3. Developer guide

Up: Documentation

Prev: 2. User guide

Next: (none)

Pages:

• 3.1. Running the server
• 3.2. Overview of the code
• 3.3. Database
• 3.4. Storage interface
• 3.5. User interface
• 3.6. Tasks
• 3.7. Build processes
• 3.8. Running and creating tests
• 3.9. Code conventions
• 3.10. How to contribute
• 3.11. Authentication security
• 3.12. Authorization security
• 3.13. Input validation

Sections:

• Introduction
• Security documentation

Introduction

This is a guide for developers of ATR, explaining how to make changes to the ATR source code. For more information about how to contribute those changes back to us, please read the contribution guide.

Security documentation

ATR is security-critical infrastructure for the Apache Software Foundation. Before contributing, you should familiarize yourself with our security practices:

• Authentication security - How users authenticate to ATR via ASF OAuth and API tokens
• Authorization security - The role-based access control model and LDAP integration
• Input validation - Data validation patterns and injection prevention

For reporting security vulnerabilities, see SECURITY.md in the repository root.