Call for tenders' details

Dear users, please note that updated versions of the Tender specifications - part 1 - CNECT/2023/OP/0050 and Annex 6 - CNECT/2023/OP/0050 are available (published on 20-09).
Title:
Support Services to Simpl’s Programme Support Office - CNECT/2023/OP/0050
Contracting authority:
European Commission, DG for Communications Networks, Content and Technology (CON...
TED publication date:
14/08/2023
Time limit for receipt of tenders:
27/09/2023
Status:
Closed
Status
13/09/2023
20/09/2023
English (en)
Question details
Static Code Analysis
Who will define the baseline (e.g. definition of quality gates) for the static code analysis to be used in SonarQube - the PSO or the Main Contractor? Is there a White Book with best coding practices applied by DG CONNECT? Should the PSO contractor provide such a coding guide? Does the Commission apply specific rules/standards upon which the static code analysis is based?
20/09/2023
It is up to the PSO contractor to define the definition of the quality gates which shall be shared with the main contractor. There are no best coding practices specific to DG Connect. However, as inferred from the tender, DevSecOps should be used to automate the full pipeline from Initiation phase (continuous integration) to production (continuous delivery), with an objective for the code's journey to be be automated, secured, and monitored throughout. As to static code analysis, all requirements are already specified in the tender specifications.