetings are often held to engage community members, hear more voices, and get more viewpoints.

This check passes if:

  • A reference to the community meeting is found in the repository’s README file. Regexps used:

"(?i)(community|developer|development) \[?(call|event|meeting|session)"
"(?i)(weekly|biweekly|monthly) \[?meeting"
"(?i)meeting minutes"

Developer Certificate of Origin

ID: dco

Mechanism for contributors to certify that they wrote or have the right to submit the code they are contributing.

This check passes if:

  • The last commits in the repository have the DCO signature (Signed-off-by). Merge pull request and merge branch commits are ignored for this check.

  • A DCO check is found in the latest merged PR on GitHub. Regexps used:

"(?i)dco"

This check will be automatically marked as exempt if the CLA check passes, but this one does not.

GitHub discussions

ID: github_discussions

Projects should enable GitHub discussions in their repositories.

This check passes if:

  • A discussion that is less than one year old is found on GitHub.

OpenSSF badge

ID: openssf_badge

The Open Source Security Foundation (OpenSSF) Best Practices badge is a way for Free/Libre and Open Source Software (FLOSS) projects to show that they follow best practices.

This check passes if:

  • An OpenSSF (CII) badge is found in the repository’s README file. Regexps used:

"(https://www.bestpractices.dev/projects/\d+)"
"(https://bestpractices.coreinfrastructure.org/projects/\d+)"

OpenSSF Scorecard badge

ID: openssf_scorecard_badge

Scorecard assesses open source projects for security risks through a series of automated checks. For more information about the Scorecard badge please see https://github.com/marketplace/actions/ossf-scorecard-action#scorecard-badge.

This check passes if:

  • An OpenSSF Scorecard badge is found in the repository’s README file. Regexps used:

"(https://api.securityscorecards.dev/projects/github.com/[^/]+/[^/]+)/badge"

Recent release

ID: recent_release

The project should have released at least one version in the last year.

This check passes if:

  • A release that is less than one year old is found on GitHub.

Slack presence

ID: slack_presence

Projects should have presence in the CNCF Slack or Kubernetes Slack.

This check passes if:

  • A reference to the CNCF Slack or Kubernetes Slack is found in the repository’s README file. Regexps used:

"(?i)https?://cloud-native.slack.com"
"(?i)https?://slack.cncf.io"
"(?i)https?://kubernetes.slack.com"
"(?i)https?://slack.k8s.io"
PreviousDocumentation ChecksNextSecurity Checks

Last updated

Copyright © 2022 The Linux Foundation®. All rights reserved. The Linux Foundation has registered trademarks and uses trademarks.