Common use of Software compliance Clause in Contracts

Software compliance. Unless explicitly agreed, software being used and developed to provide the service should: ● Be licensed under an open source and permissive license (like MIT, BSD, Apache 2.0,...). ● The license should provide unlimited access rights to the EGI community. ● Have source code publicly available via a public source code repository (if needed a mirror can be put in place under the EGI organisation in GitHub13.) All releases should be appropriately tagged. ● Adopt best practices: ○ Defining and enforcing code style guidelines. ○ Using Semantic Versioning. ○ Using a Configuration Management frameworks such as Ansible. ○ Taking security aspects into consideration through at every point in time. ○ Having automated testing in place. ○ Using code reviewing. 9 xxxxx://xxx.xxx.xx/about/policy/policies_procedures.html 10 xxxxx://xxxx.xxx.xx/wiki/OMB 11 xxxx://xxx.xxx.xx/ 12 xxxxx://xxx.xxx.xx/portal/index.php?Page_Type=NGI&id=4 13 xxxxx://xxxxxx.xxx/EGI-Foundation ○ Treating documentation as code. ○ Documentation should be available for Developers, administrators, and end users.

Software compliance. Unless explicitly agreed, software being used and developed to provide the service should: ● Be licensed under an open source and permissive license licence (like MIT, BSD, Apache 2.0,...). ● The license should Unless otherwise agreed, be licensed to provide unlimited access and exploitation rights to the EGI communityFederation. ● Have source code publicly available via a public source code repository (if needed a mirror can be put in place under the EGI organisation in GitHub13.) All releases should be appropriately tagged. ● Adopt best practices: ○ Defining and enforcing code style guidelines. ○ Using Semantic Versioning. ○ Using a Configuration Management frameworks such as Ansible. 10 xxxxx://xxxx.xxx.xx/wiki/OMB 11 xxxx://xxx.xxx.xx/ 12 xxxxx://xxx.xxx.xx/portal/index.php?Page_Type=NGI&id=4 13 xxxxx://xxxxxx.xxx/EGI-Foundation ○ Taking security aspects into consideration through at every point in time. ○ Having automated testing in place. ○ Using code reviewing. 9 xxxxx://xxx.xxx.xx/about/policy/policies_procedures.html 10 xxxxx://xxxx.xxx.xx/wiki/OMB 11 xxxx://xxx.xxx.xx/ 12 xxxxx://xxx.xxx.xx/portal/index.php?Page_Type=NGI&id=4 13 xxxxx://xxxxxx.xxx/EGI-Foundation ○ Treating documentation as code. ○ Documentation should be available for Developers, administrators, and end users.

Software compliance. Unless explicitly agreed, software being used and developed to provide the service should: ● Be licensed under an open source and permissive license (like MIT, BSD, Apache 2.0,...). ● The license should provide unlimited access rights to the EGI community. ● Have source code publicly available via a public source code repository (if needed a mirror can be put in place under the EGI organisation in GitHub13GitHub14.) All releases should be appropriately tagged. ● Adopt best practices: ○ Defining and enforcing code style guidelines. ○ Using Semantic Versioning. ○ Using a Configuration Management frameworks such as Ansible. ○ Taking security aspects into consideration through at every point in time. ○ Having automated testing in place. ○ Using code reviewing. 9 xxxxx://xxx.xxx.xx/about/policy/policies_procedures.html 10 xxxxx://xxxx.xxx.xx/wiki/OMB 11 xxxx://xxx.xxx.xx/ 12 xxxxx://xxx.xxx.xx/portal/index.php?Page_Type=NGI&id=4 13 xxxxx://xxxxxx.xxx/EGI-Foundation ○ Treating documentation as code. ○ Documentation should be available for Developers, administrators, and end users.. 10 xxxxx://xxx.xxx.xx/about/policy/policies_procedures.html 11 xxxxx://xxxx.xxx.xx/wiki/OMB 12 xxxx://xxx.xxx.xx/ 13 xxxxx://xxx.xxx.xx/portal/index.php?Page_Type=NGI&id=4 14 xxxxx://xxxxxx.xxx/EGI-Foundation

Software compliance. Unless explicitly agreed, software being used and developed to provide the service should: ● Be licensed under an open source and permissive license (like e.g. MIT, BSD, Apache 2.0,...). ● The license should Unless otherwise agreed, be licensed to provide unlimited access and exploitation rights to the EGI communityFederation. ● Have source code publicly available via a public source code repository (if needed a mirror can be put in place under the EGI organisation in GitHub13GitHub17.) All releases should be appropriately tagged. ● Adopt best practices: ○ Defining and enforcing code style guidelines. ○ Using Semantic Versioning. ○ Using a Configuration Management frameworks such as Ansible. Ansible or Puppet, .... ○ Taking security aspects into consideration through at every point in time. ○ Having automated testing in place. ○ Using code reviewing. 9 xxxxx://xxx.xxx.xx/about/policy/policies_procedures.html 10 xxxxx://xxxx.xxx.xx/wiki/OMB 11 xxxx://xxx.xxx.xx/ 12 xxxxx://xxx.xxx.xx/portal/index.php?Page_Type=NGI&id=4 13 xxxxx://xxxxxx.xxx/EGI-Foundation ○ Treating documentation as code. 13 xxxxx://xxx.xxx.xx/about/policy/policies_procedures.html 14 xxxxx://xxxx.xxx.xx/wiki/OMB 15 xxxx://xxx.xxx.xx/ 16 xxxxx://xxx.xxx.xx/portal/index.php?Page_Type=NGI&id=4 17 xxxxx://xxxxxx.xxx/EGI-Foundation ○ Documentation should be available for Developers, administrators, administrators and end users.

Software compliance. Unless explicitly agreed, software being used and developed to provide the service should: ● Be licensed under an open source and permissive license licence (like e.g. MIT, BSD, Apache 2.0,...). ● The license should Unless otherwise agreed, be licensed to provide unlimited access and exploitation rights to the EGI communityFederation. ● Have source code publicly available via a public source code repository (if needed a mirror can be put in place under the EGI organisation in GitHub13GitHub16.) All releases should be appropriately tagged. ● Adopt best practices: ○ Defining and enforcing code style guidelines. ○ Using Semantic Versioning. ○ Using a Configuration Management frameworks such as Ansible. ○ Taking security aspects into consideration through at every point in time. ○ Having automated testing in place. ○ Using code reviewing. 9 xxxxx://xxx.xxx.xx/about/policy/policies_procedures.html 10 xxxxx://xxxx.xxx.xx/wiki/OMB 11 xxxx://xxx.xxx.xx/ 12 xxxxx://xxx.xxx.xx/portal/index.php?Page_Type=NGI&id=4 13 xxxxx://xxxxxx.xxx/EGI-Foundation ○ Treating documentation as code. ○ Documentation should be available for Developers, administrators, administrators and end users.. 12 xxxxx://xxx.xxx.xx/about/policy/policies_procedures.html 13 xxxxx://xxxxxxxxxx.xxx.xx/display/EGIBG/Operations+Management+Board 14 xxxx://xxx.xxx.xx/ 15 xxxxx://xxx.xxx.xx/portal/index.php?Page_Type=NGI&id=4 16 xxxxx://xxxxxx.xxx/EGI-Federation

Software compliance. Unless explicitly agreed, software being used and developed to provide the service should: ● Be licensed under an open source and permissive license licence (like e.g. MIT, BSD, Apache 2.0,...). ● The license should Unless otherwise agreed, be licensed to provide unlimited access and exploitation rights to the EGI communityFederation. ● Have source code publicly available via a public source code repository (if needed a mirror can be put in place under the EGI organisation in GitHub13GitHub14.) All releases should be appropriately tagged. ● Adopt best practices: ○ Defining and enforcing code style guidelines. ○ Using Semantic Versioning. ○ Using a Configuration Management frameworks such as Ansible. ○ Taking security aspects into consideration through at every point in time. ○ Having automated testing in place. 10 xxxxx://xxxxxxxxxx.xxx.xx/display/EGIPP/EGI+Policies+and+Procedures+Home 11 xxxxx://xxxxxxxxxx.xxx.xx/display/EGIBG/Operations+Management+Board 12 xxxx://xxx.xxx.xx/ 13 xxxxx://xxx.xxx.xx/portal/index.php?Page_Type=NGI&id=4 14 xxxxx://xxxxxx.xxx/EGI-Federation ○ Using code reviewing. 9 xxxxx://xxx.xxx.xx/about/policy/policies_procedures.html 10 xxxxx://xxxx.xxx.xx/wiki/OMB 11 xxxx://xxx.xxx.xx/ 12 xxxxx://xxx.xxx.xx/portal/index.php?Page_Type=NGI&id=4 13 xxxxx://xxxxxx.xxx/EGI-Foundation ○ Treating documentation as code. ○ Documentation should be available for Developers, administrators, administrators and end users.

Software compliance. Unless explicitly agreed, software being used and developed to provide the service should: ● Be licensed under an open source and permissive license (like MIT, BSD, Apache 2.0,...). ● The license should provide unlimited access rights to the EGI community. ● Have source code publicly available via a public source code repository (if needed a mirror can be put in place under the EGI organisation in GitHub13GitHub14.) All releases should be appropriately tagged. ● Adopt best practices: 10 xxxxx://xxx.xxx.xx/about/policy/policies_procedures.html 11 xxxxx://xxxx.xxx.xx/wiki/OMB 12 xxxx://xxx.xxx.xx/ 13 xxxxx://xxx.xxx.xx/portal/index.php?Page_Type=NGI&id=4 14 xxxxx://xxxxxx.xxx/EGI-Foundation ○ Defining and enforcing code style guidelines. ○ Using Semantic Versioning. ○ Using a Configuration Management frameworks such as Ansible. ○ Taking security aspects into consideration through at every point in time. ○ Having automated testing in place. ○ Using code reviewing. 9 xxxxx://xxx.xxx.xx/about/policy/policies_procedures.html 10 xxxxx://xxxx.xxx.xx/wiki/OMB 11 xxxx://xxx.xxx.xx/ 12 xxxxx://xxx.xxx.xx/portal/index.php?Page_Type=NGI&id=4 13 xxxxx://xxxxxx.xxx/EGI-Foundation ○ Treating documentation as code. ○ Documentation should be available for Developers, administrators, administrators and end users.

Software compliance. Unless explicitly agreed, software being used and developed to provide the service should: ● Be licensed under an open source and permissive license licence (like MIT, BSD, Apache 2.0,...). ● The license should Unless otherwise agreed, be licensed to provide unlimited access and exploitation rights to the EGI communityFederation. ● Have source code publicly available via a public source code repository (if needed a mirror can be put in place under the EGI organisation in GitHub13.) All releases should be appropriately tagged. ● Adopt best practices: ○ Defining and enforcing code style guidelines. ○ Using Semantic Versioning. ○ Using a Configuration Management frameworks such as Ansible. 10 xxxxx://xxxxxxxxxx.xxx.xx/display/EGIBG/Operations+Management+Board 11 xxxx://xxx.xxx.xx/ 12 xxxxx://xxx.xxx.xx/portal/index.php?Page_Type=NGI&id=4 13 xxxxx://xxxxxx.xxx/EGI-Federation ○ Taking security aspects into consideration through at every point in time. ○ Having automated testing in place. ○ Using code reviewing. 9 xxxxx://xxx.xxx.xx/about/policy/policies_procedures.html 10 xxxxx://xxxx.xxx.xx/wiki/OMB 11 xxxx://xxx.xxx.xx/ 12 xxxxx://xxx.xxx.xx/portal/index.php?Page_Type=NGI&id=4 13 xxxxx://xxxxxx.xxx/EGI-Foundation ○ Treating documentation as code. ○ Documentation should be available for Developers, administrators, and end users.

Software compliance. Unless explicitly agreed, software being used and developed to provide the service should: ● Be licensed under an open source and permissive license (like e.g. MIT, BSD, Apache 2.0,...). ● The license should Unless otherwise agreed, be licensed to provide unlimited access and exploitation rights to the EGI communityFederation. ● Have source code publicly available via a public source code repository (if needed a mirror can be put in place under the EGI organisation in GitHub13GitHub17.) All releases should be appropriately tagged. ● Adopt best practices: ○ Defining and enforcing code style guidelines. ○ Using Semantic Versioning. ○ Using a Configuration Management frameworks such as Ansible. Ansible or Puppet, .... ○ Taking security aspects into consideration through at every point in time. ○ Having automated testing in place. ○ Using code reviewing. 9 xxxxx://xxx.xxx.xx/about/policy/policies_procedures.html 10 xxxxx://xxxx.xxx.xx/wiki/OMB 11 xxxx://xxx.xxx.xx/ 12 xxxxx://xxx.xxx.xx/portal/index.php?Page_Type=NGI&id=4 13 xxxxx://xxxxxx.xxx/EGI-Foundation ○ Treating documentation as code. ○ Documentation should be available for Developers, administrators, administrators and end users.. 13 xxxxx://xxx.xxx.xx/about/policy/policies_procedures.html 14 xxxxx://xxxx.xxx.xx/wiki/OMB 15 xxxx://xxx.xxx.xx/ 16 xxxxx://xxx.xxx.xx/portal/index.php?Page_Type=NGI&id=4 17 xxxxx://xxxxxx.xxx/EGI-Foundation

Software compliance. Unless explicitly agreed, software being used and developed to provide the service should: ● Be licensed under an open source and permissive license (like MIT, BSD, Apache 2.0,...). ● The license should provide unlimited access rights to the EGI community. ● Have source code publicly available via a public source code repository (if needed a mirror can be put in place under the EGI organisation in GitHub13GitHub14.) All releases should be appropriately tagged. ● Adopt best practices: ○ Defining and enforcing code style guidelines. ○ Using Semantic Versioning. ○ Using a Configuration Management frameworks such as Ansible. ○ Taking security aspects into consideration through at every point in time. 10 xxxxx://xxx.xxx.xx/about/policy/policies_procedures.html 11 xxxxx://xxxx.xxx.xx/wiki/OMB 12 xxxx://xxx.xxx.xx/ 13 xxxxx://xxx.xxx.xx/portal/index.php?Page_Type=NGI&id=4 14 xxxxx://xxxxxx.xxx/EGI-Foundation ○ Having automated testing in place. ○ Using code reviewing. 9 xxxxx://xxx.xxx.xx/about/policy/policies_procedures.html 10 xxxxx://xxxx.xxx.xx/wiki/OMB 11 xxxx://xxx.xxx.xx/ 12 xxxxx://xxx.xxx.xx/portal/index.php?Page_Type=NGI&id=4 13 xxxxx://xxxxxx.xxx/EGI-Foundation ○ Treating documentation as code. ○ Documentation should be available for Developers, administrators, administrators and end users.

Software compliance. Unless explicitly agreed, software being used and developed to provide the service should: ● Be licensed under an open source and permissive license licence (like e.g. MIT, BSD, Apache 2.0,...). ● The license should Unless otherwise agreed, be licensed to provide unlimited access and exploitation rights to the EGI communityFederation. ● Have source code publicly available via a public source code repository (if needed a mirror can be put in place under the EGI organisation in GitHub13.) All releases should be appropriately tagged. ● Adopt best practices: ○ Defining and enforcing code style guidelines. ○ Using Semantic Versioning. ○ Using a Configuration Management frameworks such as Ansible. ○ Taking security aspects into consideration through at every point in time. ○ Having automated testing in place. ○ Using code reviewing. 9 xxxxx://xxx.xxx.xx/about/policy/policies_procedures.html 10 xxxxx://xxxx.xxx.xx/wiki/OMB 11 xxxx://xxx.xxx.xx/ 12 xxxxx://xxx.xxx.xx/portal/index.php?Page_Type=NGI&id=4 13 xxxxx://xxxxxx.xxx/EGI-Foundation ○ Treating documentation as code. ○ Documentation should be available for Developers, administrators, administrators and end users.. 10 xxxxx://xxxx.xxx.xx/wiki/OMB 11 xxxx://xxx.xxx.xx/ 12 xxxxx://xxx.xxx.xx/portal/index.php?Page_Type=NGI&id=4 13 xxxxx://xxxxxx.xxx/EGI-Foundation

Software compliance. Unless explicitly agreed, software being used and developed to provide the service should: ● Be licensed under an open source and permissive license (like MIT, BSD, Apache 2.0,...). ● The license should provide unlimited access rights to the EGI community. ● Have source code publicly available via a public source code repository (if needed a mirror can be put in place under the EGI organisation in GitHub13GitHub16.) All releases should be appropriately tagged. ● Adopt best practices: ○ Defining and enforcing code style guidelines. ○ Using Semantic Versioninga Versioning schema. ○ Using a Configuration Management frameworks such as Ansible. ○ Taking security aspects into consideration through at every point in time. ○ Having automated testing in place. ○ Using code reviewing. 9 xxxxx://xxx.xxx.xx/about/policy/policies_procedures.html 10 xxxxx://xxxx.xxx.xx/wiki/OMB 11 xxxx://xxx.xxx.xx/ 12 xxxxx://xxx.xxx.xx/portal/index.php?Page_Type=NGI&id=4 13 xxxxx://xxxxxx.xxx/EGI-Foundation ○ Treating documentation as code. ○ Documentation should be available for Developers, administrators, administrators and end users.. 12 xxxxx://xxx.xxx.xx/about/policy/policies_procedures.html 13 xxxxx://xxxx.xxx.xx/wiki/OMB 14 xxxx://xxx.xxx.xx/ 15 xxxxx://xxx.xxx.xx/portal/index.php?Page_Type=NGI&id=4 16 xxxxx://xxxxxx.xxx/EGI-Foundation

Software compliance. Unless explicitly agreed, software being used and developed to provide the service should: ● Be licensed under an open source and permissive license licence (like e.g. MIT, BSD, Apache 2.0,...). ● The license should Unless otherwise agreed, be licensed to provide unlimited access and exploitation rights to the EGI communityFederation. ● Have source code publicly available via a public source code repository (if needed a mirror can be put in place under the EGI organisation in GitHub13GitHub15.) All releases should be appropriately tagged. ● Adopt best practicespractises: ○ Defining and enforcing code style guidelines. ○ Using Semantic Versioning. ○ Using a Configuration Management frameworks such as Ansible. ○ Taking security aspects into consideration through at every point in time. ○ Having automated testing in place. ○ Using code reviewing. 9 xxxxx://xxx.xxx.xx/about/policy/policies_procedures.html 10 xxxxx://xxxx.xxx.xx/wiki/OMB 11 xxxx://xxx.xxx.xx/ 12 xxxxx://xxx.xxx.xx/portal/index.php?Page_Type=NGI&id=4 13 xxxxx://xxxxxx.xxx/EGI-Foundation ○ Treating documentation as code. 12 xxxxx://xxxxxxxxxx.xxx.xx/display/EGIBG/Operations+Management+Board 13 xxxx://xxx.xxx.xx/ 14 xxxxx://xxx.xxx.xx/portal/index.php?Page_Type=NGI&id=4 15 xxxxx://xxxxxx.xxx/EGI-Foundation ○ Documentation should be available for Developers, administrators, administrators and end users.

Software compliance. Unless explicitly agreed, software being used and developed to provide the service should: ● Be licensed under an open source and permissive license (like e.g. MIT, BSD, Apache 2.0,...). ● The license should Unless otherwise agreed, be licensed to provide unlimited access and exploitation rights to the EGI communityFederation. ● Have source code publicly available via a public source code repository (if needed a mirror can be put in place under the EGI organisation in GitHub13GitHub14.) All releases should be appropriately tagged. ● Adopt best practices: ○ Defining and enforcing code style guidelines. ○ Using Semantic Versioning. ○ Using a Configuration Management frameworks such as Ansible. ○ Taking security aspects into consideration through at every point in time. ○ Having automated testing in place. ○ Using code reviewing. 9 xxxxx://xxx.xxx.xx/about/policy/policies_procedures.html 10 xxxxx://xxxx.xxx.xx/wiki/OMB 11 xxxx://xxx.xxx.xx/ 12 xxxxx://xxx.xxx.xx/portal/index.php?Page_Type=NGI&id=4 13 xxxxx://xxxxxx.xxx/EGI-Foundation ○ Treating documentation as code. ○ Documentation should be available for Developers, administrators, administrators and end users.. 10 xxxxx://xxx.xxx.xx/about/policy/policies_procedures.html 11 xxxxx://xxxx.xxx.xx/wiki/OMB 12 xxxx://xxx.xxx.xx/ 13 xxxxx://xxx.xxx.xx/portal/index.php?Page_Type=NGI&id=4 14 xxxxx://xxxxxx.xxx/EGI-Federation

Software compliance. Unless explicitly agreed, software being used and developed to provide the service should: ● Be licensed under an open source and permissive license (like MIT, BSD, Apache 2.0,...). ● The license should Unless otherwise agreed, be licensed to provide unlimited access and exploitation rights to the EGI communityFederation. ● Have source code publicly available via a public source code repository (if needed a mirror can be put in place under the EGI organisation in GitHub13.) GitHub18). All releases should be appropriately tagged. ● Adopt best practicespractises: ○ Defining and enforcing code style guidelines. ; ○ Using Semantic Versioning. ; ○ Using a Configuration Management frameworks such as Ansible. ; 14 xxxxx://xxx.xxx.xx/about/policy/policies_procedures.html 15 xxxxx://xxxx.xxx.xx/wiki/OMB 16 xxxx://xxx.xxx.xx/ 17 xxxxx://xxx.xxx.xx/portal/index.php?Page_Type=NGI&id=4 18 xxxxx://xxxxxx.xxx/EGI-Foundation ○ Taking security aspects into consideration through at every point in time. ; ○ Having automated testing in place. ; ○ Using code reviewing. 9 xxxxx://xxx.xxx.xx/about/policy/policies_procedures.html 10 xxxxx://xxxx.xxx.xx/wiki/OMB 11 xxxx://xxx.xxx.xx/ 12 xxxxx://xxx.xxx.xx/portal/index.php?Page_Type=NGI&id=4 13 xxxxx://xxxxxx.xxx/EGI-Foundation ; ○ Treating documentation as code. ; ○ Documentation should be available for Developers, administrators, administrators and end users.

Software compliance. Unless explicitly agreed, software being used and developed to provide the service should: ● Be licensed under an open source and permissive license licence (like MIT, BSD, Apache 2.0,...). ● The license should Unless otherwise agreed, be licensed to provide unlimited access and exploitation rights to the EGI communityFederation. ● Have source code publicly available via a public source code repository (if needed a mirror can be put in place under the EGI organisation in GitHub13.) GitHub18). All releases should be appropriately tagged. ● Adopt best practicespractises: ○ Defining and enforcing code style guidelines. ; ○ Using Semantic Versioning. ; ○ Using a Configuration Management frameworks such as Ansible. ; 14 xxxxx://xxxxxxxxxx.xxx.xx/display/EGIPP/EGI+Policies+and+Procedures+Home 15 xxxxx://xxxxxxxxxx.xxx.xx/display/EGIBG/Operations+Management+Board 16 xxxx://xxx.xxx.xx/ 17 xxxxx://xxx.xxx.xx/portal/index.php?Page_Type=NGI&id=4 18 xxxxx://xxxxxx.xxx/EGI-Federation ○ Taking security aspects into consideration through at every point in time. ; ○ Having automated testing in place. ; ○ Using code reviewing. 9 xxxxx://xxx.xxx.xx/about/policy/policies_procedures.html 10 xxxxx://xxxx.xxx.xx/wiki/OMB 11 xxxx://xxx.xxx.xx/ 12 xxxxx://xxx.xxx.xx/portal/index.php?Page_Type=NGI&id=4 13 xxxxx://xxxxxx.xxx/EGI-Foundation ; ○ Treating documentation as code. ; ○ Documentation should be available for Developers, administrators, administrators and end users.

Software compliance. Unless explicitly agreed, software being used and developed to provide the service should: ● Be licensed under an open source and permissive license (like MIT, BSD, Apache 2.0,...). ; ● The license should provide unlimited access rights to the EGI community. ; ● Have source code publicly available via a public source code repository (if needed a mirror can be put in place under the EGI organisation in GitHub13.) GitHub17). All releases should be appropriately tagged. ; ● Adopt best practices: ○ Defining and enforcing code style guidelines. ; ○ Using Semantic Versioning. ; ○ Using a Configuration Management frameworks such as Ansible. ; ○ Taking security aspects into consideration through at every point in time. ; ○ Having automated testing in place. ; ○ Using code reviewing. 9 xxxxx://xxx.xxx.xx/about/policy/policies_procedures.html 10 xxxxx://xxxx.xxx.xx/wiki/OMB 11 xxxx://xxx.xxx.xx/ 12 xxxxx://xxx.xxx.xx/portal/index.php?Page_Type=NGI&id=4 13 xxxxx://xxxxxx.xxx/EGI-Foundation ; ○ Treating documentation as code. ; ○ Documentation should be available for Developers, administrators, administrators and end users.. 13 xxxxx://xxx.xxx.xx/about/policy/policies_procedures.html 14 xxxxx://xxxx.xxx.xx/wiki/OMB 15 xxxx://xxx.xxx.xx/ 16 xxxxx://xxx.xxx.xx/portal/index.php?Page_Type=NGI&id=4 17 xxxxx://xxxxxx.xxx/EGI-Foundation

Software compliance. Unless explicitly agreed, software being used and developed to provide the service should: ● Be licensed under an open source and permissive license (like e.g. MIT, BSD, Apache 2.0,...). ● The license should Unless otherwise agreed, be licensed to provide unlimited access and exploitation rights to the EGI communityFederation. ● Have source code publicly available via a public source code repository (if needed a mirror can be put in place under the EGI organisation in GitHub13GitHub15.) All releases should be appropriately tagged. ● Adopt best practices: ○ Defining and enforcing code style guidelines. 11 xxxxx://xxx.xxx.xx/about/policy/policies_procedures.html 12 xxxxx://xxxx.xxx.xx/wiki/OMB 13 xxxx://xxx.xxx.xx/ 14 xxxxx://xxx.xxx.xx/portal/index.php?Page_Type=NGI&id=4 15 xxxxx://xxxxxx.xxx/EGI-Foundation ○ Using Semantic Versioning. ○ Using a Configuration Management frameworks such as Ansible. ○ Taking security aspects into consideration through at every point in time. ○ Having automated testing in place. ○ Using code reviewing. 9 xxxxx://xxx.xxx.xx/about/policy/policies_procedures.html 10 xxxxx://xxxx.xxx.xx/wiki/OMB 11 xxxx://xxx.xxx.xx/ 12 xxxxx://xxx.xxx.xx/portal/index.php?Page_Type=NGI&id=4 13 xxxxx://xxxxxx.xxx/EGI-Foundation ○ Treating documentation as code. ○ Documentation should be available for Developers, administrators, administrators and end users.

Software compliance. Unless explicitly agreed, software being used and developed to provide the service should: ● Be licensed under an open source and permissive license (like e.g. MIT, BSD, Apache 2.0,...). ● The license should Unless otherwise agreed, be licensed to provide unlimited access and exploitation rights to the EGI communityFederation. ● Have source code publicly available via a public source code repository (if needed a mirror can be put in place under the EGI organisation in GitHub13GitHub12.) All releases should be appropriately tagged. ● Adopt best practices: ○ Defining and enforcing code style guidelines. ○ Using Semantic Versioning. ○ Using a Configuration Management frameworks such as Ansible. ○ Taking security aspects into consideration through at every point in time. ○ Having automated testing in place. ○ Using code reviewing. 9 xxxxx://xxx.xxx.xx/about/policy/policies_procedures.html 10 xxxxx://xxxx.xxx.xx/wiki/OMB 11 xxxx://xxx.xxx.xx/ 12 xxxxx://xxx.xxx.xx/portal/index.php?Page_Type=NGI&id=4 13 xxxxx://xxxxxx.xxx/EGI-Foundation ○ Treating documentation as code. ○ Documentation should be available for Developers, administrators, administrators and end users.. 9 xxxxx://xxxx.xxx.xx/wiki/OMB 10 xxxx://xxx.xxx.xx/ 11 xxxxx://xxx.xxx.xx/portal/index.php?Page_Type=NGI&id=4 12 xxxxx://xxxxxx.xxx/EGI-Foundation

Software compliance. Unless explicitly agreed, software being used and developed to provide the service should: ● Be licensed under an open source and permissive license (like e.g. MIT, BSD, Apache 2.0,...). ● The license should Unless otherwise agreed, be licensed to provide unlimited access and exploitation rights to the EGI communityFederation. ● Have source code publicly available via a public source code repository (if needed a mirror can be put in place under the EGI organisation in GitHub13GitHub12.) All releases should be appropriately tagged. ● Adopt best practices: ○ Defining and enforcing code style guidelines. 9 xxxxx://xxx.xxx.xx/about/policy/policies_procedures.html 10 xxxxx://xxxx.xxx.xx/wiki/OMB 11 xxxx://xxx.xxx.xx/ 12 xxxxx://xxxxxx.xxx/EGI-Foundation ○ Using Semantic Versioning. ○ Using a Configuration Management frameworks such as Ansible. ○ Taking security aspects into consideration through at every point in time. ○ Having automated testing in place. ○ Using code reviewing. 9 xxxxx://xxx.xxx.xx/about/policy/policies_procedures.html 10 xxxxx://xxxx.xxx.xx/wiki/OMB 11 xxxx://xxx.xxx.xx/ 12 xxxxx://xxx.xxx.xx/portal/index.php?Page_Type=NGI&id=4 13 xxxxx://xxxxxx.xxx/EGI-Foundation ○ Treating documentation as code. ○ Documentation should be available for Developers, administrators, administrators and end users.