Development Standards & Best Practices

Build projects that last — robust, open, and maintainable.

Key Standards

• Harden Server & App Configurations:
  Always follow secure defaults for your stack (disable unused ports, set secure headers, use HTTPS, enable rate limiting, avoid default passwords).
• Dependency Management:
  Keep all dependencies up to date. Use automated tools to check for known vulnerabilities during builds (Snyk, DependencyCheck).
• No Secrets in Code:
  Never commit private keys, API secrets, or passwords to your repositories. Use a secrets scanner in CI/CD (e.g., Semgrep).
• Analytics Integration:
  Integrate with DeFiLlama, ergo.watch, or Artemis to monitor your on-chain metrics and show your project's impact.
• Open Source:
  Publish your code in public repositories with a clear README, license, and contribution guidelines.
• Ecosystem Integration:
  Register your project with Ergo ecosystem aggregators such as Ergcube, Sigmaverse, and in the main ecosystem documentation for discoverability.

Recommended Tools

• Snyk or OWASP DependencyCheck — Dependency audits
• Semgrep — Secrets scanning
• GitHub Actions / CI for automated checks
• Bitwarden or 1Password — Password managers

Resources

• Analytics Integration Guide
• Add your project to the ecosystem
• Security & Identity Standards