You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Supports building pull requests (PRs), not limited to direct pushes to branches.
90
+
91
+
#### D103 Clean Build Environments
92
+
93
+
Supports building in clean environments, such as containers or virtual machines (VMs).
94
+
95
+
#### D201 Unit Testing
96
+
97
+
Supports unit testing, including unit or component-level tests.
98
+
99
+
#### D202 Functional Testing
100
+
101
+
Supports functional testing, such as integration or end-to-end (E2E) tests.
102
+
103
+
#### D203 Performance Testing
104
+
105
+
Supports performance testing, including load, stress, or throughput testing.
106
+
107
+
#### D204 Code Coverage
108
+
109
+
Supports measuring code coverage, including line, branch, or function coverage.
110
+
111
+
#### D205 Accessibility Testing
112
+
113
+
Supports accessibility testing for standards compliance, such as WCAG.
114
+
115
+
#### D301 Security Scanning
116
+
117
+
Supports security scanning, including SAST (Static Application Security Testing) and DAST (Dynamic Application Security Testing).
118
+
119
+
#### D302 License Scanning
120
+
121
+
Supports license scanning using tools like SPDX, FOSSology, or license-checkers.
122
+
123
+
#### D401 Documented Build Process
124
+
125
+
Provides a documented build process, including build steps, manifests, or reproducibility details.
126
+
127
+
#### D402 CI/CD as Code
128
+
129
+
Supports CI/CD workflows defined as code, such as pipeline-as-code or infrastructure-as-code.
130
+
131
+
#### D403 Artifact Signing
132
+
133
+
Supports artifact signing (e.g., with PGP or GPG) to ensure authenticity and integrity.
134
+
135
+
#### D404 Dependency Pinning
136
+
137
+
Supports dependency pinning or version locking to ensure reproducible builds.
138
+
139
+
#### D501 Static Code Analysis
140
+
141
+
Supports static code analysis tools such as SonarQube, Polaris, or similar.
142
+
143
+
#### D502 Dynamic Code Analysis
144
+
145
+
Supports dynamic analysis, including runtime behavior analysis or fuzz testing.
146
+
147
+
#### D503 Code Linting
148
+
149
+
Supports code linting using tools like ESLint, Prettier, or pre-commit hooks.
150
+
151
+
#### D601 Notifications & Alerts
152
+
153
+
Supports notification systems such as email or Slack alerts.
154
+
155
+
#### D602 Attached Reports
156
+
157
+
Supports attaching detailed reports to builds, such as test results or coverage metrics.
79
158
80
159
---
81
160
@@ -89,22 +168,22 @@ You can used [devops-maturity](https://github.com/devops-maturity/devops-maturit
89
168
90
169
[OpenSSF Best Practices](https://www.bestpractices.dev/) targets open source projects across the entire software development lifecycle, while DevOps Maturity focuses specifically on DevOps practices applicable to both open source and internal enterprise projects. DevOps Maturity provides both a web UI and a CLI for automatic maturity scoring. In contrast, OpenSSF Best Practices only offers a web-based SaaS and does not support internal deployment.
91
170
92
-
[^1]: Supports builds from any specific branch, not just the `main` branch.
93
-
[^2]: Supports building pull requests (PRs), not limited to direct pushes to branches.
94
-
[^3]: Supports building in clean environments, such as containers or virtual machines (VMs).
95
-
[^4]: Supports unit testing, including unit or component-level tests.
96
-
[^5]: Supports functional testing, such as integration or end-to-end (E2E) tests.
97
-
[^6]: Supports performance testing, including load, stress, or throughput testing.
98
-
[^7]: Supports measuring code coverage, including line, branch, or function coverage.
99
-
[^8]: Supports accessibility testing for standards compliance, such as WCAG.
100
-
[^9]: Supports security scanning, including SAST (Static Application Security Testing) and DAST (Dynamic Application Security Testing).
101
-
[^10]: Supports license scanning using tools like SPDX, FOSSology, or license-checkers.
102
-
[^11]: Provides a documented build process, including build steps, manifests, or reproducibility details.
103
-
[^12]: Supports CI/CD workflows defined as code, such as pipeline-as-code or infrastructure-as-code.
104
-
[^13]: Supports artifact signing (e.g., with PGP or GPG) to ensure authenticity and integrity.
105
-
[^14]: Supports dependency pinning or version locking to ensure reproducible builds.
106
-
[^15]: Supports static code analysis tools such as SonarQube, Polaris, or similar.
107
-
[^16]: Supports dynamic analysis, including runtime behavior analysis or fuzz testing.
108
-
[^17]: Supports code linting using tools like ESLint, Prettier, or pre-commit hooks.
109
-
[^18]: Supports notification systems such as email or Slack alerts.
110
-
[^19]: Supports attaching detailed reports to builds, such as test results or coverage metrics.
171
+
<!--[^1]: D101: Supports builds from any specific branch, not just the `main` branch.
172
+
[^2]: D102: Supports building pull requests (PRs), not limited to direct pushes to branches.
173
+
[^3]: D103: Supports building in clean environments, such as containers or virtual machines (VMs).
174
+
[^4]: D104: Supports unit testing, including unit or component-level tests.
175
+
[^5]: D105: Supports functional testing, such as integration or end-to-end (E2E) tests.
176
+
[^6]: D106: Supports performance testing, including load, stress, or throughput testing.
177
+
[^7]: D107: Supports measuring code coverage, including line, branch, or function coverage.
178
+
[^8]: D108: Supports accessibility testing for standards compliance, such as WCAG.
179
+
[^9]: D109: Supports security scanning, including SAST (Static Application Security Testing) and DAST (Dynamic Application Security Testing).
180
+
[^10]: D110: Supports license scanning using tools like SPDX, FOSSology, or license-checkers.
181
+
[^11]: D111: Provides a documented build process, including build steps, manifests, or reproducibility details.
182
+
[^12]: D112: Supports CI/CD workflows defined as code, such as pipeline-as-code or infrastructure-as-code.
183
+
[^13]: D113: Supports artifact signing (e.g., with PGP or GPG) to ensure authenticity and integrity.
184
+
[^14]: D114: Supports dependency pinning or version locking to ensure reproducible builds.
185
+
[^15]: D115: Supports static code analysis tools such as SonarQube, Polaris, or similar.
186
+
[^16]: D116: Supports dynamic analysis, including runtime behavior analysis or fuzz testing.
187
+
[^17]: D117: Supports code linting using tools like ESLint, Prettier, or pre-commit hooks.
188
+
[^18]: D118: Supports notification systems such as email or Slack alerts.
189
+
[^19]: D119: Supports attaching detailed reports to builds, such as test results or coverage metrics.-->
_Want your project on this list?_[send a pull request](https://github.com/devops-maturity/spec/pulls).
22
+
23
+
## Author
24
+
25
+
Created and maintained by [**Xianpeng Shen**](https://shenxianpeng.github.io), Senior DevOps Engineer.
26
+
Specialized in CI/CD, automation, developer experience, and open-source tooling.\
27
+
Creator of [cpp-linter](https://github.com/cpp-linter), [commit-check](https://github.com/commit-check), and [conventional-branch](https://github.com/conventional-branch), widely used in both open-source and enterprise environments.\
0 commit comments