cloud_terrastodon 0.33.0

A command-line tool for interacting with cloud ecosystems
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58

# Open Source Development or Publication Approval Form


Software or project name: ☁🐘 Cloud Terrastodon

[Internal link for signed document](https://001gc.sharepoint.com/:b:/r/sites/58445/asd1/Protected/Forms/OSS%20Director%20Approval%20Form%20-%20Cloud%20Terrastodon.pdf?csf=1&web=1&e=55YtnR)

## Reference Data


Dependencies to be included in this publication if any, including licence in parenthesis (indicate copy left licenses where applicable with a *): None bundled

## Business items


[This software has and will acquire all relevant approvals as expected by the department. (Governance, architecture, etc.)](https://www.canada.ca/en/government/system/digital-government/digital-government-innovations/open-source-software/guide-for-publishing-open-source-code.html#toc01)

Met

[Intellectual property has been considered. The crown owns the rights to the code or is authorized to republish the code, potentially with modification, based on existing licenses. Where the crown owns the rights to the code, value to the crown is greater if the code is published than if the code is not published.](https://www.canada.ca/en/government/system/digital-government/digital-government-innovations/open-source-software/guide-for-publishing-open-source-code.html#toc02)

Met

[An appropriate licence has been selected.](https://www.canada.ca/en/government/system/digital-government/digital-government-innovations/open-source-software/guide-for-publishing-open-source-code.html#toc04)

Met

[A licence file indicating the licence and including the with GC crown copyright notice, a readme file describing the code functionality, a copy of this form as filled out, and any of the other recommended documentation at the project's discretion are released along with the code.](https://www.canada.ca/en/government/system/digital-government/digital-government-innovations/open-source-software/guide-for-publishing-open-source-code.html#toc06)

Met

Key documents (readme, licence and copyright, user documents) are provided with both official languages (either a file per language or both languages present in each file).

Met

## ISB considerations


[Specific security considerations for open source have been considered.](https://www.canada.ca/en/government/system/digital-government/digital-government-innovations/open-source-software/guide-for-publishing-open-source-code.html#toc03)

Met


[Appropriate security assessment has been done for existing code being released to the public. If there is no pre-existing code, this is considered to be met.).](https://www.canada.ca/en/government/system/digital-government/digital-government-innovations/open-source-software/guide-for-publishing-open-source-code.html#toc07)

- Implement controls sufficient to prevent unauthorized or inadvertent changes such as code signing and repository user rights.
- The code has been scanned for secrets (such as credentials, private IP addressed, etc.)
- Where relevant, the code contributors have been asked to attest that no secrets are included.

Met


[The source code will be released on GitHub in AAFC managed organization.](https://www.canada.ca/en/government/system/digital-government/digital-government-innovations/open-source-software/guide-for-publishing-open-source-code.html#toc05)

- Security scanning will be enabled for all public repositories, including vulnerability scanning, secret commit scanning and secret scanning.
- Critical alerts to be actioned by the technical owner.

Met

[This activity will leverage the public source code repository as the single source of the truth for development pipelines.](https://www.canada.ca/en/government/system/digital-government/digital-government-innovations/open-source-software/guide-for-publishing-open-source-code.html#toc08)

Met