I just created a repository https://github.com/OWASP/github-template that could be used as a copy&paste-resource for projects under OWASP‘s GitHub organization. Why would we need something like this? Because a consistent documentation of high quality is something users and contributors alike are increasingly expecting from providers of open source software!
This is elaborated in more detail in the description of the GitHub Organization Reboot working session which is planned for the OWASP Summit 2017. The topic was also covered in my talk OWASP Juice Shop: Achieving sustainability for open source projects (📺) from this year’s AppSecEU in Belfast. It featured several Open Source Antipatterns, among them being:
All these can be countered (at least partially) by the proposed
GitHub Template, which comes
with a pre-sectioned
and several (optional) files for a
project’s contribution guide,
media references of the project.
The template is based on my own Juice Shop project repositories, so
please refer to these as live examples to determine if you like the
structure or not:
To apply the template to your own or any new GitHub projects, simply follow these steps:
At the moment this is only a working draft of a template. Nothing about it is mandatory at this point.
Your Pull Requests, feedback, constructive criticism and other input is most welcome to give us something to discuss during the GitHub Organization Reboot working session at the upcoming OWASP Summit 2017!