Skip to content

#3499 Add Fossa to PM Docs #3617

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
Weltraumschaf merged 2 commits into from
Apr 29, 2026
Merged

#3499 Add Fossa to PM Docs #3617

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
77200ab
#3499 Add Fossa to PM Docs
Weltraumschaf Apr 9, 2026
8c1b25d
Update documentation/docs/contributing/project-management.md
Weltraumschaf Apr 28, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 8 additions & 2 deletions documentation/docs/contributing/project-management.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -66,6 +66,10 @@ In our [Sonatype organization](https://central.sonatype.com/) we have the namesp

Users of this namespace are the _project leads_ and a bot user for deployments.

### FOSSA

We use [FOSSA](https://fossa.com/) in the free tier option for open source projects to check our dependencies for violating licenses. It is integrated in the repository as a webhook. Individual persons log in there using GitHub after onboarding. We onboard everyone in the _admin-team_.

## Organizational

- The _project leads_ do a regular sync meeting:
Expand All @@ -81,13 +85,14 @@ For on- and off-boarding we create an issue for each member. On- and off-boardin

- _core-team_:
- Add to our GitHub organization with following roles:
- core-team
- contributer-Team
- _core-team_
- _contributor-team_
- _admin-team_ (additionally to the _core-team_ on-boarding):
- Add to our GitHub organization with following roles:
- admin-team
- Register user at [Sonatype](https://central.sonatype.com/) & add to namespace "io.securecodebox"
- Add to [OWASP valut](https://team-securecodebox.1password.com/).
- Invite to [FOSSA organization](https://app.fossa.com/account/settings/organization/users) with role _Admin_ (we use the OWASP mail address because GH invite didn't work when tried).

### Off-boarding

Expand All @@ -99,6 +104,7 @@ For on- and off-boarding we create an issue for each member. On- and off-boardin
- admin-team
- Remove user from namespace "io.securecodebox" in [SonaType](https://central.sonatype.com/).
- Remove access to [OWASP vault](https://team-securecodebox.1password.com/).
- Remove from [FOSSA organization](https://app.fossa.com/account/settings/organization/users)

[google-shared-drive]: https://drive.google.com/drive/folders/1cwAjEyEabdj4By-Ox6ho49NiT-vQUeDq?usp=drive_link
[iteratec]: https://www.iteratec.com/
Loading