Contributing to SecureDrop

Thank you for your interest in contributing to SecureDrop! We welcome both new and experienced open-source contributors and are committed to making it as easy as possible to contribute. Whether you have a few minutes or many hours, there are a variety of ways to help. We are always looking for help from:

You can always find a regular project contributor to answer any questions you may have on the SecureDrop instant messaging channel. You can also register on the forum for more information and to participate in longer discussions.

Note

The SecureDrop GitHub repositories and other project resources are managed by Freedom of the Press Foundation employees. All SecureDrop contributors are required to abide by the project’s Code of Conduct.

Programmers

The SecureDrop system includes Flask-based web applications for sources and journalists. It is deployed across multiple machines with Ansible. Most of SecureDrop’s code is written in Python.

A contributing programmer can work on either newcomer or advanced developer issues.

Newcomer Issues

If you are a novice programmer, you can start with these issues in the following repositories:

Advanced Issues

Programmers who are more comfortable with contributing to the SecureDrop codebase can work on issues related to the following topics:

Application development and general tasks:

Infrastructure focus:

Security focus:

You may also want to consider contributing to the new SecureDrop Workstation project and its components, including the graphical SecureDrop Client app.

Preparing and submitting changes

Before beginning your work on any given issue, we recommend asking questions or sharing an implementation proposal on the relevant GitHub issue. Alternatively, you can often find the development team on Gitter chat. Communicating early and often is especially important for larger changes.

When you’re ready to share your work with the SecureDrop team for review, submit a pull request with the proposed changes. Tests will run automatically on GitHub.

If you would like to contribute on a regular basis, you’ll want to read the developer documentation and set up a local development environment to preview changes, run tests locally, etc.

Technical Writers

Technical writers and editors are invited to review the documentation and fix any mistakes in accordance with the documentation guidelines. Our documentation code is located in our documentation repository.

If this is your first time contributing to SecureDrop documentation, consider working on low-hanging fruit to become familiar with the process.

If you would like to contribute to copywriting user-facing text in the SecureDrop UI, see these issues in our separate User Experience repo.

UX Contributors

If you have interaction or visual design skills, UI copywriting skills, or user research skills, check out our User Experience repository. It includes a wiki with notes from UX meetings, design standards, design principles, links to past research synthesis efforts, and ongoing and past work documented in the form of issues.

If you have front-end development skills, take a look at these issues in the primary SecureDrop repository in GitHub:

Release Managers

All software deployed with SecureDrop is installed via Debian GNU/Linux packages via Ansible. The primary repository is controlled, maintained, and signed by Freedom of the Press Foundation employees. The current responsibilities of the release manager are covered in detailed documentation.

If you are a Debian developer you can help improve packaging and the release process:

Translators

Translating SecureDrop is crucial to making it useful for investigative journalism around the world. If you know English and another language, we would welcome your help.

SecureDrop is translated using Weblate. We provide a detailed guide for translators, and feel free to contact us in the translation section of the SecureDrop forum for help. Non-English forum discussions are also welcome.

SecureDrop translation status

SecureDrop language status

Forum Moderators and Support

Those running a production instance of SecureDrop are encouraged to read the support documentation to get help from the Freedom of the Press Foundation. For less sensitive topics such as running a demo or getting help to understand a concept, a public forum section is better suited. To assist on the forum: