Contribution Guide

Reporting Bugs & Issues

Please file bug reports on the STIG Manager issue tracker. When reporting a bug, please include as much information as possible. This includes:

  • Install type: Hosted, Local, Docker, etc

  • Action taken

  • Expected result

  • Actual result

  • Screenshot (if relevant)

Developer Information

STIG Manager is being developed using a Forking Workflow. All contributions to the codebase are expected to come via a GitHub Pull Request from a fork of the appropriate repository. Ideally, PRs should reference an Issue, pass all existing tests, and provide additional tests if applicable. Upon successful review, contributions will be merged into the main branch by the project maintainers.

Contributors should be comfortable with the licences governing the project and any other conditions specified in the Project’s Contributing.md document. On first PR submission, feel free to add yourself to the Contributors document.

Development functional components

These are the components of the project, their technologies and maintainers. We are soliciting individuals and organizations interesting in helping maintain any of these components. If you would like to contribute, check our Issues on GitHub for items labeled good first issue, or for specific areas you would like to help with.

API

Component

Technology

Maintainers

Roadmap Goals

GitHub Label(s)

API definition

OpenAPI 3.0

@csmig

  • Refine API Definition to enable automated validation of API responses.

  • Update to OpenAPI Spec 3.1 when suitable middleware support is available.

OAS

Express middleware
Node.js
Express

@csmig

  • Identify suitable middleware replacement for oas-tools, which does not seem well supported at the moment, and includes unneeded dependencies.
API
dependencies

MySQL service
Node.js
MySQL 8

@csmig

  • Keep in sync with MSSQL Server service, which is the primary development focus at the moment.
DB
API

Microsoft SQL Server service
Node.js
MSSQL 2019

@csmig

  • Implementation of MS SQL Server service to match or exceed current MySQL feature support.
DB
API

Test suites
Postman
newman

@cd-rite

  • Automated UI Testing

  • Help would be appreciated identifying additional test cases.

tests

CI/CD pipelines
GitHub Actions
Docker
newman
@cd-rite
@csmig

  • Integration of additional automated security scanning.

workflow

Documentation
Python
sphinx

@cd-rite

  • Addition and integration of JSDoc notation to code and documentation.

documentation
Clients

Component

Technology

Maintainers

Goals

GitHub Label(s)

NAVSEA single-page web app

ExtJS 3.4

@csmig

  • Additional reports and analytical presentations of STIGMan data.

UI

STIGMAN Watcher
Node.js

@csmig

  • Report of logged Watcher actions.

Issues

Documentation
Python
sphinx
@cd-rite
@csmig

  • There is always more documentation to write.

documentation

Integration with other services

Varied
@cd-rite
@csmig

  • Integrations with other services to enhance functionality, such as blob storage services for artifact storage, or Machine Learning for automated review approvals.

enhancement

Data Flow Diagram

Data Flow Diagram

Required Tools

The team regularly uses these tools:

  • git

  • Docker

  • VS Code

  • Postman

Software Components

See Requirements and Dependencies

License / Credits

The repository is licensed under the MIT License, with the exception of the client, which is licensed under the GNU GPL v3.