Towards Streamlining Auditing for Compliance with Requirements in Open-source Software at NASA

Context: Software that operates in critical environments must be developed and maintained following strict software engineering and development processes. The instantiation of such processes may vary per project; however, once decided upon, projects must undergo audits to evaluate compliance with such requirements.

Aim: We propose that audit effort can be reduced when requirements are realized by leveraging commonly used open-source infrastructure for version control, issue tracking and continuous integration, and the generated records are analyzed using a repository mining software tool to quantify process compliance.

Method: We perform a case study in the NASA-funded Copilot project, utilizing Kaiaulu, a repository mining software tool. We define four software compliance metrics based on the Copilot's requirements, and analyze their impact on source code quality.

Results: Our work demonstrates how it is possible to leverage existing open source tools and platforms to facilitate software certification and qualification, and to streamline the auditing process required even when stringent requirements must be enforced.

Conclusion: Together, both project and tool can be utilized to visualize project compliance, and metrics can be defined to more easily identify process irregularities to minimize auditing efforts.

Project Repository: github.com/Copilot-Language/copilot

Tool Repository: github.com/sailuh/kaiaulu