EdgeX Foundry - Stage 3 - 2024-09-25

2 TAC Sponsors, if identified (Sponsors help mentor projects) - See full definition on Project Stages: Definitions and Expectations

Meets

Joe Pearson (IBM), Brad Corrion (IOTech)

The typical IP Policy for Projects under the LF Edge Foundation is Apache 2.0 for Code Contributions, Developer Certificate of Origin (DCO) for new inbound contributions, and Creative Commons Attribution 4.0 International License for Documentation. Projects under outside licenses may still submit for consideration, subject to review/approval of the TAC and Board.

Meets

• EdgeX is an Apache 2.0 license project.  We require all contributions comply with this license agreement as stated in our Wiki below: EdgeX contributors guide

• EdgeX policy to review new libs, modules, etc. brought into the project to insure anything we use (or is used indirectly by modules we bring in) is compliant with this license. https://wiki.edgexfoundry.org/display/FA/Vetting+Process+for+3rd+Party+Dependencies

• We also conduct code scans regularly (with each PR) for any license compliance issues

• Recently challenges are emerging with some third party products changing their open source license policy (Redis, Vault, Consul). This is being addressed in upcoming EdgeX releases

Upon acceptance, At Large projects must list their status prominently on website/readme

Meets

Displayed proudly on EdgeX wiki:

… and on the EdgeX website:

Demonstrate regular project leadership (typically TSC) meetings.  Project leadership should meet monthly at a minimum unless there are extenuating circumstances (ex: holiday period)

Meets

TSC meetings are held bi-weekly. All information and recordings are held on the wiki pages here: https://lf-edgexfoundry.atlassian.net/wiki/spaces/FA/pages/11667441/Technical+Steering+Committee+TSC

Development of a growth plan (to include both roadmap of projected feature sets as well as overall community growth/project maturity), to be done in conjunction with their project mentor(s) at the TAC.

Meets

• We maintain a roadmap for the next 2 years and have a long term backlog that extends beyond that timeframe.  The next couple of releases are documented with pages in our Wiki (and you can see past release roadmaps) here:  https://wiki.edgexfoundry.org/display/FA/Roadmap.

• Minor fixes and enhancements are also captured in issues with each repository in Github.  Github tags are used to label bugs from enhancement requests and when appropriate are associated with a specific target release (e.g., "Odessa" tags on the Core Working Group project board here: https://github.com/orgs/edgexfoundry/projects/56 for an example).

Document that it is being used in POCs.

Demonstrate a substantial ongoing flow of commits and merged contributions.

Meets

Collected from LF Insights for the project since inception and for the last 12 months:

Demonstrate that the current level of community participation is sufficient to meet the goals outlined in the growth plan.

Meets

13 successful project releases since April 2017 (usually 2 each year)

• EdgeX 3.0 (Minnesota was a new major release version, released on May 31st 2023

• EdgeX 3.1 (Levski) also released on Nov 15th 2023 was the latest LTS version with a 24 month community support cycle

On track for two more releases in the next year:  Odessa, likely version 4.0 at end of 2024, and Palau 4.2 half way through 2025.

Demonstrate a willingness to work with (via interoperability, compatibility or extension) other LF Edge projects to provide a greater edge solution than what can be done by the project alone. 

Meets

• Planned adoption of OpenBao as the reference/supplied secret store with EdgeX

• Collaboration with and use within EdgeX of eKuiper (formerly Kuiper) project

• Collaboration with and potential use of NanoMQ within EdgeX (the MQTT broker is pluggable)

• Integration with Akraino ELIOT blueprint (tested using UNH lab)

• Incubation of Open Horizon project

• Inclusion in the Open Retail Reference Architecture (with Open Horizons, and SDO)

• Accomplished Baetyl/EdgeX integration (work accomplished in PRC).  See Updates of EdgeX-Baetyl collaboration attempts-v0.1.pptx

• Use of EdgeX in HomeEdge and continued support of that project

• Fledge export connector

Have a defined governing body of at least 5 or more members (owners and core maintainers)

Meets

Our current TSC is comprised of members from Intel, IOTech, Eaton, Schneider Electric, Danfoss and Yiqisoft.  For names and details see:

https://lf-edgexfoundry.atlassian.net/wiki/spaces/FA/pages/11667441/Technical+Steering+Committee+TSC

Each TSC group continues to be a good mix of experienced EdgeX leaders with new members and organizations becoming involved

Have a documented and publicly accessible description of the project's governance, decision-making, and release processes.

Meets

• Matters of project governance, decision making and process are covered in our project Wiki.  The following pages outline our policies.
  Matters of technical decisions and voting process and rules are defined here:  https://wiki.edgexfoundry.org/display/FA/Technical+Work+in+the+EdgeX+Foundry+Project

• Guidance for how to submit code contributions is defined here:  https://wiki.edgexfoundry.org/display/FA/Contributor%27s+Guide and here: https://wiki.edgexfoundry.org/display/FA/Contributor%27s+Process

• Documentation on how our release process and what gets released is here:  https://wiki.edgexfoundry.org/display/FA/Release+Process and some additional information on what is considered a release artefact is defined here:  https://docs.edgexfoundry.org/3.1/design/adr/devops/0007-Release-Automation/

• Significant new features are discussed via TSC approved Use Case Review (UCR) process to better refine the way in which new requirements are defined, and the Architectural Decision Records (ADR) stage of the design.
  

Have a healthy number of committers from at least two organizations. A committer is defined as someone with the commit bit; i.e., someone who can accept contributions to some or all of the project.

Meets

• Work group chairs automatically have committer rights to their work group repositories and nominate others as committers as spelled out in our governance here:  https://wiki.edgexfoundry.org/pages/viewpage.action?pageId=21823860#Contributors,Committers&Maintainers-NominationandApprovalofMaintainersandCommitters

• Each repository has at least 2 committers.  The most used repository (note the microservices architecture of EdgeX means there are many repositories) has 96 code contributors and 18 “committers” (i.e. approvers) (https://github.com/edgexfoundry/edgex-go/graphs/contributors ). In the past 12 months there have been 13 different code contributors to edgex-go
  

Establish a security and vulnerability process which at a minimum includes meeting ("Met" or "?") all OpenSSF best practices security questions and SECURITY.md.

Meets

The project has a well defined security & vulnerability process as defined here: https://lf-edgexfoundry.atlassian.net/wiki/spaces/FA/pages/11671699/Security

The LTS releases have have CVE patches applied to them, for example: https://lf-edgexfoundry.atlassian.net/wiki/spaces/FA/pages/11678726/Napa+3.1.1+Bug+Release+to+LTS

Demonstrate evidence of interoperability, compatibility or extension to other LF Edge Projects. Examples may include demonstrating modularity (ability to swap in components between projects).

Adopt the Foundation Code of Conduct.

Explicitly define a project governance and committer process. This is preferably laid out in a GOVERNANCE.md file and references a CONTRIBUTING.md and OWNERS.md file showing the current and emeritus committers.

Have a public list of project adopters for at least the primary repo (e.g., ADOPTERS.md or logos on the project website).

Intention for the upcoming year (Remain at current stage OR advance towards the next Stage)

Include a link to your project’s LFX Insights page. We will be looking for signs of consistent or increasing contribution activity. Please feel free to add commentary to add color to the numbers and graphs we will see on Insights.

How many maintainers do you have, and which organizations are they from? (Feel free to link to an existing MAINTAINERS file if appropriate.)

What do you know about adoption, and how has this changed since your last review / since you joined the current Stage? If you can list companies that are end users of your project, please do so. (Feel free to link to an existing ADOPTERS file if appropriate.)

How has the project performed against its goals since the last review? (We won't penalize you if your goals changed for good reasons.)

What are the current goals of the project? For example, are you working on major new features? Or are you concentrating on adoption or documentation?

How can LF Edge help you achieve your upcoming goals?

Do you think that your project meets the criteria for the next Stage?

Please summarize Outreach Activities in which the Project has participated in (e.g. Participation in conferences, seminars, speaking engagements, meetups, etc.)

Are you leveraging the Technical Project Getting Started Checklist? If yes, please provide link (if publicly available).

Please review, and update if needed, your Project entry on the Existing Project Taxonomy page, modifying the Last Updated / Reviewed date in the header.

Please share a LFX security report for your project in the last 30 days