Skip to content

Commit c5e7767

Browse files
committed
refactor(docs): refactor security section from COMPLIANCE.md into SECURITY.md
1 parent 8102315 commit c5e7767

4 files changed

Lines changed: 29 additions & 26 deletions

File tree

COMPLIANCE.md

Lines changed: 19 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -11,58 +11,58 @@ ArduPilot Methodic Configurator adheres to multiple compliance standards and bes
1111
- Translated into multiple languages
1212
- No visible menus, no hidden menus.
1313

14-
## Code Quality
14+
## Coding Standards
1515

16+
- Follows object-oriented design principles and [clean code practices](https://www.oreilly.com/library/view/clean-code/9780136083238/)
17+
- [Backend, business logic, frontend (GUI) separation](ARCHITECTURE.md) for improved testability and maintainability
1618
- Follows [PEP 8](https://peps.python.org/pep-0008/) Python code style guidelines
19+
- Uses [PEP 484](https://peps.python.org/pep-0484/) [type hints](https://docs.python.org/3/library/typing.html)
20+
- Enforces type checking with [MyPy](https://www.mypy-lang.org/) and [pyright](https://microsoft.github.io/pyright/#/) type checkers
21+
- Automated code formatting using [ruff](https://docs.astral.sh/ruff/) for consistency
22+
- Implements [PEP 621](https://peps.python.org/pep-0621/) project metadata standards
23+
- Adheres to [Keep a Changelog](https://keepachangelog.com/) format
24+
- Complies with [Python Packaging Authority](https://www.pypa.io/) guidelines
25+
26+
## Code Quality
27+
1728
- Maintains high code quality through automated linting (static code analysis), all using strict settings:
1829
- [Pylint](https://www.pylint.org/) [automated workflow](https://github.com/ArduPilot/MethodicConfigurator/actions/workflows/pylint.yml),
1930
- [Ruff](https://docs.astral.sh/ruff/) [automated workflow](https://github.com/ArduPilot/MethodicConfigurator/actions/workflows/ruff.yml),
2031
- [mypy](https://www.mypy-lang.org/) [automated workflow](https://github.com/ArduPilot/MethodicConfigurator/actions/workflows/mypy.yml) and
2132
- [pyright](https://microsoft.github.io/pyright/#/) [automated workflow](https://github.com/ArduPilot/MethodicConfigurator/actions/workflows/pyright.yml)
22-
- Uses [PEP 484](https://peps.python.org/pep-0484/) [type hints](https://docs.python.org/3/library/typing.html)
23-
- Enforces type checking with [MyPy](https://www.mypy-lang.org/) and [pyright](https://microsoft.github.io/pyright/#/) type checkers
24-
- Automated code formatting using [ruff](https://docs.astral.sh/ruff/) for consistency
33+
- Implements comprehensive error handling and logging, with 5 verbosity levels
2534
- Code and documentation are [spell checked](https://streetsidesoftware.com/vscode-spell-checker/)
2635
and [english grammar checked](https://app.grammarly.com/)
2736
- [markdown-lint](https://github.com/DavidAnson/markdownlint-cli2)
2837
[automated workflow](https://github.com/ArduPilot/MethodicConfigurator/actions/workflows/markdown-lint.yml) and
2938
- [markdown-link-check](https://github.com/tcort/markdown-link-check) [automated workflow](https://github.com/ArduPilot/MethodicConfigurator/actions/workflows/markdown-link-check.yml)
30-
- Follows object-oriented design principles and [clean code practices](https://www.oreilly.com/library/view/clean-code/9780136083238/)
31-
- Implements comprehensive error handling and logging, with 5 verbosity levels
32-
- Implements [PEP 621](https://peps.python.org/pep-0621/) project metadata standards
33-
- Adheres to [Keep a Changelog](https://keepachangelog.com/) format
34-
- Complies with [Python Packaging Authority](https://www.pypa.io/) guidelines
3539

3640
## Software Development
3741

3842
- Implements [continuous integration/continuous deployment](https://github.com/ArduPilot/MethodicConfigurator/actions) (CI/CD) practices
3943
- Maintains comprehensive [assertion-based test coverage](https://coveralls.io/github/ArduPilot/MethodicConfigurator?branch=master) through [pytest](https://docs.pytest.org/en/stable/)
40-
- Uses [semantic versioning](https://semver.org/) for releases
44+
- Follows [Conventional Commits](https://www.conventionalcommits.org/en/v1.0.0/) and uses [semantic versioning](https://semver.org/) for releases
4145
- Follows [git-flow branching model](https://www.gitkraken.com/learn/git/git-flow)
42-
- Implements [automated security scanning and vulnerability checks](https://app.snyk.io/org/amilcarlucas/project/c8fd6e29-715b-4949-b828-64eff84f5fe1)
4346
- Implements [git pre-commit hooks](https://pre-commit.com/) to ensure code quality and compliance on every commit
44-
- Implements reproducible builds with locked dependencies
4547
- Uses containerized CI/CD environments for consistency
46-
- Uses automated changelog generation
48+
- Uses [automated](https://github.com/ArduPilot/MethodicConfigurator/actions/workflows/windows_build.yml) [changelog generation](https://github.com/ArduPilot/MethodicConfigurator/releases)
49+
- Implements reproducible builds with [pinned software dependencies](https://www.kusari.dev/blog/pinning-dependencies)
4750
- Implements automated dependency updates and security patches using [renovate](https://www.mend.io/renovate/) and [dependabot](https://github.com/dependabot)
4851

4952
## Open Source
5053

5154
- Complies with [OpenSSF Best Practices](https://www.bestpractices.dev/projects/9101) for open source projects
5255
- Uses [REUSE specification](https://reuse.software/spec-3.3/) for license compliance
53-
- Uses CI job to ensure compliance
56+
- Uses [CI job to ensure compliance](https://github.com/ArduPilot/MethodicConfigurator/actions/workflows/reuse.yml)
5457
- Uses [SPDX license identifiers](https://spdx.org/licenses/)
5558
- Maintains comprehensive (more than 5000 lines) documentation
5659
- Implements [inclusive community guidelines](https://github.com/ArduPilot/MethodicConfigurator/blob/master/CODE_OF_CONDUCT.md)
5760
- Provides [clear contribution procedures](https://github.com/ArduPilot/MethodicConfigurator/blob/master/CONTRIBUTING.md)
5861

5962
## Security
6063

61-
- Regular security audits through [Snyk](https://snyk.io/), [codacy](https://www.codacy.com/), [black duck](https://www.blackduck.com/) and other tools
62-
- Follows [OpenSSF Security Scorecard](https://securityscorecards.dev/) best practices
63-
- Uses [gitleaks](https://github.com/gitleaks/gitleaks) pre-commit hook to ensure no secrets are leaked
64-
- Implements secure coding practices, runs [anti-virus in CI](https://github.com/ArduPilot/MethodicConfigurator/actions/workflows/gitavscan.yml)
65-
- Maintains [security policy and vulnerability reporting process](https://github.com/ArduPilot/MethodicConfigurator/blob/master/SECURITY.md)
64+
See our comprehensive [Security Policy](https://ardupilot.github.io/MethodicConfigurator/SECURITY) for details on security measures,
65+
audits, and vulnerability reporting processes.
6666

6767
<!-- Gurubase Widget -->
6868
<script async src="https://widget.gurubase.io/widget.latest.min.js"

CONTRIBUTING.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -20,7 +20,7 @@ Read [our architecture](https://ardupilot.github.io/MethodicConfigurator/ARCHITE
2020
and also:
2121

2222
* [System requirements](https://ardupilot.github.io/MethodicConfigurator/SYSTEM_REQUIREMENTS.html)
23-
* [Compliance](https://ardupilot.github.io/MethodicConfigurator/COMPLIANCE.html)
23+
* [Compliance](https://ardupilot.github.io/MethodicConfigurator/COMPLIANCE.html), including our [Coding Standards](https://ardupilot.github.io/MethodicConfigurator/COMPLIANCE.html#coding-standards)
2424

2525
## Setting up developer environment
2626

GOVERNANCE.md

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -14,12 +14,12 @@ regarding the project's direction, code changes, and dispute resolution.
1414
**Responsibilities**:
1515

1616
- Make final decisions on all project aspects including code changes, feature priorities,
17-
release schedules, and community policies
18-
- Review and merge pull requests
17+
[release schedules](https://ardupilot.github.io/MethodicConfigurator/ROADMAP), and [community policies](https://github.com/ArduPilot/MethodicConfigurator/blob/master/CODE_OF_CONDUCT.md)
18+
- Review and merge [pull requests](https://github.com/ArduPilot/MethodicConfigurator/pulls)
1919
- Maintain project infrastructure and security
2020
- Resolve disputes and conflicts within the project
21-
- Set project vision and roadmap
22-
- Ensure compliance with licensing and legal requirements
21+
- Set [project vision and roadmap](https://ardupilot.github.io/MethodicConfigurator/ROADMAP)
22+
- Ensure [compliance](https://ardupilot.github.io/MethodicConfigurator/COMPLIANCE) with licensing and legal requirements
2323
- Represent the project in external communications
2424

2525
### Contributors
@@ -32,7 +32,7 @@ regarding the project's direction, code changes, and dispute resolution.
3232
- Submit well-tested and documented code changes via [GitHub pull requests](https://github.com/ArduPilot/MethodicConfigurator/pulls)
3333
- Participate in code reviews when requested
3434
- Respect [community guidelines](https://github.com/ArduPilot/MethodicConfigurator/blob/master/CODE_OF_CONDUCT.md) and maintain professional conduct
35-
- Keep contributions aligned with project goals and [standards](https://ardupilot.github.io/MethodicConfigurator/COMPLIANCE)
35+
- Keep contributions aligned with [project goals](https://ardupilot.github.io/MethodicConfigurator/ROADMAP) and [standards](https://ardupilot.github.io/MethodicConfigurator/COMPLIANCE)
3636
- Respond to feedback on their contributions
3737

3838
### Community Members

SECURITY.md

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -48,7 +48,10 @@ We adhere to industry standards and best practices as documented in our
4848

4949
- Secure coding practices
5050
- License compliance verification
51-
- Regular security audits
51+
- Regular security audits through [Snyk](https://snyk.io/), [Codacy](https://www.codacy.com/),
52+
[Black Duck](https://www.blackduck.com/) and other tools
53+
- Uses [gitleaks](https://github.com/gitleaks/gitleaks) pre-commit hook to ensure no secrets are leaked
54+
- Implements [automated security scanning and vulnerability checks](https://app.snyk.io/org/amilcarlucas/project/c8fd6e29-715b-4949-b828-64eff84f5fe1)
5255
- Open-source security guidelines
5356

5457
### What Users Can Expect

0 commit comments

Comments
 (0)