Sets static analysis an indispensable requirement for our project
releases.
Static analysis is not merely a tool but a proactive
strategy to unearth and address potential issues in the early stages
of development, long before they mature into critical
vulnerabilities. By scrutinizing code at rest, static analysis unveils
latent defects and potential security risks, thus bolstering the
resilience of our software against future threats.
Fixes: #64591
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
Add a note about requirements for specialized drivers, clarifying the
requirements about using Zephyr APIs.
Signed-off-by: Fabio Baltieri <fabiobaltieri@google.com>
Since there are multiple static analysis tools being used
now, it is better to change references for a particular one
and just point to static analysis section in the documentation.
JIRA is no longer used for tracking security issues. Update it
to Github.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
prefix with numbers to get sorting based on usage. Most common files
issue types should come first, with bugs being at the top.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Topic branches are not in widespread use and the details on how are
managed are being reworked.
Drop the topic branches reference (now being renamed "collab" branches)
from the contribution guideline and just ask to open PRs against main,
as that's the common case right now, saves first time users from having
to dig through the various branches in the repository.
Signed-off-by: Fabio Baltieri <fabiobaltieri@google.com>
Collect up all the contributor expectations and PR requirements into a
single place. Add additional guidelines about creating small PRs and how
to break up PRs into multiple commits.
Signed-off-by: Keith Short <keithshort@google.com>
Zephyr's coding style is based on the Linux kernel coding style, which
indicates a preferred limit of 80 columns. Zephyr's .clang-format sets
the ColumnLimit to 100. Update the documentation to match the
.clang-format parameters.
Signed-off-by: Keith Short <keithshort@google.com>
The current content does have all the critical information, but you
have to read carefully to catch several important details. This makes
it less likely that people will be able to follow the rules, which
wastes maintainers' time in PRs from new contributors, since we have
to explain the details repeatedly.
Fix it by making the introduction shorter while still covering all the
bases, and adding details with more concrete examples in the following
subsections.
Keep some other text in the document up to date and fix some
cross-references as needed.
Signed-off-by: Marti Bolivar <marti.bolivar@nordicsemi.no>
Add a note about the "branch out of date" and "Update branch" GitHub
feature. That message is confusing for new users and we often see people
losing approvals and introducing merge commits with it. Adding a note
in the contribution guidelines would hopefully help some.
Signed-off-by: Fabio Baltieri <fabiobaltieri@google.com>
There hasn't been any topic branch in widespread use. This point is
still relevant for backports or some advanced usage, but since this list
is meant to help contributor approaching the project it may be a good
idea to drop the point and make the list a tiny bit shorter and less
intimidating.
Instead, mention that main should be used "if unsure" in the previous
point.
Signed-off-by: Fabio Baltieri <fabiobaltieri@google.com>
This pull request documents additional requirements for treewide
changes which were discussed at the process WG (see
issue #48886 for details).
These requirements apply to especially impactful changes. They exist
both to try to make sure the changes get enough review, and to give
users a heads-up mechanism about incoming treewide changes.
Signed-off-by: Martí Bolívar <marti.bolivar@nordicsemi.no>
Prefer clang-format over uncrustify for source code formatting.
uncrustify configuration files will be removed in future commits.
Signed-off-by: Gerard Marull-Paretas <gerard.marull@nordicsemi.no>
It is quite confusing to describe Zephyr's source tree layout in the
section for application development, given that applications do not need
to follow the exact same layout as the main tree.
Instead move this section to the contribution guidelines chapter.
Signed-off-by: Carles Cufi <carles.cufi@nordicsemi.no>