UNCLASSIFIED

README.md 4.73 KB
Newer Older
andrew.greene's avatar
andrew.greene committed
1
# Overview
2

andrew.greene's avatar
andrew.greene committed
3 4 5
The Technical Oversight Committee serves as the conduit to support collaboration and evangelize community contributions to the Big Bang opensource ecosystem. 
* The Technical Oversight Committee ensures __Users__ of have access to high quality projects.
* The Technical Oversight Committee ensures __Contributors__ have support to build a security focused project, and build an active user base to ensure longevity and ability to be used in production setting.
6

andrew.greene's avatar
andrew.greene committed
7
This policy describes the TOC project lifecycle, from sandbox to archival. It describes the requirements a project must meet in order to be classified and matured.
8

andrew.greene's avatar
andrew.greene committed
9
## Maturity Levels 
10

andrew.greene's avatar
andrew.greene committed
11
Projects have three maturity level's: andbox, incubating, or graduated. Archived is for projects no longer in active development. The maturity level is a classification on the health, value, and activity for a project.
12 13 14 15

```mermaid
graph LR
    A>project submitted] -->|Low barrier| B
andrew.greene's avatar
andrew.greene committed
16 17
    B(Sandbox) -->|Significant barrier| C
    C(Incubating) -->|Final barrier| D
18 19
    D(Graduated)
```
andrew.greene's avatar
andrew.greene committed
20
### Sandbox: 
21

andrew.greene's avatar
andrew.greene committed
22
`Sandbox` projects are the entry point for early stage projects.
23

andrew.greene's avatar
andrew.greene committed
24 25
#### Sandbox Project Goals
1. Encourages visibility of early work that might add value to the community as a Big Bang package
26
2. Nurture projects on their path to adoption.
andrew.greene's avatar
andrew.greene committed
27 28
3. Facilitate alignment with existing projects, as appropriate.
4. Reduce the barrier to maturity by providing a community of support for engagement, governance, security, and policy recommendations
29

andrew.greene's avatar
andrew.greene committed
30
#### Sandbox Project Requirements
andrew.greene's avatar
andrew.greene committed
31
* Project are proposed following the [process outlined here](https://repo1.dso.mil/platform-one/p1toc/-/blob/master/projects/getting-started/README.md)
andrew.greene's avatar
andrew.greene committed
32 33 34 35 36 37 38
* Sandbox projects must meet the following criteria:  
  1. Code repository is in an unclassified, accessible repository (repo1 is desireable)
  2. Code repository must contain an Open source `LICENSE` file at the root of the repository
  3. Code repository must contain a `CONTRIBUTORS.md` file at the root of the repository and provide sufficient information on how one can contribute
  4. Code repository must contain a `CODEOWNERS` file
  5. The project must have a clearly defined purpose
  6. The project must have a demonstratable prototype (intent is to prevent immature projects with minimal code in place)
andrew.greene's avatar
andrew.greene committed
39 40
* Consistent with Sandbox project goals the TOC looks for:
	1. Is the project a fit for Big Bang and the [DoD DevSecOps reference Design](https://dodcio.defense.gov/Portals/0/Documents/Library/DevSecOpsReferenceDesign.pdf)
andrew.greene's avatar
andrew.greene committed
41
	2. Does the project appear to be on a good path to becoming well-governed and vendor-neutral? 
andrew.greene's avatar
andrew.greene committed
42
* Sandbox projects are tracked as [gitlab issues](https://repo1.dso.mil/platform-one/p1toc/-/issues?scope=all&utf8=%E2%9C%93&state=opened&label_name[]=sandbox) with the `sandbox` label.
43

andrew.greene's avatar
andrew.greene committed
44 45
### Incubating: 
`Incubating` projects have adoption and show value added, but have not reach maturity to commit to long term support to end users.
46

andrew.greene's avatar
andrew.greene committed
47 48
#### Incubating Project Goals
1. Further advance collaboration and validation of project objectives
49

andrew.greene's avatar
andrew.greene committed
50 51 52 53 54
#### Incubating Project Requirements
To mature to `Incubating` stage, a project must meet the `Sandbox` stage requirements plus:
* Active use by at least two customers and/or organizations
* Demonstrated support, through contribution and feature release consistent with [Big Bang guidelines](https://repo1.dso.mil/platform-one/big-bang/bigbang)
* Have begun or completed a cATO approval
55 56 57 58

Projects moving from sandbox to incubation are tracked as [gitlab issues](https://repo1.dso.mil/platform-one/p1toc/-/issues?scope=all&utf8=%E2%9C%93&state=opened&label_name[]=graduated) with the `incubation` label.


andrew.greene's avatar
andrew.greene committed
59
## Graduated: 
60

andrew.greene's avatar
andrew.greene committed
61
!! OPEN CALL for Feedback on this section !!
62

andrew.greene's avatar
andrew.greene committed
63
`Graduated` projects are the highest level of maturity for a TOC project.
64

andrew.greene's avatar
andrew.greene committed
65 66 67 68 69
#### Graduated Project Goals
#### Graduated Project Requirements
* Meet requirements for `Incubating` status
* Active production use by multiple organizations
* Base images approved in [Iron Bank](https://p1.dso.mil/#/products/iron-bank/)
70

andrew.greene's avatar
andrew.greene committed
71 72 73
Projects moving from incubation to graduation are tracked as [gitlab issues](https://repo1.dso.mil/platform-one/p1toc/-/issues?scope=all&utf8=%E2%9C%93&state=opened&label_name[]=graduated) with the `graduated` label.
## Archived: 
Archived projects are no longer in active development and are archived at a TOC meetup.
74

andrew.greene's avatar
andrew.greene committed
75
----
76

andrew.greene's avatar
andrew.greene committed
77
## Semi-annual Review Process 
78

andrew.greene's avatar
andrew.greene committed
79
Projects are subject to an semi-annual review. This is intended to be a lightweight process to ensure that projects are active and effectively collaborated upon. The Projects Shepherd will engage the project on the review process.
80

andrew.greene's avatar
andrew.greene committed
81
The review should clearly address the following:
82

andrew.greene's avatar
andrew.greene committed
83 84 85
* Signs of active contributions and maturation~
* Project still meets the requirements of its maturity level.
* How can the TOC help you achieve your upcoming goals?
86