Skip to content

Navigation Menu

Explore
By company size
By use case
By industry
View all solutions
Topics
- AI
- DevOps
- Security
- Software Development
- View all
Explore
- GitHub Sponsors
  Fund open source developers
- The ReadME Project
  GitHub community articles
Repositories
- Enterprise platform
  AI-powered developer platform
Available add-ons
Pricing

Search code, repositories, users, issues, pull requests...

Search

Clear

Search syntax tips

Provide feedback

We read every piece of feedback, and take your input very seriously.

Include my email address so I can be contacted

Saved searches

Use saved searches to filter your results more quickly

Name

Query

To see all available qualifiers, see our documentation.

You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session.

Dismiss alert

mtdvio / going-to-production Public

Notifications You must be signed in to change notification settings
Fork 186
Star 1.4k

Code
Issues 1
Pull requests
Actions
Projects
Wiki
Security
Insights

Additional navigation options

Code
Issues
Pull requests
Actions
Projects
Wiki
Security
Insights

Breadcrumbs

going-to-production

/

serverside-checklist.md

Latest commit

History

94 lines (57 loc) · 2.46 KB

Breadcrumbs

going-to-production

/

serverside-checklist.md

File metadata and controls

94 lines (57 loc) · 2.46 KB

Serverside checklist

This is a checklist for serverside of the Web App.

Legal

Licences of my application's 3rd-party dependencies are not violated
My application does not violate cryptography policies and laws
My app is compliant according to the organisation standards

Resiliency

My application can retain reasonable functionality in isolation
My application can recover from being under heavy load
My application can reestablish all lost connections
My application can not cause Cascading Failures to propagate through the system

Load balancing

My project can run on multiple CPUs
My project can run behind the load balancer
I can add a new node without system downtime

Transparent deployment

I can add a new node without stopping the application
I can add a new node without user sessions being lost/destroyed
I can make a rolling upgrades for my service

Supervising

My application can survive a server restart
My application is restarted automatically after the crash

Logging

My application logs all errors (even "swallowed")
My application produces log output to rotated files
- Streams with different log levels are separated from each other
My logs are aggregated to a log analysing service

Monitoring

I have configured the alerts for abnormal activity
- Application restart events
- Error rate threshold reached
- Server resources are soon to be exhausted (CPU, memory, IO > 90%)
- HTTP requests timeouts
- HTTP responses with 500 status codes
I have health checks for all parts of my system

Metrics

I can observe different events from my app over time
- Number of requests for endpoints
- Duration of requests for endpoints
- Duration of business-logic operations

High Availability

I can run my services in different independent Data Centers

Testing

I have performed stress tests for my application
I have performed network partitioning tests for my application

Backuping

I can restore all my data from backups

Security

I have audited my system against OWASP Top 10 Vulnerabilities
I use TLS for all endpoints
I have added relevant security headers to app HTTP endpoints
- X-Frame-Options
- X-Content-Type-Options
- Content-Security-Policy
- X-XSS-Protection
- Strict-Transport-Security
- Public-Key-Pins

Footer

© 2024 GitHub, Inc.

Footer navigation

Terms
Privacy
Security
Status
Docs
Contact

You can’t perform that action at this time.