The authors of Marquez are committed to providing secure software of the highest quality possible. To this end, we employ a number of tools and methodologies to ensure that our design, build, maintenance and testing practices maximize efficiency and minimize risk.
The specific security and analysis methodologies that we employ include but are not limited to:
- Participation in the OpenSSF Best Practices Badge Program for Free/Libre and FLOSS projects to ensure that we follow current best practices for quality and security
- Use of HTTPS for network communication
- Support for multiple cryptographic algorithms (through the use of HTTPS)
- Separate storage of authentication credentials according to best practices
- Use of secure protocols for network communication (through the use of HTTPS)
- Up-to-date support for TLS/SSL (through the use of OpenSSL)
- Performance of TLS certificate verification by default before sending HTTP headers with private information (through the use of OpenSSL and HTTPS)
- Distribution of the software via cryptographically signed releases (on the PyPI and Maven package repositories)
- Use of GitHub Issues for vulnerability reporting and tracking
- Use of PMD and Spotless for Java code linting on pull requests and builds
- Use of Flake8 and Pytest for Python code linting on pull requests and builds
- Use of GitHub Issues for bug reporting and tracking
For more information about our approach to quality and security, feel free to reach out to the Marquez development team:
- Slack: Marquezproject.slack.com
- Twitter: @MarquezProject
SPDX-License-Identifier: Apache-2.0 Copyright 2018-2023 contributors to the Marquez project.