Skip to content

tacosframework/documentation

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

TACOS documentation

Some lightweight documentation to start

Definitions

  • Roles:
    • Attestor: An attestor is the holder of the source document, and signature for that document
  • Attestation
    • A TACOS attestation is the document container with metadata about the creation of the attestation, and the statements about upstream open source libraries in use by an application or organization. It is an assertion about the status of a set of secure development software practices at a point in time.
  • Statements
    • A TACOS statement is scoped to a single upstream open source package and is the result of an assessment against a set of specific standards for secure software development.
  • NOASSERTION
    • TACOS uses the term NOASSERTION to indicate that the attestation preparer is not making any assertion regarding the value of this field
  • Variable (income streams)
    • Variable income streams are verified community-backed income including GitHub Sponsors, Patreon, and other related models
  • Foundation (income streams)
    • Foundation income streams are verified foundation-backed income, such as specific projects receiving recurring income from a sponsor such as NumFOCUS
  • Corporate (income streams)
    • Corporate income streams are verified corporate backing to provide reliable income to projects, such as Red Hat-backed Hibernate
  • Lifted
    • Lifted packages are packages that have a business contract and recurring income from Tidelift to attest they meet a set of secure development practices

About

TACOS framework docs

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

2 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published