Skip to content

Cryptocurrency Development Audit Framework⚡️

License

Notifications You must be signed in to change notification settings

CryptoDevTV/CDAF

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

16 Commits
 
 
 
 
 
 

Repository files navigation

Cryptocurrency Development Audit Framework

CDAF - Cryptocurrency Development Audit Framework is a tool which will help you in your own research of cryptocurrency project. Follow each point and investigate the repository, after this quick process you should get to know more about work progress and development status of the project.

Overview

1. Organization vs. user account

Indicators:

Q1.1 - Is it organization account?
  • YES
  • NO
Why does it matter?

Organizations are shared accounts where businesses and open-source projects can collaborate across many projects at once. Owners and administrators can manage member access to the organization's data and projects with sophisticated security and administrative features.

Sources: GitHub personal dashboard, GitHub organizations

1.1 Organization Header (Name, Description, Is verified)

Indicators:

Q1.1.1 - Is description provided?
  • YES
  • NO
Q1.1.2 - Is location provided?
  • YES
  • NO
Q1.1.3 - Is homepage address provided?
  • YES
  • NO
Q1.1.4 - Is email provided?
  • YES
  • NO
Q1.1.5 - Is account verified?
  • YES
  • NO
Why does it matter?

TODO: needs some explanation.

Sources: Organization's settings

1.2 Pinned repositories

Indicators:

Q1.2.1 - Are there any pinned repositories?
  • YES
  • NO
Why does it matter?

TODO: needs some explanation.

Sources: Pinning items

1.3 People from organization

Indicators:

Q1.3.1 - Are there any people involved in organization?
  • YES
  • NO
Q1.3.2 - Do they have activity in public repositories?
  • YES
  • NO
Why does it matter?

TODO: needs some explanation.

Sources: Enrich user profile

1.4 Public projects

Indicators:

Q1.4.1 - Are there any open projects in organization?
  • YES
  • NO
Why does it matter?

TODO: needs some explanation.

Sources: Project boards

1.5 Repositories list (topics)

Indicators:

Q1.5.1 - Is there developers activity visible in repositories?
  • YES
  • NO
Q1.5.2 - Do repositories have topics specified?
  • YES
  • NO
Why does it matter?

TODO: needs some explanation.

Sources: Repository topics

2. Single repository

2.1 Repository overview

Indicators:

Q2.1.1 - Is description provided?
  • YES
  • NO
Q2.1.2 - Are topics provided?
  • YES
  • NO
Why does it matter?

TODO: needs some explanation.

Sources: About repository

2.2 Code

Indicators:

Q2.2.1 - Is it origin repository? (not forked)
  • YES
  • NO
Q2.2.2 - Is it not a monorepo?
  • YES
  • NO
Why does it matter?

TODO: needs some explanation.

Sources: Managing files

2.2.1 Branches

Indicators:

Q2.2.1.1 - Are there any branches?
  • YES
  • NO
Q2.2.1.2 - Are there any active branches?
  • YES
  • NO
Why does it matter?

TODO: needs some explanation.

Sources: About branches

2.2.2 Packages

Indicators:

Q2.2.2.1 - Are there any packages?
  • YES
  • NO
Q2.2.2.2 - It is possible to check packages popularity?
  • YES
  • NO
Why does it matter?

TODO: needs some explanation.

Sources: GitHub Packages

2.2.3 Releases

Indicators:

Q2.2.3.1 - Are there any releases?
  • YES
  • NO
Q2.2.3.2 - Are releases verified?
  • YES
  • NO
Q2.2.3.3 - Are releases different?
  • YES
  • NO
Why does it matter?

TODO: needs some explanation.

Sources: Releases

2.2.4 License

Indicators:

Q2.2.4.1 - Is license file provided?
  • YES
  • NO
Why does it matter?

TODO: needs some explanation.

Sources: Licensing a repository, Which license is appropriate

2.2.5 Readme

Indicators:

Q2.2.5.1 - Is README file provided?
  • YES
  • NO
Why does it matter?

TODO: needs some explanation.

Sources: Documenting project, Template, Suggestions

2.3 Issues

Indicators:

Q2.3.1 - Are there any open issues?
  • YES
  • NO
Q2.3.2 - Are there any closed issues?
  • YES
  • NO
Q2.3.3 - Are there any pinned issues?
  • YES
  • NO
Q2.3.4 - Are there people assigned to the issues?
  • YES
  • NO
Q2.3.5 - Do issues use labels?
  • YES
  • NO
Q2.3.6 - Do issues have conversations?
  • YES
  • NO
Q2.3.7 - Are issues a part of milestones?
  • YES
  • NO
Why does it matter?

TODO: needs some explanation.

Sources: About issues

2.3.1 Labels

Indicators:

Q2.3.1.1 - Are there labels in use?
  • YES
  • NO
Q2.3.1.2 - Are there any custom issues?
  • YES
  • NO
Why does it matter?

TODO: needs some explanation.

Sources: Milestones, Labels, and Assignees

2.3.2 Milestones

Indicators:

Q2.3.2.1 - Are there milestones in use?
  • YES
  • NO
Q2.3.2.2 - Are existed milestones frequently updated?
  • YES
  • NO
Q2.3.2.3 - Are existed milestones have due date set?
  • YES
  • NO
Why does it matter?

TODO: needs some explanation.

Sources: Milestones, Labels, and Assignees

2.4 Pull Requests

Indicators:

Q2.4.1 - Are there pull requests in use?
  • YES
  • NO
Q2.4.2 - Are there any open pull requests?
  • YES
  • NO
Q2.4.3 - Are there any closed pull requests?
  • YES
  • NO
Q2.4.4 - Do pull requests use labels?
  • YES
  • NO
Q2.4.5 - Do pull requests have conversations?
  • YES
  • NO
Why does it matter?

TODO: needs some explanation.

Sources: About pull requests

2.5 Projects

Indicators:

Q2.5.1 - Are there any open projects?
  • YES
  • NO
Q2.5.2 - Are there any closed projects?
  • YES
  • NO
Why does it matter?

TODO: needs some explanation.

Sources: Project boards

2.6 Security

Indicators:

Q2.6.1 - Are there any security advisories?
  • YES
  • NO
Q2.6.2 - Does repository have any security policy?
  • YES
  • NO
Why does it matter?

TODO: needs some explanation.

Sources: Adding a security policy

2.7 Insights

Indicators:

Q2.7.1 - Is it possible to see any work result during the last month?
  • YES
  • NO
Q2.7.2 - Do repository have any watchers?
  • YES
  • NO
Q2.7.3 - Do repository have any stars?
  • YES
  • NO
Q2.7.4 - Does repository have any forks?
  • YES
  • NO
Why does it matter?

TODO: needs some explanation.

Sources: Viewing insights

2.7.1 Community

Indicators:

Q2.7.1.1 - Did repository community profile pass test?
  • YES
  • NO
Why does it matter?

TODO: needs some explanation.

Sources: Community profiles

2.7.2 Dependency graph

Indicators:

Q2.7.2.1 - Does repository have any dependents?
  • YES
  • NO
Q2.7.2.2 - Does repository have more than 25 dependencies?
  • YES
  • NO
Why does it matter?

TODO: needs some explanation.

Sources: Listing dependencies, Listing

Releases

No releases published

Packages

No packages published