Share your community's best practices that might be applicable to other projects.
Documentation
CI/CD best practices
- Automating rejection of insecure merges (planned PoC in ONAP)
Architecture
Software packaging
How to secrete supply chain? signing and authentication. Are there common ways to package software in the LF? There are differences in tooling, that depend on things like the programming language. There may not be one tool that fits all.
How to test security (as part of CI/CD)?
How to manage dependencies?
- Direct dependencies are simpler
- Indirect dependencies may be more tricky
- How to automate the mitigation?