Code development platform for open source projects from the European Union institutions

Skip to content
Snippets Groups Projects
Commit 25d99c14 authored by Konrad DWOJAK's avatar Konrad DWOJAK
Browse files

Update guidelines/code-europa-eu-guidelines.md

parent 324b286e
No related branches found
No related tags found
1 merge request!6Update guidelines/code-europa-eu-guidelines.md
......@@ -229,7 +229,7 @@ image 1
#### Register in Eureca (CIPS):
The EC Service developing the software completes a new software dossier
in [EURECA](https://apps.jrc.cec.eu.int/eureca/) (the EU IP catalogue
in EURECA (the EU IP catalogue
and management platform). This initial entry lists, as a minimum, the
contact person and unit, the title of the asset, a short description and
the software bill of materials (comprehensive list of the third-party
......@@ -488,7 +488,7 @@ the EC service responsible for the software project (ideally, the
project manager or lead developer).
To do so, they create a new dossier in
[EURECA](https://apps.jrc.cec.eu.int/eureca/). This will open an
EURECA. This will open an
individual file, allocate a record number (ID) and create an initial
entry in the Commission\'s inventory of IP assets. This initial entry
lists, as a minimum, the contact person and the unit of origin, the
......@@ -537,8 +537,8 @@ The SBOM will be used by the Central IP Service to perform the IP
clearance.
------------------------------------------------------------------------
**EURECA provides a [Scope Checker
tool](https://myintracomm.ec.europa.eu/corp/intellectual-property/tools/EURECA/Pages/default.aspx)**[^7]
**EURECA provides a Scope Checker
tool (link available on the EC internal FPIS ThinkOpen wiki)**[^7]
**that can help determine the cases where the software should be
identified.**
------------------------------------------------------------------------
......@@ -659,13 +659,13 @@ here:
The vulnerability assessment of the source code is a **mandatory step**
before software distribution and can be requested from the DIGIT.S1
Security Assurance sector, with its broad service offering of
[Application Security Testing, Continuous Security Assurance (CSA)
service](https://intracomm.ec.testa.eu/itservices/security-assurance-and-testing-services_en),
Application Security Testing, Continuous Security Assurance (CSA)
service (link available on the EC internal FPIS ThinkOpen wiki),
which is integrated into CI/CD pipelines and the vulnerability
self-assessment service.
To request these services, use [My IT
Support](https://webgate.ec.testa.eu/mits/home.do) (MITS).
To request these services, use My IT
Support (MITS).
Alternatively, the assessment can be carried out directly by a
Commission department, if it has the dedicated expertise and resources
for performing this task. All such departments will be explicitly
......@@ -741,8 +741,8 @@ image 2
1. Continuous Security Assurance (CSA) Service - EC DIGIT Security
Assurance - EC Extranet Wiki (europa.eu).
2. Code should be developed following the Commission [standards and
guidelines](https://myintracomm.ec.europa.eu/corp/digit/itsecurity/Pages/IT-security-standards-and-guidelines.aspx)
2. Code should be developed following the Commission standards and
guidelines (link available on the EC internal FPIS ThinkOpen wiki)
that are applicable and relevant for secure code development:
1. IT Security Standard - Web Application Security Standard.pdf
......@@ -794,7 +794,7 @@ steps are involved.
### Procedure in case of proprietary distribution
In accordance with the [IP
delegation](https://myintracomm.ec.europa.eu/corp/intellectual-property/Documents/IP_Delegation_of_powers_SEC(2001)1397_(FR).pdf)
delegation](link available on the EC internal FPIS ThinkOpen wiki)
and as confirmed by article 10 of the Software Reuse Decision, before
Commission software can be distributed under proprietary terms it is
necessary to adopt a Commission Decision allowing this distribution.
......@@ -836,10 +836,10 @@ service thereto who has access rights in Decide as an author or as a
coordinator.
The list of **legislative coordinators** is available
[here](https://webgate.ec.europa.eu/fpfis/wikis/display/REGISTRY/Decide+coordinators?preview=/535331444/821888206/DECIDE%20COODINATORS%20LIST.xlsx).
on the EC internal FPIS ThinkOpen wiki.
More details on the **adoption procedure** for the EC decision in the
[guidelines](https://myintracomm.ec.europa.eu/corp/intellectual-property/Documents/ADM_Procedure_EC_decision_SW-P-TM.docx).
guidelines (link available on the EC internal FPIS ThinkOpen wiki).
### Preparing the software for distribution
......@@ -1100,8 +1100,7 @@ Agile Iteration Management, Collaborative Code Review
Integration (Bamboo) and Collaborative Documentation
(Confluence/Gliffy/Balsamiq).
See details here:
<https://citnet.tech.ec.europa.eu/CITnet/confluence/display/CITNET/Home>
Details about CITnet available on the EC internal FPIS ThinkOpen wiki.
CITnet provides developers and, when needed, IP correspondents with all
the relevant information about the development of software and the build
......@@ -1436,59 +1435,39 @@ file after you have listed all the components with their attributions:
## Resources
### Information and materials on intellectual property and open source[^10]
(links available on the EC internal FPIS ThinkOpen wiki)
- [Intellectual property website on My
Intracomm](mailto:Additional%20copyright%20information%20is%20available%20at%20the%20Intellectual%20Property%20website%20on%20My%20Intracomm.%20If%20you%20have%20any%20questions,%20please%20contact%20the%20Central%20IP%20Service%20of%20the%20European%20Commission%20at%20EC-IPR@ec.europa.eu.);
- [EURECA manual and scope
checker](https://myintracomm.ec.europa.eu/corp/intellectual-property/tools/EURECA/Pages/default.aspx);
- [IPR risk
management](https://myintracomm.ec.europa.eu/corp/intellectual-property/Documents/MAN_Guidelines_on_IPR_Risk_management.pdf)
guidelines;
- [Explanatory note on clauses regarding intellectual property
rights\\\\ in model service contracts used by the
Commission](https://myintracomm.ec.europa.eu/corp/budget/financial-rules/procurement/Documents/ipr-note-en.pdf);
- [Think Open
confluence](https://webgate.ec.europa.eu/fpfis/wikis/display/opensource/Think+Open);
- [List of free open source code scanning
tools](https://webgate.ec.europa.eu/fpfis/wikis/display/devsecops/Create+report+of+Licenses+of+dependent+libraries)
for Java, JavaScript and PHP (as identified by the DevSecOps team in
unit DIGIT.B.4).
- Available [e-learning
courses](https://myintracomm.ec.europa.eu/corp/intellectual-property/learning/e-learning/Pages/default.aspx)
and training on the EU Learn platform;
- EURECA manual and scope checker;
- IPR risk management guidelines;
- Explanatory note on clauses regarding intellectual property rights in model service contracts used by the Commission;
- List of free open source code scanning tools for Java, JavaScript and PHP (as identified by the DevSecOps team in unit DIGIT.A.4;
- Available e-learning courses and training on the EU Learn platform.
### Security information[^11]
(links available on the EC internal FPIS ThinkOpen wiki)
- Security Assurance Wiki: [Services - EC DIGIT Security Assurance -
- Security Assurance Wiki: Services - EC DIGIT Security Assurance -
EC Extranet Wiki
(europa.eu)](https://webgate.ec.europa.eu/fpfis/wikis/display/SecurityAssurance/Services);
- Security Assurance service offering entries in DIGIT Service
Catalogue:
- [Application Security Testing \| DIGIT Service Catalogue
(testa.eu)](https://intracomm.ec.testa.eu/itservices/application-security-testing_en);
- Application Security Testing \| DIGIT Service Catalogue
- [Continuous Security Assurance services \| DIGIT Service
- Continuous Security Assurance services \| DIGIT Service
Catalogue
(testa.eu)](https://intracomm.ec.testa.eu/itservices/continuous-security-assurance-services_en);
- \[\[<https://webgate.ec.europa.eu/fpfis/wikis/display/SecurityAssurance/Vulnerability+Self-Assessment+%28VSA%29+-+Static+Application+Security+Testing+%28SAST%29+Procedure>\]\[Vulnerability
Self-Assessment (VSA) - Static Application Security Testing
(SAST) Procedure - EC DIGIT Security Assurance - EC Extranet
Wiki (europa.eu)\]\];
- Vulnerability Self-Assessment (VSA) - Static Application Security Testing
(SAST) Procedure - EC DIGIT Security Assurance
- EC IT Security Standards:
- [IT Security Policy, Standards, Guidelines and Technical
- IT Security Policy, Standards, Guidelines and Technical
specifications
(europa.eu)](https://myintracomm.ec.europa.eu/corp/digit/itsecurity/Pages/IT-security-standards-and-guidelines.aspx).
### Joinup
......@@ -1521,15 +1500,15 @@ understanding and choosing the most appropriate OS licence:
[dedicated space on the Joinup
platform](https://joinup.ec.europa.eu/collection/eupl/eupl-guidelines-faq-infographics);
- [EUPL 1.2.
Guidelines](https://myintracomm.ec.europa.eu/corp/intellectual-property/_layouts/15/WopiFrame.aspx?sourcedoc=%7B0E274EBD-8D81-47E4-985C-987964229D6C%7D&file=NO0821281ENN.en.pdf&action=default).
- EUPL 1.2.
Guidelines (link available on the EC internal FPIS ThinkOpen wiki)
### Contact points
- Central Intellectual Property (IP) Service: <EC-IPR@ec.europa.eu>
- Open Source Programme Office:
[DIGIT-OSPO@ec.europa.eu](file:///\\net1.cec.eu.int\jrc-services\BRU-Users\toadead\Desktop\Tasks\17.Guidelines%20developers\Feedback%20WG%20OSPO\DIGIT-OSPO@ec.europa.eu)
DIGIT-OSPO@ec.europa.eu
- EC DIGIT Security Assurance Sector:
<EC-DIGIT-SECURITY-ASSURANCE@ec.europa.eu>
......@@ -1557,10 +1536,10 @@ understanding and choosing the most appropriate OS licence:
with the normal rules applying in the DG concerned for other
decisions in other fields).
[^6]: [ITCB
Mandate](https://webgate.ec.testa.eu/Ares/document/show.do?documentId=080166e5bfbebac4&timestamp=1662542616802).
[ITIT
Mandate](https://myintracomm-collab.ec.europa.eu/projects/ispmb/_layouts/15/DocIdRedir.aspx?ID=ISPMB-21-17).
[^6]: ITCB
Mandate (link available on the EC internal FPIS ThinkOpen wiki)
ITIT
Mandate (link available on the EC internal FPIS ThinkOpen wiki)
[^7]: The Scope Checker is accessible only to EC services.
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment