Egeria has a clear focus on ensuring the code delivered is of the highest quality to ensure that downstream consumers can leverage Egeria with as minimal risk as possible.
Specific items that Egeria employs include but are not limited to...
- Participation in the Core Infrastructure Inititave Best Practices Badge Program. This is a free program designed with the open source community with criteria that evolves to allow for compensating controls rather than a strict mechanical process.
- SonarCloud to continously track code quality, including bugs, code smells, and potential security issues.
- YourKit Java Profiler for doing code profiling of Java components. YourKit supports open source projects with innovative and intelligent tools for monitoring and profiling Java and .NET.
- Community Bridge Vulnerability Detection for proactive assessment of vulnerabilities in dependent libraries and packages.
- GitHub Security Advisories for internally triaging security issues that come through ([email protected]) and other confidential channels before publishing them for broader community awareness.
For more questions on Egeria's commitment to code quality, feel free to reach out to the Egeria development team