Versions Compared

Old Version 3

changes.mady.by.user Toby Rodwell

Saved on

compared with

New Version Current

changes.mady.by.user Toby Rodwell

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Initial Steps

Requirements

  •  Document all directly used external libraries and code (an internal list is mandatory, and it may be made public).
  •  Document licences of these libraries and code (in the same list).
  •  Confirm that all direct dependencies are under valid open source or proprietary licences.
  •  Ensure that all these licences are mutually compatible.
  •  Review each direct dependency for known critical vulnerabilities (you can use the GÉANT-provided SCA and review services, or CVE or NIST databases), and capture vulnerability details in a SCA report or internal document.
  •  Manually review all other third-party intellectual property, including source code, components, content, designs, models, and similar assets (may be recorded in the NOTICE file).
  •  

    Record information on direct dependencies and third-party IP (name, version, licence) in a README, NOTICE, or in an internal document.

  •  Register the project in the GÉANT Software Catalogue.

...