diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index b15c3fc..0090ab7 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -16,10 +16,14 @@ Please report unacceptable behavior to one of the Code of Conduct [Committee mem In addition to this repository, ComplyTime has several sub-projects: -* **complyctl**: A command-line tool for interacting with ComplyTime services. -* **complybeacon**: A service for continuous compliance monitoring. -* **complyscribe**: A service for generating compliance documentation. -* **cac-transpiler**: A tool for transpiling compliance-as-code artifacts. +* **[complyctl](https://github.com/complytime/complyctl)**: A command-line tool for streamlining end-to-end compliance workflows on local systems. +* **[complyscribe](https://github.com/complytime/complyscribe)**: A workflow automation tool for compliance content authoring. +* **[complytime-collector-components](https://github.com/complytime/complytime-collector-components)** (ComplyBeacon): A policy-driven observability toolkit for compliance evidence collection, extending the OpenTelemetry standard. +* **[complytime-policies](https://github.com/complytime/complytime-policies)**: Engineering policies expressed in [Gemara](https://github.com/ossf/gemara) for the ComplyTime project. +* **[gemara-mcp-server](https://github.com/complytime/gemara-mcp-server)**: An MCP server for automating the authoring of GRC Risk Assessment documentation in Gemara. +* **[website](https://github.com/complytime/website)**: The ComplyTime project website. + +For a complete list of all subprojects and their current status, see [SUBPROJECTS.md](./SUBPROJECTS.md). The following sections provide a general overview for contributing to any of the ComplyTime repositories. diff --git a/SUBPROJECTS.md b/SUBPROJECTS.md index 8f6ff3b..de74a8c 100644 --- a/SUBPROJECTS.md +++ b/SUBPROJECTS.md @@ -1,33 +1,154 @@ -# SubProjects: ComplyTime +# ComplyTime Subprojects -## `complyctl` +This document outlines the subprojects under the ComplyTime umbrella, their status, and contribution guidelines. Each subproject has its own maintainers, roadmap, and contribution guidelines while adhering to the overall ComplyTime [governance](./GOVERNANCE.md) and [code of conduct](./CODE_OF_CONDUCT.md). -A command-line tool for streamlining end-to-end compliance workflows on local systems. +## Subproject Maturity Levels -### In Scope Repositories +| Status | Description | +|--------|-------------| +| **🟢 Active** | Production-ready, actively maintained with regular releases | +| **🟡 Incubating** | Under active development, working toward stability | +| **🔵 Supporting** | Foundational/utility project, stable but lower release cadence | +| **⚪ Archived Or Empty** | Empty or no longer actively maintained, kept for historical reference | -| Name | Function | -|--------------------------------|--------------------| -| `complyctl` | The main CLI repo | -| `compliance-to-policy-plugins` | Plugins repository | +## Current Subprojects +### complyctl -## `complyscribe` +**Description**: A command-line tool for streamlining end-to-end compliance workflows on local systems. -A workflow automation tool for compliance content authoring +**Status**: 🟡 Incubating +**Repository**: [complytime/complyctl](https://github.com/complytime/complyctl) +**Language**: Go | **License**: Apache-2.0 -## In Scope Repositories +--- -| Name | Function | -|----------------|---------------| -| `complyscribe` | The main repo | +### complyscribe -## `complybeacon` +**Description**: A workflow automation tool for compliance content authoring. -A policy-driven observability toolkit for compliance evidence collection +**Status**: 🟡 Incubating +**Repository**: [complytime/complyscribe](https://github.com/complytime/complyscribe) +**Language**: Python | **License**: Apache-2.0 -## In Scope Repositories +--- -| Name | Function | -|----------------|---------------| -| `complybeacon` | The main repo | +### complytime-collector-components (ComplyBeacon) + +**Description**: A policy-driven observability toolkit for compliance evidence collection, extending the OpenTelemetry standard. + +**Status**: 🟡 Incubating +**Repository**: [complytime/complytime-collector-components](https://github.com/complytime/complytime-collector-components) +**Language**: Go | **License**: Apache-2.0 + +--- + +### complytime-collector-distro + +**Description**: Pre-built OpenTelemetry Collector distribution for ComplyBeacon releases. + +**Status**: ⚪ Empty +**Repository**: [complytime/complytime-collector-distro](https://github.com/complytime/complytime-collector-distro) +**License**: Apache-2.0 + +--- + +### org-infra + +**Description**: Reusable workflows, shared configurations, and templates for the ComplyTime organization. + +**Status**: 🟢 Active +**Repository**: [complytime/org-infra](https://github.com/complytime/org-infra) +**Language**: Python | **License**: Apache-2.0 + +--- + +### website + +**Description**: The ComplyTime project website. + +**Status**: 🟡 Incubating +**Repository**: [complytime/website](https://github.com/complytime/website) + +--- + +### .github + +**Description**: Organization management via [Peribolos](https://docs.prow.k8s.io/docs/components/cli-tools/peribolos/). + +**Status**: 🔵 Supporting +**Repository**: [complytime/.github](https://github.com/complytime/.github) + +--- + +### community + +**Description**: Community documentation including contributing guidelines, governance, and code of conduct. + +**Status**: 🔵 Supporting +**Repository**: [complytime/community](https://github.com/complytime/community) +**License**: Apache-2.0 + +--- + +### gemara-content-service + +**Description**: A content API service for [Gemara](https://github.com/ossf/gemara) — the GRC Engineering Model for Automated Risk Assessment. Naming not yet finalized. + +**Status**: 🟡 Incubating +**Repository**: [complytime/gemara-content-service](https://github.com/complytime/gemara-content-service) +**License**: Apache-2.0 + +--- + +### complytime-policies + +**Description**: Engineering policies expressed in [Gemara](https://github.com/ossf/gemara) for the ComplyTime project. + +**Status**: 🟡 Incubating +**Repository**: [complytime/complytime-policies](https://github.com/complytime/complytime-policies) +**License**: Apache-2.0 + +### gemara-mcp-server + +**Description**: An MCP server for automating the authoring of GRC Risk Assessment documentation in [Gemara](https://github.com/ossf/gemara). + +**Status**: 🟡 Incubating +**Repository**: [complytime/gemara-mcp-server](https://github.com/complytime/gemara-mcp-server) +**Language**: Go | **License**: Apache-2.0 + +--- + +## Process for Adding New Subprojects + +1. **Open a Proposal Issue** in the [community repository](https://github.com/complytime/community/issues) with: + - Project name and description + - Problem statement and goals + - Proposed maintainers (minimum 2) + - Technical architecture overview + - Alignment with ComplyTime's mission + +2. **Community Review**: The proposal will be open for community discussion for at least 2 weeks. + +3. **TOC Approval**: The [Technical Oversight Committee](./GOVERNANCE.md) will vote on the proposal. + +## Subproject Requirements + +All subprojects must: + +- Follow the ComplyTime [Code of Conduct](./CODE_OF_CONDUCT.md) +- Adhere to the [Contributing Guidelines](./CONTRIBUTING.md) +- Have at least two maintainers +- Maintain clear documentation +- Follow ComplyTime's licensing guidelines (Apache-2.0 preferred) + +## Process for Archiving Subprojects + +Subprojects may be archived when: + +- No active maintainers remain after reasonable recruitment efforts +- The project no longer aligns with ComplyTime's direction +- The project has been superseded by another solution +- A supermajority vote of the TOC approves archival + +Archived projects remain available for reference but no longer receive updates or support.