Skip to content

Latest commit

 

History

History
73 lines (51 loc) · 3.12 KB

opensource-checklist.md

File metadata and controls

73 lines (51 loc) · 3.12 KB
layout title
base
Open Source Checklist

Open Source Check List

Prior to releasing a project to GitHub.com, walk through these items and ensure they are addressed.

  • Has PII been removed?

    • Use Clouseau for scanning source code.
      • For an Open Source Release, attach the Clouseau output.
    • If there are images, visually inspect each image to ensure there is no CFPB-specific information.
  • Have security vulnerabilities been remediated?

  • Are we including any other open source products? If so, is there any conflict with our public domain release?

  • Is our TERMS.md included?

  • Is a CHANGELOG.md present and does it contain structured, consistently formatted recent history?

  • Are instructions for contributing included (CONTRIBUTING.md)?

  • Are installation instructions clearly written in the README and tested on a clean machine?

  • Are all dependencies described in the README, requirements.txt, and/or buildout.cfg?

  • Are the API docs generated?

  • Are there unit tests?

  • If appplicable and possible, is it set up in TravisCI?

  • Have multiple people reviewed the code?

  • Is there a screenshot in the README, if applicable?

Copy this version to paste into a GitHub issue with live checkboxes:

- [ ] **Has PII been removed?**
  - Use [Clouseau](https://github.com/virtix/clouseau) for scanning source code.
  - If there are images, visually inspect each image to ensure there is no CFPB-specific information.
- [ ] **Have security vulnerabilities been remediated?**
- [ ] **Are we including any other open source products? If so, is there any conflict with our public domain release?**
- [ ] **Is our `TERMS.md` included?**
- [ ] **Is a `CHANGELOG.md` present and does it contain structured, consistently formatted recent history?**
- [ ] **Are instructions for contributing included (`CONTRIBUTING.md`)?**
- [ ] **Are installation instructions clearly written in the `README` _and_ tested on a clean machine?**
- [ ] **Are all dependencies described in the `README`, `requirements.txt`, and/or `buildout.cfg`?**
- [ ] **Are the API docs generated?**
- [ ] **Are there unit tests?**
- [ ] **If applicable and possible, is it set up in TravisCI?**
- [ ] **Have multiple people reviewed the code?**
- [ ] **Is there a screenshot in the `README`, if applicable?**

Take a look at the following projects as good models to follow: