Sign upLogin

presidential-innovation-fellows/code-gov-web

View on GitHub
Star
src/app/components/policy-guide/docs/capacity/capacity-resources/capacity-resources.template.html

Summary

Maintainability
Test Coverage
<h1>Tools and Resources</h1>
<p><a class="default-link" rel="noopener" pageScroll [routerLink]="['/policy-guide/policy/implementation']" href="#code-repositories">Section 7.4</a>&nbsp;of the Federal Source Code Policy states:</p>
<blockquote>
  <p>
    Accessible, buildable, version-controlled repositories for the storage, discussion, and modification of custom-developed code are critical to both the Government-wide reuse and OSS pilot program sections of this policy. Agencies should utilize existing code repositories and common third-party repository platforms as necessary in order to satisfy the requirements of this policy.
  </p>
</blockquote>
<p>Agencies can use the list of tools and resources provided here to become more fluent in the open source marketplace and best practices inside and outside of government.</p>
<p><strong>Important:</strong> the tools and resources outlined here are not mandatory for agency use and are not endorsed by any part of the government. The purpose of this page is to provide broader context for agencies and to provide perspective into the breadth of tools available. Also, this list does not attempt to be exhaustive on any topic; new tools are constantly being developed and practices are constantly evolving.</p>
<p>Individuals and companies that want to suggest tools for inclusion here can do so by opening an Issue or creating a Pull Request on the <a rel="noopener" target="_blank" href="https://github.com/presidential-innovation-fellows/code-gov-web">Code.gov repository.</a></p>
<h2>Choosing a Version Control System</h2>
<p>There are a number of version control systems available that may be appropriate to meet your agency's needs. Some questions to ask when selecting such a system are:</p>
<ul>
<li>Does the system provide the ability to develop in the open?</li>
<li>Does your agency need both private and public repositories, and does the system allow seamless integration between the two?</li>
<li>Is the system interoperable with open source version control standards, such as <a external-link href="https://git-scm.com/">git</a> or <a external-link href="https://www.mercurial-scm.org/">mercurial</a>? Interoperability with an open standard is crucial to your agency's ability to collaborate with other agencies and the open source community and will greatly ease future platform integrations and migrations.</li>
<li>To engage the open source community your agency may want to consider the social features of the system beyond version control. Does it provide features that will help your agency to promote and share its code? How vibrant is the existing user community?</li>
</ul>
<p>Agencies may want to take a look at the following version control systems based on their functionality and significant adoption by the open source community:</p>
<ul>
<li><a external-link href="https://github.com/">Github</a></li>
<li><a external-link href="https://gitlab.com/">Gitlab</a></li>
<li><a external-link href="https://bitbucket.org/">Bitbucket</a></li>
</ul>
<h2>Code quality and security</h2>
<p>A number of paid and free tools exist that agencies can use as part of their development process that, if used appropriately, should lower the risk that inappropriate or insecure content is released.&nbsp; Because these tools can help automate some processes that would otherwise be manual, they can simultaneously help lower costs overall.</p>
<p>Increasingly, these tools can be configured to reflect the specific security policies of your agency and can be integrated directly into your agency's developer workflow, scanning code automatically whenever code is committed or pushed for passwords, keys, watchwords, and other potentially sensitive information. Some tools also provide broader capabilities related to coding standards and quality. In developing its overall source code strategy, your agency may want to consider integrating these kinds of tools into your developer workflow, contractually require their use by vendors, or use them to assess the quality and security of deliverables prior to accepting receipt.</p>
<p>We are soliciting input from the development community in building out a list of tools. Agencies should feel free to join the conversation, make suggestions, and ask questions on the <a href="https://github.com/presidential-innovation-fellows/code-gov-web/issues/101" rel="noopener" target="_blank">open Issue on the code.gov repository</a>.</p>
<h2>Development practices for government</h2>
<p>A number of communities of practice exist that agency staff can use to keep abreast of open source inside and outside of government, to raise questions, and to share their experiences.&nbsp;</p>
<ul>
<li>Open Source Listserv (GSA, open to government only)</li>
<li>Security Listserv (GSA, open to government only)</li>
<li>Digital Service Listserv (GSA, open to government only)</li>
<li><a external-link href="https://github.com/government/welcome#readme">Github for Government Community</a> (Not an official Government service)</li>
</ul>
<p>As a quick reminder, agency staff must comply with applicable law and regulations and should obtain the appropriate agency approvals prior to using any of the tools ans services discussed here.</p>