GitHub Guidance


Please Note

Disclaimer: This is EPA Guidance for how EPA uses GitHub.  We have posted our guidance publicly in the spirit of collaboration.  Other agencies and organizations may use social media differently.

Note: Remember that your official activities on-line are subject to the ethics regulations Intranet as well as other federal and agency laws, policies and regulations.  In addition, existing policies and guidance for accessibility Intranet, privacy, external site links, cookies and writing style apply to social media tools as well.  References to these are included at the end of this document.

On this page:


What is GitHub?

GitHub is a third-party website that offers code repositories that developers can use to collaborate on software development projects in real-time.  GitHub also provides social networking features that allow developers to follow open source projects, share code and learn how code changes are made throughout the development process.  GitHub is so named because it utilizes the open source version control system (VCS) known as Git.  To learn more about GitHub and how to use it, visit the following websites:

 

EPA's Account on GitHub

GitHub offers free public repositories for open source projects as well as subscription-based private repositories for closed projects. The EPA has created an organization account with GitHub, which includes a limited number of private repositories and unlimited public repositories.  All EPA staff interested in using GitHub must utilize the agency account rather than creating accounts for individual offices, programs or projects.

 

Who May Use the EPA GitHub Account?

Only EPA staff may be account owners and team leaders (admin-level rights), giving them the ability to create repositories and assign team members to their GitHub projects; both EPA staff and authorized contractors may be team members, able to contribute content to existing repositories; under no circumstances may non-EPA staff, non-authorized contractors, or members of the public become team members.

 

Getting Started

Approval Steps

  1. Get approval from your manager to proceed.
  2. Get approval from the information owner of the EPA software or code that you want to put on GitHub.  Permission from the information owner (typically a manager of the applicable branch or office where the project resides) ensures that EPA relinquished control of the information to be placed on GitHub.  The information owner may or may not be the manager in Step 1.
  3. Forward your approval from your manager and the information owner to your Web Council member(s) for their approval.
  4. Your Web Council member should contact Jessica Orquina (orquina.jessica@epa.gov) in the Office of Web Communications (OWC) for approval to use the EPA GitHub account.
  5. After receiving approval from the OWC, notify the appropriate Information Security Officer (ISO) Intranetof your intent to add new resources to GitHub.

 

Posting EPA Content to GitHub Public Repositories

The EPA GitHub account can be used to publish EPA software as open source, making the code available for developers to build-on for their own projects.  However, all data and software code posted in a public repository on GitHub must first be available on EPA's public website.  In addition, major versioning changes to source code that is developed in a GitHub public repository must also be published on EPA's public website.  A record of the project, which may include the source, must be registered in EPA's Reusable Components Services (RCS), which is EPA's IT services catalog.

Contact Lico Galindo (galindo.lico@epa.gov) in the Office of Information Collection (OIC) for assistance with the RCS registration process.

All projects posted to a GitHub public repository must include a link to where the project code resides on www.epa.gov, as well as the following disclaimer in a README file: 

The United States Environmental Protection Agency (EPA) GitHub project code is provided on an "as is" basis and the user assumes responsibility for its use.  EPA has relinquished control of the information and no longer has responsibility to protect the integrity , confidentiality, or availability of the information.  Any reference to specific commercial products, processes, or services by service mark, trademark, manufacturer, or otherwise, does not constitute or imply their endorsement, recomendation or favoring by EPA.  The EPA seal and logo shall not be used in any manner to imply endorsement of any commercial product or activity by EPA or the United States Government.

 

Open Source Approval

When new applications are posted to a GitHub public repository, they should be accompanied by an approved open source license. Please contact OIAA for a list of OGC-approved open source licenses.

For applications that were developed using third-party contract support, it is the responsibility of the GitHub user to confirm that EPA has ownership rights to the application source code.  Even if EPA has certain data rights guaranteed through a negotiated contract, it may not have full rights to redistribute source code to the public.  To find out what rights EPA has to an application's source code, take the following steps:

  1. Contact the Contracting Officer (CO) responsible for the contract that authorized development of the application.
  2. The CO will confirm whether the contract includes the appropriate data rights clauses.  FAR Clause 53.227-17, Rights in Data-Sepcial Works, gives the Agency rights to redistribute source code, whereas FAR Clause 52.227-14, Rights in Data-General, does not apply to computer software.
  3. If the CO determines that the necessary clauses were not included in the contract, you can either:
    • Request that the appropriate clauses be added to the contract [Note: this is a bilateral process requiring the express permission of both EPA and the contractor.]
    • Request written permission from the contractor to publish the software code as open source.

Once the GitHub user confirms that EPA has the right to publish the application as open source, they may then upload the code to a GitHub repository.  However, the repository must also include a copy of an EPA-authorized open source license.

 

Posting EPA Content to GitHub Private Repositories

GitHub private repositories are closed to the public and accessible only by project team members on approved EPA GitHub projects.  However, before a new private repository can be utilized, a record of the project must be registered in EPA's Reusable Components Services (RCS), which is EPA's IT services catalog.

Contact Lico Galindo (galindo.lico@epa.gov) in the Office of Information Collection (OIC) for assistance with the RCS process.

Note: Prior to any EPA GitHub project being published in a public repository, all data and source code must first be available of EPA's public website.  See Posting EPA Content to GitHub Public Repositories for more information.

 

What Not to Post

When considering what content to post on GitHub, no distinction whatsoever should be made between the public and private GitHub repositories.  The private repositories are only meant to provide a closed environment for working projects not yet ready for public use, and should never contain sensitive code.  All EPA projects hosted on GitHub should be suitable for eventual public access.

For questions about EPA's GitHub account or this guidance document, please contact Jessica Orquina (orquina.jessica@epa.gov) or Sam Bronson (bronson.samuel@epa.gov).

 

Follow Federal Requirements

Section 508

Social Media tools, like other web-based applications, whether inside the EPA network or in the cloud (public web), must make every effort to comply with Section 508 and other policies on accessibility, privacy and record keeping.  In some instances it's not possible to redesign a system to be accessible, but it's usually possible to link back to equivalent information on epa.gov.  An EPA email address will be visible of EPA's GitHub website for users who require alternative methods of accessing the information posted.

For specific questions or help on accessibility, please contact Amanda Sweda (sweda.amanda@epa.gov) of the Office of Environmental Information.

Records

Your Records Liaison Officer can help you to determine the most appropriate methods to capture and maintain records.  For additional guidance, call the Records Help Desk Intranet.

Please note:

  • New content created with social media tools that qualifies as a federal record must be captured and maintained in a recordkeeping system according to EPA's Records Management Policy.
  • If the exact content has been captured as a record elsewhere, then you do not need to capture it again.

 

References

EPA Accounts

Ethics

EPA Policy

Guidance

Additional Resources

  • The Web Guide is the authoritative source for websites and applications at EPA.
  • The Social Media@EPA blog provides answers to questions about social media at EPA.
  • The Information Collection Request Center Intranet describes information collection requirements imposed on the public by EPA.
  • Special Terms of Service Agreements have been negotiated with various social media sites that resolve the legal issues with the standard Terms of Service (TOS) users have to agree to when setting up an account.