Welcome to the FAO GitHub. Best Practices repository! This project, guidelines, and resources are designed to help teams embed security into every stage of their DevOps lifecycle. Our goal is to drive secure, reliable, and compliant development practices in support of FAO’s global mandate.
At FAO, our mission is to achieve food security and sustainable agricultural development by integrating robust security practices into our technology and operations. By adopting a “security by design” mindset, we strive to:
- Embed Security Early: Integrate security considerations from the planning phase.
- Automate Testing: Leverage automated security testing and vulnerability scanning.
- Ensure Continuous Monitoring: Implement real-time monitoring and logging for threat detection.
- Promote Collaboration: Encourage cross-team dialogue and shared responsibility for security.
- Maintain Compliance: Adhere to industry standards and regulatory requirements.
Learn more about FAO and our initiatives on our official website.
This repository is informed by industry-leading DevSecOps practices. Key principles include:
- Security by Design: Secure architecture and threat modeling from the start.
- Automated Security Testing: Integrate static analysis, dependency scanning, and dynamic testing into your CI/CD pipeline.
- Infrastructure as Code (IaC): Apply security best practices to code-managed infrastructure.
- Container & Cloud Security: Implement robust measures for container orchestration and cloud environments.
- Incident Response: Develop clear protocols for monitoring, logging, and reacting to potential threats.
- Collaboration & Continuous Improvement: Engage in ongoing dialogue via our wiki, discussions, and Q&A forums to keep pace with evolving threats.
For detailed guidelines and additional resources, please explore our wiki, which includes step-by-step instructions and links to further documentation on each topic.
We welcome contributions from the open-source community! If you’d like to improve our guidelines or add new content, please:
- Fork the repository.
- Review our CONTRIBUTING guidelines for details on our workflow and expectations.
- Submit pull requests with new features, bug fixes, or enhancements.
- Join the discussion on our channels to share ideas and ask questions.
Not yet a member? Submit your access request via the internal eServices portal.
Our community is built on respect and inclusivity. Please read and follow our Code of Conduct to help us maintain a positive environment for collaboration.
Engage with fellow contributors and experts:
- Announcements: Get the latest updates and release news.
- General Discussion: Talk about trends, challenges, and experiences in DevSecOps.
- Ideas: Propose new features and innovative security solutions.
- Q&A: Ask questions and get help from the community.
For inquiries or additional information about our projects, reach out at:
Email: [email protected]