BadgeApp

Calidad 11/13 ●

Working build system

Criterion [build]
Met

Unmet

N/A

?

Si el software generado por el proyecto requiere ser construido para su uso, el proyecto DEBE proporcionar un sistema de compilación que pueda satisfactoriamente reconstruir automáticamente el software a partir del código fuente. ^[build]
A build system determines what actions need to occur to rebuild the software (and in what order), and then performs those steps. For example, it can invoke a compiler to compile the source code. If an executable is created from source code, it must be possible to modify the project's source code and then generate an updated executable with those modifications. If the software produced by the project depends on external libraries, the build system does not need to build those external libraries. If there is no need to build anything to use the software after its source code is modified, select "not applicable" (N/A).

We use Dockerfiles to build the images and earthly to build the final artifacts: https://kairos.io/docs/development/development/

Criterion [build_common_tools]
Met

Unmet

N/A

?

Se SUGIERE que se utilicen herramientas comunes para construir el software. ^{[build_common_tools]}
Por ejemplo: Maven, Ant, cmake, autotools, make o rake.

We use Dockerfiles to build the images and earthly to build the final artifacts: https://kairos.io/docs/development/development/

Criterion [build_floss_tools]
Met

Unmet

N/A

?

El proyecto DEBERÍA ser construible usando solo herramientas FLOSS. ^{[build_floss_tools]}

We use Dockerfiles to build the images and earthly to build the final artifacts: https://kairos.io/docs/development/development/
Automated test suite

Criterion [test]
Met

Unmet

?

The project MUST use at least one automated test suite that is publicly released as FLOSS (this test suite may be maintained as a separate FLOSS project). The project MUST clearly show or document how to run the test suite(s) (e.g., via a continuous integration (CI) script or via documentation in files such as BUILD.md, README.md, or CONTRIBUTING.md). ^[test]
The project MAY use multiple automated test suites (e.g., one that runs quickly, vs. another that is more thorough but requires special equipment). There are many test frameworks and test support systems available, including Selenium (web browser automation), Junit (JVM, Java), RUnit (R), testthat (R).

Our CI runs on GitHub Actions https://github.com/kairos-io/kairos/actions
Criterion [test_invocation]
Met

Unmet

?

Un conjunto de pruebas DEBERÍA ser invocable de forma estándar para ese lenguaje. ^{[test_invocation]}
Ejemplos: "make check", "mvn test" o "rake test".
You can run our tests with go commands e.g.
```
go run github.com/onsi/ginkgo/v2/ginkgo -v --label-filter "install-test" --fail-fast -r ./tests
```
Criterion [test_most]
Met

Unmet

?

It is SUGGESTED that the test suite cover most (or ideally all) the code branches, input fields, and functionality. ^[test_most]

We have many end to end tests to cover our different functionality, e.g. installation of the OS, encryption, installation of bundles, reseting, use of UKIs, upgrade, etc, they can all be found in https://github.com/kairos-io/kairos/tree/master/.github/workflows

Criterion [test_continuous_integration]
Met

Unmet

?

It is SUGGESTED that the project implement continuous integration (where new or changed code is frequently integrated into a central code repository and automated tests are run on the result). ^{[test_continuous_integration]}

Whenever something is merged on our master branch, it triggers different CI jobs https://github.com/kairos-io/kairos/tree/master/.github/workflows
New functionality testing

Criterion [test_policy]
Met

Unmet

?

The project MUST have a general policy (formal or not) that as major new functionality is added to the software produced by the project, tests of that functionality should be added to an automated test suite. ^{[test_policy]}
As long as a policy is in place, even by word of mouth, that says developers should add tests to the automated test suite for major new functionality, select "Met."

The team is strongly requiring to have tests on new features and in some cases, where it is possible we have our CI fail if a certain percentage is not met https://app.codecov.io/gh/kairos-io

Criterion [tests_are_added]
Met

Unmet

?

The project MUST have evidence that the test_policy for adding tests has been adhered to in the most recent major changes to the software produced by the project. ^{[tests_are_added]}
Major functionality would typically be mentioned in the release notes. Perfection is not required, merely evidence that tests are typically being added in practice to the automated test suite when new major functionality is added to the software produced by the project.

For example on our last major release announcement https://github.com/kairos-io/kairos/releases/tag/v3.0.0 our biggest new feature was UKI, and you can see that our pipelines include tests for it https://github.com/kairos-io/kairos/blob/master/.github/workflows/uki.yaml

Criterion [tests_documented_added]
Met

Unmet

?

It is SUGGESTED that this policy on adding tests (see test_policy) be documented in the instructions for change proposals. ^{[tests_documented_added]}
However, even an informal rule is acceptable as long as the tests are being added in practice.

https://github.com/kairos-io/kairos/blob/master/CONTRIBUTING.md#pull-request-requirements
Banderas de advertencia

Criterion [warnings]
Met

Unmet

N/A

?

The project MUST enable one or more compiler warning flags, a "safe" language mode, or use a separate "linter" tool to look for code quality errors or common simple mistakes, if there is at least one FLOSS tool that can implement this criterion in the selected language. ^[warnings]
Examples of compiler warning flags include gcc/clang "-Wall". Examples of a "safe" language mode include JavaScript "use strict" and perl5's "use warnings". A separate "linter" tool is simply a tool that examines the source code to look for code quality errors or common simple mistakes. These are typically enabled within the source code or build instructions.

We use our own github action to check for all changes https://github.com/kairos-io/linting-composite-action and the user can also run them locally via Earthly

Criterion [warnings_fixed]
Met

Unmet

N/A

?

El proyecto DEBE abordar las advertencias. ^{[warnings_fixed]}
These are the warnings identified by the implementation of the warnings criterion. The project should fix warnings or mark them in the source code as false positives. Ideally there would be no warnings, but a project MAY accept some warnings (typically less than 1 warning per 100 lines or less than 10 warnings).

Criterion [warnings_strict]
Met

Unmet

N/A

?

It is SUGGESTED that projects be maximally strict with warnings in the software produced by the project, where practical. ^{[warnings_strict]}
Some warnings cannot be effectively enabled on some projects. What is needed is evidence that the project is striving to enable warning flags where it can, so that errors are detected early.

This data is available under the Creative Commons Attribution version 3.0 or later license (CC-BY-3.0+). All are free to share and adapt the data, but must give appropriate credit. Please credit Mauro Morales and the OpenSSF Best Practices badge contributors.

Kairos

Basics 13/13 ●

Identification

Basic project website content

FLOSS license

Documentation

Other

Change Control 8/9 ●

Repositorio público para el control de versiones de código fuente

Numeración única de versión

Notas de lanzamiento

Informes 7/8 ●

Bug-reporting process

Proceso de informe de vulnerabilidad

Calidad 11/13 ●

Working build system

Automated test suite

New functionality testing

Banderas de advertencia

Seguridad 16/16 ●

Conocimiento de desarrollo seguro

Use buenas prácticas criptográficas

Entrega garantizada contra ataques de hombre en el medio (MITM)

Vulnerabilidades públicamente conocidas corregidas

Otros problemas de seguridad

Analysis 8/8 ●

Análisis estático de código

Dynamic code analysis