Project Management
Under the topic "project management" we describe how we do the organizational stuff besides coding such as on-/off-boarding new maintainers or contributors.
Infrastructure
- We use GitHub for source code and issue management:
- We have an own organization named secureCodeBox.
- Management of issues is done with a corresponding project.
- We use the OWASP Google Workspace:
- A shared drive to store meeting notes.
- And a project calendar:
Teams
In our GitHub organization we have several teams:
- admin-team: Members are the project leads.
- core-team: Company sponsored core team.
- contributor-team: Active contributors from the community.
- bot-team: Team containing all bots allowed to push directly to the main branch.
Organizational
- The project leads do a regular sync meeting:
- Monday 16:05-17:00 CET, every 4 weeks from 28.5.25 on. Next meetings: 23.6.25, 21.7.25 etc.
- We write an agenda beforehand and notes in a Google Doc, one per meeting.
- There is a template document in the shared drive.
On- and Off-Boarding
For on- and off-boarding we create an issue for each member. On- and off-boardings need to be done by a member of the admin-team.
On-boarding
- core-team:
- Add to our GitHub organization with following roles:
- core-team
- contributer-Team
- Add to our GitHub organization with following roles:
- admin-team (additionally to the core-team on-boarding):
- Add to our GitHub organization with following roles:
- admin-team
- Register user to Sonatype
- Add to OWASP valut
- Add to our GitHub organization with following roles:
Off-boarding
- core-team:
- Remove role:
- core-team
- Remove role:
- admin-team:
- Remove role:
- admin-team
- Remove user from SonaType
- Remove access to OWASP vault
- Remove role: