Issues are the simplest unit of product development and change management. Changes are looked pull requests described in the Merge process. Issues match this template:
### Why
* Why we are making a change
### What
* What we are changing and how the change is being completed
Issues can be assigned Assignees and Projects. We also have labels such as:
  • doc for documentation issues
  • security for SecOps issues
  • feat for new product features
Most new issues should be created in advance of the 📅 EOW (End of week).


Flexpa uses GitHub Enterprise for product development and change management.
Our primary product project is 📠 Product.

Merge process

Merging code changes in any repository we maintain must follow this merge process.

Pull Request

A pull request must be created on GitHub. Each pull request must (don't worry this is mostly automated):
  • Require at least one approval from another contributor. Requests for reviews appear in #flexpa-notifications.
  • Be linked back to an Issue unless otherwise approved by CTO. You can use GitHub keywords to do this automatically.
  • Run tests that test the changes made in the code (we use Jest and GitHub Actions to automate this)
  • Verify coding style requirements from tools like ESLint (we use GitHub Actions here too)
  • Should be assigned to the creator (and any co-authors)
After all checks are verified passing pull requests can be Squashed and merged by the assignee.

📅 EOW (End of week)

Date: Every Friday Time: 4:00EST - 4:45EST Purpose: To review updates (especially what got shipped), write new issues, and celebrate wins/thank yous

Systems hardening

Systems hardening means taking a methodological approach to the security and integrity of our information technology systems.
There are several types of system hardening activities, including:
  • Application hardening
  • Server hardening
For each of these types, Flexpa takes (but is not limited to) the hardening measures described below.

Application hardening

  • Detect dependency drift through automation
  • Unused dependencies should be removed
  • Unnecessary dependencies should not be added
  • Prioritize and patch vulnerabilities
  • Static code analysis should be used to detect common vulnerabilities

Server hardening

  • Systems should be deployed in designated environments
  • Systems should be segregated
  • Rights and access should be in line with the principle of least privilege
  • Network ports should be universally disabled and allow-listed only as appropriate/necessary
  • Network traffic should be encrypted
Last modified 11mo ago