* Why we are making a change
* What we are changing and how the change is being completed
Issues can be assigned Assignees and Projects. We also have labels such as:
- doc for documentation issues
- security for SecOps issues
- feat for new product features
Flexpa uses GitHub Enterprise for product development and change management.
Merging code changes in any repository we maintain must follow this merge process.
A pull request must be created on GitHub. Each pull request must (don't worry this is mostly automated):
- Require at least one approval from another contributor. Requests for reviews appear in #flexpa-notifications.
- Run tests that test the changes made in the code (we use Jest and GitHub Actions to automate this)
- Verify coding style requirements from tools like ESLint (we use GitHub Actions here too)
- Should be assigned to the creator (and any co-authors)
After all checks are verified passing pull requests can be Squashed and merged by the assignee.
Date: Every Friday Time: 4:00EST - 4:45EST Purpose: To review updates (especially what got shipped), write new issues, and celebrate wins/thank yous
Systems hardening means taking a methodological approach to the security and integrity of our information technology systems.
There are several types of system hardening activities, including:
- Application hardening
- Server hardening
For each of these types, Flexpa takes (but is not limited to) the hardening measures described below.
- Detect dependency drift through automation
- Unused dependencies should be removed
- Unnecessary dependencies should not be added
- Prioritize and patch vulnerabilities
- Static code analysis should be used to detect common vulnerabilities
- Systems should be deployed in designated environments
- Systems should be segregated
- Rights and access should be in line with the principle of least privilege
- Network ports should be universally disabled and allow-listed only as appropriate/necessary
- Network traffic should be encrypted