// COSSAS

CI/CD Pipelines

We perform quality assurance through Continuous Integration (CI) pipelines on GitLab. This way, we make sure that COSSAS products that are released into the open source community are not broken, outdated or insecure. For every iteration, every contribution from the community, these pipelines are run again. Proposed changes are only merged if the code still adheres to our quality standards and the pipelines succeed. There are essentially four kinds of jobs that we run in our standard Python continuous integration pipelines.

Our CI pipelines are all publicly available on GitLab
Head over to Just CI / Templates to find out how to use them into your project!

Building

Artefacts are built, versioned and delivered to the appropriate software registries automatically. Automating
this process greatly reduces the error
surface and it makes the process less opinionated.

Security

We test our source code and our open source dependencies for security vulnerabilities. If we build a container image, we inspect its layers too.

Code quality

We test our code for style, formality and complexity. For example, pylint score above 6 is required. And we enforce Python type checking with mypy.

Integrity

To ensure the integrity of our software, we enforce Python unit tests with a code coverage of at least 25%.