diff --git a/.bestpractices.json b/.bestpractices.json index 0e85eaf..699484e 100644 --- a/.bestpractices.json +++ b/.bestpractices.json @@ -17,17 +17,17 @@ "interact_justification": "GitHub Issues for bug reports and discussion, SECURITY.md for private vulnerability disclosure (GitHub Security Advisories). Both linked from README.", "interact_url": "https://github.com/RandomCodeSpace/otelcontext/issues", "contribution_status": "Met", - "contribution_justification": "Contribution process documented in CONTRIBUTING.md (PR template, conventional commits, test + vet + lint requirements).", + "contribution_justification": "Contribution process documented in CONTRIBUTING.md (PR template, conventional commits, test + vet + lint requirements): https://github.com/RandomCodeSpace/otelcontext/blob/main/CONTRIBUTING.md", "contribution_url": "https://github.com/RandomCodeSpace/otelcontext/blob/main/CONTRIBUTING.md", "contribution_requirements_status": "Met", - "contribution_requirements_justification": "CONTRIBUTING.md documents PR requirements: `go test -race ./...` passing, `go vet ./...` clean, golangci-lint clean, Semgrep + OSV-Scanner + Trivy + Gitleaks security stack green, Conventional Commit style.", + "contribution_requirements_justification": "CONTRIBUTING.md documents PR requirements: `go test -race ./...` passing, `go vet ./...` clean, golangci-lint clean, Semgrep + OSV-Scanner + Trivy + Gitleaks security stack green, Conventional Commit style. See https://github.com/RandomCodeSpace/otelcontext/blob/main/CONTRIBUTING.md", "contribution_requirements_url": "https://github.com/RandomCodeSpace/otelcontext/blob/main/CONTRIBUTING.md", "floss_license_status": "Met", "floss_license_justification": "MIT \u2014 https://opensource.org/licenses/MIT", "floss_license_osi_status": "Met", "floss_license_osi_justification": "MIT is OSI-approved.", "license_location_status": "Met", - "license_location_justification": "LICENSE.md at repository root.", + "license_location_justification": "LICENSE.md at repository root: https://github.com/RandomCodeSpace/otelcontext/blob/main/LICENSE.md", "license_location_url": "https://github.com/RandomCodeSpace/otelcontext/blob/main/LICENSE.md", "documentation_basics_status": "Met", "documentation_basics_justification": "README.md covers what otelcontext is, how to run it, ports/protocols (OTLP gRPC :4317, HTTP :8080), database driver options, TLS bootstrap, and authentication. CLAUDE.md documents the architecture (ingestion, GraphRAG, MCP, storage, configuration).", @@ -65,12 +65,12 @@ "version_tags_justification": "Tagged releases are published on GitHub.", "version_tags_url": "https://github.com/RandomCodeSpace/otelcontext/tags", "release_notes_status": "Met", - "release_notes_justification": "GitHub auto-generates release notes from PR titles for each tag; releases are listed at the URL below. Pre-1.0 cadence ships beta tags from main.", + "release_notes_justification": "GitHub auto-generates release notes from PR titles for each tag; releases are listed at https://github.com/RandomCodeSpace/otelcontext/releases . Pre-1.0 cadence ships beta tags from main.", "release_notes_url": "https://github.com/RandomCodeSpace/otelcontext/releases", "release_notes_vulns_status": "Met", "release_notes_vulns_justification": "Security fixes are landed in tagged commits with `fix(security):` Conventional-Commit prefix and surface in the auto-generated release notes (e.g. commit 89de89a `fix(security): patch HIGH/CRITICAL vulns flagged by OSV+Trivy on PR #34 (RAN-56)`).", "report_process_status": "Met", - "report_process_justification": "SECURITY.md documents how to report bugs (GitHub Issues) vs vulnerabilities (private GitHub Security Advisory or email fallback to ak.nitrr13@gmail.com with `[otelcontext security]` subject prefix).", + "report_process_justification": "SECURITY.md documents how to report bugs (GitHub Issues) vs vulnerabilities (private GitHub Security Advisory or email fallback to ak.nitrr13@gmail.com with `[otelcontext security]` subject prefix). See https://github.com/RandomCodeSpace/otelcontext/blob/main/SECURITY.md", "report_process_url": "https://github.com/RandomCodeSpace/otelcontext/blob/main/SECURITY.md", "report_tracker_status": "Met", "report_tracker_justification": "GitHub Issues is the public bug tracker.", @@ -80,13 +80,13 @@ "enhancement_responses_status": "Met", "enhancement_responses_justification": "Enhancement requests are triaged via GitHub Issues; maintainer responds within 14 days.", "report_archive_status": "Met", - "report_archive_justification": "GitHub Issues serves as the public archive of bug reports (open + closed). GitHub Security Advisories archives coordinated-disclosure reports.", + "report_archive_justification": "GitHub Issues is the public, searchable archive of bug reports, open and closed: https://github.com/RandomCodeSpace/otelcontext/issues?q=is%3Aissue . GitHub Security Advisories archives coordinated-disclosure reports.", "report_archive_url": "https://github.com/RandomCodeSpace/otelcontext/issues?q=is%3Aissue", "vulnerability_report_process_status": "Met", - "vulnerability_report_process_justification": "SECURITY.md is the canonical disclosure entry point: preferred channel is GitHub Security Advisory (private), with email fallback. Acknowledgement SLA: 5 business days. Triage SLA for High/Critical: 10 business days. Default embargo: 90 days or first patched release.", + "vulnerability_report_process_justification": "SECURITY.md is the canonical disclosure entry point: preferred channel is a private GitHub Security Advisory, with email fallback. Acknowledgement SLA 5 business days; triage SLA 10 business days for High/Critical; default embargo 90 days or first patched release. See https://github.com/RandomCodeSpace/otelcontext/blob/main/SECURITY.md", "vulnerability_report_process_url": "https://github.com/RandomCodeSpace/otelcontext/blob/main/SECURITY.md", "vulnerability_report_private_status": "Met", - "vulnerability_report_private_justification": "GitHub private vulnerability reporting is the preferred channel; advisories are filed at the URL below.", + "vulnerability_report_private_justification": "GitHub private vulnerability reporting is the preferred channel; advisories are filed at https://github.com/RandomCodeSpace/otelcontext/security/advisories/new", "vulnerability_report_private_url": "https://github.com/RandomCodeSpace/otelcontext/security/advisories/new", "vulnerability_report_response_status": "Met", "vulnerability_report_response_justification": "SECURITY.md commits to acknowledgement within 5 business days and a fix triage decision within 10 business days for High/Critical.",