Practitioner Guide: Kutanga Nekuchengetedza

Primary metrics:

Kana usati watoverenga Practitioner Guide: Nhanganyaya - Zvinhu Zvekufunga nezvazvo Paunenge Uchidudzira Metrics, ndapota imbomira zvino uye uverenge gwaro iro.

Chengetedzo inongosimba seyayo isina kusimba link. Vhura sosi software mapakeji anogona kuwanikwa mune angangoita ese software yatinoshandisa (Synopsis 2024), saka chengetedzo yemapurojekiti edu akavhurika sosi inogona kuve nemhedzisiro inosvika kune mamwe mapurojekiti, vashandisi vedu, uye yakakura ecosystem.

Chengetedzo inogona kuve chinhu chakakosha mukuvhurwa sosi purojekiti kusarudzwa, asi chengetedzo yechero chikamu chesoftware yakangonaka sekuchengetedzeka kwekutsamira kwayo (Imtiaz 2022). Chengetedzo chinhu chakakosha kufunga zvese pakusarudza yakavhurika sosi zvikamu izvo purojekiti yako inotsamira pairi pamwe nekufurira kuti nei vamwe vangasarudza kushandisa (kana kusashandisa) yako yakavhurika sosi purojekiti. Mukusarudza uku, zvakakosha kuti uzive kuti mapakeji akakurumbira haasisina kana mukana wekutevera maitiro akanaka ekuchengetedza (Imtiaz 2022).

The 2024 Synopsys Open Source Security uye Risk Analysis chirevo chakawana kuti 96% yemacodebases avakaongorora aive akavhurika sosi software, uye zvinosuruvarisa, 84% yeavo vaive nenjodzi (74% ine hutsinye hwepamusoro). Nekuti yakavhurika sosi iri kwese kwese, yakavhurika sosi chengetedzo yeprojekiti inokanganisa hutano nekusimba kwemapurojekiti edu, ayo anobuda kunze kwese software ecosystem. Nekudaro, ramba uchifunga kuti njodzi yekuchengetedzeka inogona kazhinji kufungidzirwa sebasa rekugona kuitika pamwe nekukanganisa. Zvingangove mukana wekushandiswa, uye kukanganisa ndiko kukuvadzwa kunogona kukonzerwa semhedzisiro yekushandiswa mumamiriro ekushandiswa kwesoftware, saka njodzi ndechimwe chinhu icho munhu wese anotora yakavhurika sosi anofanirwa kuona kune yavo chaiyo mamiriro, mamiriro, uye zvakatipoteredza.

Nekuti chengetedzo inyaya yakaoma uye yakakosha, gwara iri rakagadzirirwa chete tanga iwe munzira yako yekuvandudza kuchengetedzwa kweprojekiti yako. Zviri kwete gwara rakazara kune zvese zvaunoda kuziva nezve open source projekiti kuchengetedza. Chinangwa chePractitioner Guide Series ndechekuita kuti vanhu vapfuure nechikamu chinorema icho vazhinji vanonzwa kana vakatarisana neakawanda metrics matsva anovabatsira kuwana dzimwe nzira dzekutanga kunzwisisa nekuvandudza hutano hwemapurojekiti avo. Mushure mekutanga neiyi Gwaro reVadzidzisi, unogona kudzidza zvakawanda kubva kune zvinongedzo kune akazara madhairekitori mune Yekuwedzera Kuverenga chikamu pazasi uye akabatanidzwa mukati megwaro iri.

Danho rechipiri: Ziva mafambiro

Chengetedzo inyaya yakaoma, asi unogona kutanga nekutarisa mashoma akakosha metrics. Kutanga, the OpenSSF Zvakanakisa Zviitiko Kubhedha maitiro anogadzira hwaro hweinjiniya hwakanaka hunobatanidza maitiro ekuchengetedza ekutanga. Chechipiri, kana iwe ukashandisa kutsamira kwechinyakare, une mukana wakapetwa kana wekuve nenyaya dzekuchengetedza (Cox et al. 2015), saka uchishandisa iyo Libyears metric inogona kukubatsira kuti unzwisise kana iwe uri kuchengeta zvaunovimba kusvika parizvino. Chetatu, Release Frequency inobatsira kuona kana zvigadziriso zvako zvekuchengetedza uye zvimwe zvigadziriso zviri kuuya mukuburitswa panguva yakakodzera kuitira kuti vashandisi vako vabatsirwe kubva kune ako ekuchengetedza zvigadziriso.

OpenSSF Yakanakisa Maitiro

The Open Source Security Foundation (OpenSSF) inopa nzira dzekuongorora yako yakavhurika sosi purojekiti pane akati wandei akasiyana mativi kuti uwane pfupiso yekuti maitiro epurojekiti yako anogona kuvandudzwa. Nepo kuchengetedza maitiro ari chinhu chakakosha, iyo OpenSSF Yakanyanya Maitiro Ekuita Badge inodarika chengetedzo chete kupa mazano emhando yepamusoro maitiro epurojekiti yako. Iyo inzira yakanaka yekusangoongorora maitiro ako ekuchengetedza uye kuvandudza paari kuti asangane nemabheji maitiro, asi zvakare inosaina kune vashandisi vako kuti unotevera OpenSSF yakanakisa maitiro. Maitiro anowanikwa mune yekubika, chengetedzo, uye yekuongorora zvikamu ndiwo anonyanya kushanda pakunzwisisa nekuvandudza kuchengetedzeka kweprojekiti yako.

Mufananidzo Wemusoro: https://www.bestpractices.dev/en/projects/63

Libyears

The Libyears metric inotsanangura zera rekutsamira iwe raunovimba naro, zvichienzaniswa nekutsiga kwazvino kuburitswa kweavo vanotsamira. Yakatanga kutsanangurwa mu "Kuyera Kutsamira Kutsva muSoftware Systems" (Cox et al. 2015). Kazhinji, nhamba yakaderera yeLibyear iri nani nekuti inoratidza kuti uri kuchengeta zvaunovimba kusvika parizvino.

Libyear muenzaniso wepurojekiti iri makore 103.78 kumashure

Mufananidzo Wemusoro: https://github.com/nasirhjafri/libyear

Nekuenzanisa iyo yazvino vhezheni yekutsamira inoshandiswa mupurojekiti yako neiyo yazvino vhezheni inowanika kune yega yega inotsamira, unogona kunzwisisa zviri nani paungangoda kushingairira nezve kuvandudza hunhu hwako. Nekudaro, iyo tekinoroji mukuvandudza kutsamira kunowanzo kugadzirwa nekunetsana pakati pekushandisa yazvino vhezheni uye kusatyora mhinduro iyo yatoshanda nemazvo, saka mune dzimwe nguva, vanogadzira vanogona nemaune kusarudza kushandisa yekare vhezheni pane yazvino vhezheni yakakodzera. kusapindirana kana zvimwe zvinhu zvehunyanzvi (Zerouali et al. 2019).

Release Frequency

Izvo zvakakosha kuti zvigadziriso zvekuchengetedza, zvigadziriso zvebug, uye maficha matsva aburitswe munguva yakakodzera. Kana uchitarisa kuburitswa frequency, zvakakosha kuti ubatanidze kwete chete makuru ekuburitswa, asiwo ese madiki mapoinzi anoburitswa, sezvo nekukurumidza kuchengetedza gadziriso kazhinji inoburitswa kunze kwekuburitswa kukuru.

![Kuburitsa Frequency yepurojekiti ine kazhinji inoburitswa][https://github.com/chaoss/wg-data-science/blob/main/practitioner-guides/images/releases.png?raw=true]

Ramba uchifunga kuti kududzira metric iyi kunogona kunetsa nekuti marudzi akasiyana emapurojekiti uye mamiriro akasiyana anogona kukanganisa kana chirongwa ichi chichida kuve nekazhinji kana kushoma kuburitsa cadence. Kuve neyakafanana yekuburitsa frequency inogona kuratidza yakagadzikana kana yakakura purojekiti.

Danho 2: Kuongororwa

Nzvimbo yakanaka yekutanga kuongorora zvingangoitika nemaitiro ekuchengetedza chirongwa chako kutanga kushanda kuburikidza neiyo OpenSSF Project Badging Criteria. Ichiri kuenderera mberi, inogona kutaridzika senge muenzaniso uyu:

Mufananidzo Wemusoro: https://www.bestpractices.dev/en/projects/40

Sezvambotaurwa, izvi zvinosanganisira kuchengetedza zvakanakisa maitiro, asiwo zvakanyanya general software engineering maitiro ekuvandudza chirongwa chako munzira dzakasiyana siyana. Pasi peimwe neimwe yemazano aya, unowana mibvunzo yaunoda kupindura nemaitiro anodiwa kuti ugamuchire bheji.

Semuenzaniso, heino mishoma yemibvunzo pasi pechikamu chekuchengetedza:

Kunyangwe iwe ukafunga kuteedzera bheji kana kwete, iyo zvinodiwa inoshandiswa, kunyanya muzvikamu zvekuchengetedza uye zvekubika, inzira yakanaka yekufunga nezvekuti unganzwisisa sei nekuvandudza kuchengetedzwa kweprojekti yako. Kune zvakare dzimwe sarudzo dzekuita chengetedzo yekuzviongorora mapurojekiti ako, kusanganisira iyo kuzviongorora kuti CNCF kushandiswa kwemapurojekiti avo.

Nhanho inotevera yekuongorora inogona kunge iri yekutarisa mushumo wako weLibyears uchitarisa pane zvinotsamira izvo zvakanyanya kubva panguva. Paunoshandisa zvinhu zvechinyakare, une mukana wakapetwa kana wekuve nenyaya dzekuchengetedza (Cox et al. 2015), saka kuchengetedza kutsamira kwako kuchiri chinhu chakakosha pakuvandudza kuchengetedzwa kweprojekiti yako. Sezvambotaurwa, pane dzimwe nguva zvikonzero zvakanaka zvekuti kutsamira kuve kuseri kweshanduro yazvino: kutyora shanduko, kusawirirana nesoftware yako / zvimwe zvinotsamira, kana zvimwe zvinhu zvehunyanzvi. Kuongororwa munyaya iyi kunoda kufunga uye kunyatsotarisa kuti pane chikonzero chakanaka chekusavandudza kutsamira.

Kuti uone kana iwe uri kugadzira kuburitswa panguva, iwe unofanirwa kutarisa zvigamba zvekuchengetedza zvawakagadzira mugore rapfuura. Kana iwe waita kuburitswa kutenderedza nguva yawakaburitsa yega yega chigamba chekuchengetedza, saka unogona kunge uri mune yakanaka chimiro. Kana zvigamba zvekuchengetedza zvaungana uye zvisina kubuda mukuburitswa, saka iwe unofanirwa kutarisa kuti sei izvi zvaitika uye kuona kana iwe uchigona kuvandudza yako yekuburitsa maitiro kuti uwedzere kuburitswa kana iwe uchigadzirisa kusasimba.

Nhanho 3: Unganidza Yekuwedzera Dhata kana ichidikanwa

Mienzaniso inoshandiswa muNhanho 1 uye 2 inopa pekutangira iyo inogona kuwedzerwa nekushandisa mamwe maturusi uye metrics. Nhanho inotevera yakanaka muhurongwa hwekuongorora ingave yekumhanyisa zvakare OpenSSF Scorecard, iyo inopinda mune zvakakura nemacheki anokubatsira iwe kuwana nzvimbo idzo purojekiti yako inogona kuve panjodzi pane ese kodhi kodhi, kuvaka, kutsamira, kuyedzwa, uye mapoka ekugadzirisa chirongwa.

Iwe unogona kuona kuti hapana metric mune ino gwara rakatarisana nenguva yekugadzirisa kusagadzikana kwekuchengetedza. Izvo zvakakosha, asi zvinonetsa kuyera nekuti iwe unofanirwa kukwanisa kupatsanura kunze kwekuchengetedza nyaya kubva kune tsikidzi uye dzimwe nyaya uchisunga chirevo chekutanga chekusagadzikana kune zvikumbiro zvekuchinja uko kugadzirisa kwakaitwa. Pane nzira dzakawanda dzekuita izvi, asi kuti unozviita sei zvinoenderana nekushandisa kwako. Kunyange ingave isiri iyo yakanakisa metric yekutanga, chimwe chinhu chaunofanira kufunga nezvekuyera seimwe yematanho ako anotevera. Iwo ekuwedzera metrics pazasi anopa mavambo akanaka ekuyera izvi.

Mamwe Metrics:

OpenSSF Scorecard (kwete metric yeCHAOSS, asi chishandiso chinounganidza akawanda ekuchengetedza metrics)
Chinja Zvikumbiro
Defect Resolution Duration
SPDX Gwaro
Upstream Code Dependencies

Danho 4: Itai Magadzirirwo

Imwe yenzvimbo dzakanakisa dzekutanga kana uchivandudza yako kuchengetedza maitiro ndeye kuchengetedza yako kodhi repository. Izvi zvinosanganisira kutonga kuwana, kuchengetedzwa kwebazi, kutonga mipiro, nezvimwe. The OpenSSF Source Code Management Platform Configuration Best Maitiro gwara rine runyorwa rwemazano ane zvinongedzo ekuita iwo ese ari maviri GitHub uye GitLab.

Imwe yakanaka yekutanga danho kugadzira yakadzama chengetedzo gwaro reprojekiti yako. Izvi zvinowanzowanikwa mu a SECURITY.md faira pamudzi we repository yako. Chinangwa chegwaro rino ndechekupa mirairo yekutaura kusagadzikana kwekuchengetedza pamwe nekunyora mapinduriro aunoita kune izvo zvishuwo, kusanganisira kutonga. embargoes. Gwaro iri richakubatsira kuti usangane nezvinodiwa zvemaitiro ekubika muOpenSSF Best Practices Badge. Kune nzvimbo dzakawanda dzekuwana mirairo yakadzama yekugadzira marongero ekuchengetedza, saka isu hatidzokorore izvo zvinyorwa pano. Somuenzaniso, the OpenSSF's OSS Vulnerability Guide ine rumwe ruzivo nezve izvo faira iri rinofanira kusanganisirwa pamwe nematemplate nemirayiridzo yekushandisa chengetedzo mutemo, inoenda kupfuura kungogadzira gwaro uye inosanganisira ruzivo nezve zvivakwa uye zvimwe zvinodiwa pakugadzirisa kuchengetedzwa.

Sezvambotaurwa, kana iwe ukashandisa kutsamira kwechinyakare, iwe une mukana wakapetwa kana uine nyaya dzekuchengetedza (Cox et al. 2015), saka kuchengetedza hunhu hwako huripo chinhu chakakosha pakuvandudza kuchengetedzwa kweprojekiti yako. Kutsamira kunoda kutarisisa uye kwakanyatso tarisisa kana paine chikonzero chakanaka chekusavandudza kutsamira pamwe nekuyedzwa kwemamwe mavhezheni achangoburwa kuti uve nechokwadi chekuti hausi kutyora chimwe chinhu kana uchivandudza kutsamira. Kunyange paine zvikonzero zvakanaka zvekudzivisa kuvandudza zvimwe zvinotsamira, kazhinji kacho, kutsamira hakuna kuvandudzwa nekuti zvinogona kunetsa kuchengetedza nguva yazvinofanirwa kuvandudzwa. A tool like Dependabot or Renovatebot inogona kubatsira kuziva uye kugadzirisa otomatiki zvimwe zvinotsamira.

Zvinyorwa zvakanaka zvekuchengetedza zvigadziriso zvinogona kubatsira kuwedzera ruzivo rwezvigadziriso zviripo (Imtiaz et al. 2022), uye zvakakosha kuve nechokwadi chekuti izvo zvinogadzirisa zvinogara mukuburitswa munguva yakakodzera. Kana iwe ukagadzira zvigamba zvekuchengetedza kazhinji asi usingazvipinze mukuburitswa nekukasira, saka unofanirwa kutarisa kuti sei izvi zvichiitika uye ona kana iwe uchigona kuvandudza yako yekuburitsa maitiro kuti uwedzere kuburitswa kana iwe uchigadzirisa kusasimba. Izvo zvakakoshawo kuti zvinyorwa zvako zvekuburitsa kana zvimwe zvinyorwa zvine ruzivo nezve kuchengetedzwa kwekugadzirisa kukosha kwekuvandudza kune vanhu vanoshandisa software yako.

Sezvambotaurwa, kushanda nzira yako kuburikidza neOpenSSF Best Practices bheji maitiro inzira yakanaka yekuvandudza kuchengetedza. The maonero ane hudzamu hwepeji yemaitiro ematanho ese ine tsananguro uye zvinongedzo zvine zvimwe zvakawanda zvinogona kukubatsira kuvandudza mune imwe neimwe yenzvimbo idzodzo.

Nhanho yechinomwe: Tarisa Mibairo

Nekuti chengetedzo inyaya yakaoma kunzwisisa, zvinogona kunetsa kutarisa. Nekudaro, pane zvinhu zvishoma zvaunogona kutarisa nekufamba kwenguva kuti uone kana zviito zvawatora kuti uvandudze kuchengetedzeka kwako zvine chekuita. Heano mamwe mazano ekutarisa mafambiro ako:

OpenSSF Scorecard: Chibodzwa chako chese chavandudzwa here? Wakavandudza zvibodzwa zvako pane dzimwe nzvimbo dzawakaratidza kuti uvandudze here?
Libyears: Nhamba yako yelibyear yakagadziridzwa here?
Zvinoburitswa: Uri kugadzira kuburitswa pese paunogadzira chigamba chekuchengetedza?

Kuchenjerera uye Kufunga

Nekuti chengetedzo inyaya yakakosha, gwara iri rakagadzirirwa chete tanga iwe munzira yako yekuvandudza kuchengetedzwa kweprojekiti yako. Zviri kwete gwara rakazara kune zvese zvaunoda kuziva nezve open source projekiti kuchengetedza. Iwe unogona kudzidza zvakawanda kubva pane zvinongedzo muchikamu cheKuwedzera Kuverenga pazasi.
Iwe unogona kuona kuti hapana metric mune ino gwara rakatarisana nenguva yekugadzirisa kusagadzikana kwekuchengetedza. Zvakanyanya kukosha, asi zvinonetsa kuyera, saka tinokurudzira kusanganisira iyi metric seimwe yematanho ako ekutanga anotevera. Ona Nhanho 3 kuti uwane mamwe mashoko.

Kuwedzera Kuverenga

Tine a short video (<4 maminetsi) akazvipira kune iyi gwara pane CHAOSS YouTube chiteshi.
CHAOSScast Episode nezvegwaro iri.
Webhusaiti yeOpenSSF ine zvakawanda zvakasiyana-siyana zvine dhairekitori, kudzidziswa, uye zvimwe zviwanikwa.
The CNCF Security Guidelines gwaro harina kunyatso nzwisisa kupfuura OpenSSF dhairekitori, asi zvinogona kubatsira zvakanyanya kana iwe uchangotanga kuvandudza kuchengetedzeka kwako.
OpenSSF's OSS Vulnerability Guide ine gwara pamwe chete nematemplate uye runbook rakanangana nekugadzira uye kuita mutemo wekuchengetedza.

Feedback

Tinoda kuve nemhinduro yekudzidza zvakawanda nezve mashandisiro ari kuita vanhu maCHAOSS Practitioner Guides uye kuti tingaavandudza sei nekufamba kwenguva. Ndapota pedzisa izvi ongororo pfupi kupa mhinduro yako.

Vabatsiri

Vanhu vanotevera vakabatsira pagwaro iri:

Dawn Foster
Matt Germonprez
Emily Fox

References

Cox, J., Bouwers, E., Van Eekelen, M., & Visser, J. (2015, May). Kuyera kutsamira kutsva mumasoftware masisitimu, mu 2015 IEEE/ACM 37th IEEE International Musangano paSoftware Engineering (Bhuku 2, peji 109-118). IEEE.
Imtiaz, N., Khanom, A., & Williams, L. (2022). Kuvhura kana kunyomba? kukurumidza kana kunonoka? yakareruka kana inorema?: Kuongorora kuchengetedza kuburitswa kweakavhurika sosi mapakeji. IEEE Transactions paSoftware Engineering, 49(4), 1540-1560.
Synopsy (2024). Open Source Security uye Risk Analysis Report.
Zerouali, A., Mens, T., Gonzalez-Barahona, J., Decan, A., Constantinou, E., & Robles, G. (2019). Iyo yakarongeka sisitimu yekuyera tekinoroji lag mune chikamu repositories- uye mashandisiro ayo kune npm. Nyaya yeSoftware: Evolution uye Maitiro, 31(8), e2157.

CHAOSS Practitioner Guides vane MIT rezenisi, magwaro ekurarama, uye isu tinogamuchira mhinduro yako nekuisa. Unogona kurongera gwaro iri pa https://github.com/chaoss/wg-data-science/blob/main/practitioner-guides/security.md

Cookie	chinguva	tsananguro
cookielawinfo-checkbox-analytics	11 mwedzi	Iyi cookie yakaiswa neGDPR Cookie Chibvumirano plugin. Iyo cookie inoshandiswa kuchengetera mushandisi mvumo yemakuki ari muchikamu "Analytics".
cookielawinfo-cheki bhokisi-rinoshanda	11 mwedzi	Iyo cookie yakagadzwa neGDPR cookie mvumo yekurekodha mvumo yemushandisi yemakuki muchikamu "Anoshanda".
cookielawinfo-chebhokisi-Zvakakodzera	11 mwedzi	Iyi cookie yakaiswa neGDPR Cookie Chibvumirano plugin. Makuki anoshandiswa kuchengetera mushandisi mvumo yemakuki ari muchikamu "Zvakakodzera".
cookielawinfo-checkbox-vamwe	11 mwedzi	Iyi cookie yakaiswa neGDPR Cookie Chibvumirano plugin. Iyo cookie inoshandiswa kuchengetedza mvumo yemushandisi yemakuki muchikamu "Zvimwe.
cookielawinfo checkbox performance	11 mwedzi	Iyi cookie yakaiswa neGDPR Cookie Chibvumirano plugin. Iyo cookie inoshandiswa kuchengetera mushandisi mvumo yemakuki ari muchikamu "Performance".
yakatarisa_cookie_policy	11 mwedzi	Iyo cookie yakagadzwa neGDPR Cookie Chibvumirano plugin uye inoshandiswa kuchengetera kana kwete kana mushandisi akabvuma kushandiswa kwemakuki. Izvo hazvichengetedze chero epamoyo data.