To use code and resources shared through the Open Source Portal, no login is needed! Simply browse or search the catalog, and dive into a shared project that interests you. All resources are publicly hosted at GitHub.

Portal User Workflow

Close modal

Close

To contribute your department/agency project to the Open Source Portal, a technical contact should first become familiar with the following guidance:

GitHub

GitHub provides the developer community an open-source code hosting platform for version control and collaboration.

GitHub provides several guides to assist in creating a repository: Visit GitHub documentation (GitHub Docs) for more information about their platform.

Enterprise Administrator designation in your agency’s GitHub:

• You must designate a GitHub Enterprise Administrator (primary and alternate) to own and maintain their GitHub source code repository
• Each GitHub Enterprise Administrator must maintain a departmental log-in credential (username, password)
• The Agency/state GitHub Enterprise Administrator has the ability to grant permissions to other GitHub users

Organizational and repository guidelines to improve use and findability of your code solutions:

Organization

• Name: Use the name of your organization after your Agency, Department, or Office to show clear ownership
• Description: Add a meaningful description of your organization and what solutions users can expect to find

Repository

• Name: Use short descriptive names to clearly denote the name of the solution repository
• About area:
  • Add a clear and concise description about what your solution repository is and why its useful
  • Be specific about what it is, and what it does

Next, the contact will fill out the form at Share Code. This will initiate contact with OSP administrators, and begin the dialog on preferences, such as whether there are certain public GitHub repositories the organization would prefer not to share in OSP.

Contributor Workflow

Close modal

Close

The Open Source Program (OSP) uses a structured account hierarchy to manage access, ownership, and governance of repositories. Roles are assigned at appropriate levels to ensure accountability and alignment with agency policies.

Organizational Oversight

Agencies/Departments retain ownership and oversight of repositories published under their authority. This includes ensuring compliance with statewide policies, legal requirements, and strategic objectives.

Approver (Agency CIO)

• Ensures alignment with agency policies, legal standards, and strategic goals
• Serves as the final authority for project approval

Repository Management

This level is responsible for the day-to-day administration and lifecycle management of repositories.

Maintainer

• Manages and maintains repositories throughout their lifecycle.
• Oversees repository configuration, releases, and versioning
• Applies patches and security updates
• Conducts periodic reviews for relevance and accuracy
• Archives or removes outdated or unused repositories

Contribution and Collaboration

These roles support the development, review, and improvement of repository content.

Contributor

• Participates in the development and enhancement of repositories.
• Submits code, documentation, and updates
• Adheres to OSP contribution guidelines and standards
• Ensures all submissions meet quality and compliance requirements

Code Reviewer

• Ensures quality and compliance through structured review processes.
• Reviews pull requests for code quality, security, and standards adherence
• Provides feedback and requests revisions as needed
• Approves or rejects contributions based on established criteria

Pre-Submission: Code Eligibility

• Approval: Obtain approval from the department IT Executive or Product Owner to designate code as "Open Source."
• Dependencies: Identify and document all License dependencies.
• Legal Clearance: Confirm no vendor restrictions, patent conflicts, or license incompatibilities, especially for co-developed or contract-based code.

Technical Sanitization

• Data Classification Review: Ensure repository excludes: PII (e.g., employee info, IPs), confidential data (per SAM), HIPAA data, network diagrams, internal IPs, and cloud secrets.
• Security Controls Review: Perform security checks including static code analysis, dependency vulnerability scans, secrets detection, and manual config file review.

Documentation

• Include a LICENSE file (e.g., MIT, GPL).
• Provide a README.md explaining code purpose, installation, and maintainer.
• Add a SECURITY.md with vulnerability reporting instructions.
• Include a CONTRIBUTING.md detailing how to submit fixes or features.
• Follow language-specific code standards with clear comments.
• List all license dependencies.

Final Review & Sign Off

• Code Review: At least one developer or tech lead must review code quality and cleanliness.
• Security: Perform a final scan (automated or manual) with no open vulnerabilities.
• Legal: Confirm legal compliance and IP ownership.
• Approval: Approval obtained from Agency CIO

Post-Release Maintenance

• Issue Monitoring: Ensure maintainer is available to respond to any public comments on the repo.
• Patching: Ensure security updates are patched to the public repo once internal fixes are made.
• Archival: If the code is no longer valid/technology used is outdated, ensure to move it to a read-only state.

California state agencies may release software developed with state resources as open source when:

• It does not expose confidential, sensitive, or restricted information.
• It complies with State Administrative Manual (SAM) and Statewide Information Management Manual (SIMM) policies. It supports transparency, reuse, interoperability, and cost efficiency.
• It has documented ownership and legal clearance.

Policies related to open source code in the SAM:

• SAM Section 4984(opens in new tab)
  • SAM Section 4984-1(opens in new tab)
  • SAM Section 4984-2(opens in new tab)

Agencies must follow the contributor guidelines (refer to “Guidelines for Contributors”) and obtain CIO approval before submitting projects to the Open Source Portal.

Open source refers to software whose source code is made available for use or modification as users or other developers see fit. Open source software is often developed in a collaborative public manner.

The Open Source Portal was created to advance collaboration, innovation, and efficiency across the State of California’s technology landscape. This portal aligns with the State’s Digital Strategy, supporting the development of modern, effective digital services that benefit all Californians.

In particular, the Open Source Portal helps state entities comply with SAM Section 4984, Section 4984.1, and Section 4984.2.

There is no cost for contributing apart from maintaining GitHub repositories, and no cost for making use of other shared repositories.

The Open Source Portal gives every agency across the state a secure, trusted place to find, share, and reuse proven technology solutions.

By centralizing vetted open source tools, we reduce duplication, lower project costs, and speed up delivery of citizen-facing services — all while maintaining security and compliance standards.

Instead of each department reinventing the wheel, the portal helps us build once and reuse many times. That means faster innovation, smarter spending of taxpayer dollars, and a stronger, more consistent technology foundation across state government.

Questions can be addressed via the Contact Us form, or you can email at opensource-code@state.ca.gov .