You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@@ -128,7 +128,7 @@ A large and active community can provide additional eyes for reviewing code, rep
Consider whether the project receives financial support or sponsorship from reputable organizations. Projects with dedicated funding tend to have more resources available for security audits and ongoing maintenance.
And also are less likely to be completely abandoned.
Remember: you want to rely on that dependency for the whole week, not only during the maintainer's freetime, projects with a nice financial support will be likely to be full-time projects and not just hobbies.
Remember: you want to rely on that dependency for the whole week, not only during the maintainer's freetime, projects with a nice financial support will likely be full-time jobs and not just hobbies.
### SDLC
A good portion of the evaluation should also focus on the SDLC to e ensure security (and quality in general) gates are correcly implemented, approvals on PRs are mandatory and there are healthy practices in place to prevent one single contributor to push malicious code without approval.
