Please read the contributing guide as well as the Developer Certificate of Origin. You will be required to sign all commits to the Openlane project, so if you're unfamiliar with how to set that up, see github's documentation.
Given external users will not have write to the branches in this repository, you'll need to follow the forking process to open a PR - here is a guide from github on how to do so.
This repository contains open source software that comprises the Openlane stack which is open source software under Apache 2.0. Openlane's SaaS / Cloud Services are products produced from this open source software exclusively by theopenlane, Inc. This product is produced under our published commercial terms (which are subject to change). Any logos or trademarks in our repositories in theopenlane organization are not covered under the Apache License and are trademarks of theopenlane, Inc.
Others are allowed to make their own distribution of this software or include this software in other commercial offerings, but cannot use any of the Openlane logos, trademarks, cloud services, etc.
We take the security of our software products and services seriously, including our commercial services and all of the open source code repositories managed through our Github Organizations, such as theopenlane. If you believe you have found a security vulnerability in any of our repositories or in our SaaS offering(s), please report it to us through coordinated disclosure.
Please do NOT report security vulnerabilities through public github issues, discussions, or pull requests!
Instead, please send an email to [email protected]
with as much information as possible to best help us understand and resolve the issues. See the security policy attached to this repository for more details.
Developing against this repo involves a few mandatory tools; please read up on these and familiarize yourself if you're interested in making additions or changes!
- ent - insane entity mapping tool, definitely not an ORM but kind of an ORM (handles our relational data storage, mappings, codegen processes)
- atlas - Schema generation and migrations (can be disabled in lieu of migrations on disk)
- goose - Secondary database migration utility we also use for seeding data
- gqlgen - Code generation + GraphQL server building
from from
ent
schema definitions - gqlgenc - Client building utilities with GraphQL
- openfga - Flexible authorization/permission engine inspired by Google Zanzibar
- echo - High performance, extensible, minimalist Go web framework
- koanf - Configuration management library which parses command line arguments, Go structs + creates our main configuration files
We also leverage many secondary technologies in use, including (but not limited to!):
- taskfile - So much better than Make zomg
- redis - in-memory datastore used for sessions, caching
- postgres
- golangci-lint - an annoyingly opinionated linter
- buildkite - our CI system of choice (with github actions providing some intermediary support)
All of these components are bundled into our respective Docker images; for additional information / instructions, see the contributing guide in this repository. We're constantly adding and changing things, but have tried to list all the great open source tools and projects we rely on; if you see your project (or one you use) in here and wish to list it, feel free to open a PR!
You can email us at [email protected]
, open a github issue in this repository, or reach out to matoszz directly.