Contributing to SecureDrop

Thank you for your interest in contributing to SecureDrop! We welcome both new and experienced open-source contributors and are committed to making it as easy as possible to contribute. Whether you have a few minutes or many hours, there are a variety of ways to help. We are always looking for help from:

You can always find a regular project contributor to answer any questions you may have on the SecureDrop instant messaging channel.

Note

The SecureDrop GitHub repositories and other project resources are managed by Freedom of the Press Foundation employees. All SecureDrop contributors are required to abide by the project’s Code of Conduct.

Programmers

SecureDrop Workstation, Client, and supporting applications

The SecureDrop Workstation is a mixture of Python scripts and Salt configuration-as-code. See SecureDrop Client Development for more information.

The graphical SecureDrop Client app is written in Python, using the Qt GUI framework, and includes other supporting apps (Python/Rust), services (systemd), and packages (Debian). See SecureDrop Workstation Development for more information.

The “good first issue” tag is a good introduction to work available in both the Workstation and Client repositories.

SecureDrop Server

The SecureDrop system includes Flask-based web applications for sources and journalists. It is deployed across multiple machines with Ansible. Most of SecureDrop’s code is written in Python.

The “good first issue” tag is a good introduction to work available in the SecureDrop Server.

Programmers who are more comfortable with contributing to the SecureDrop codebase can work on issues related to the following topics:

Application development and general tasks:

Infrastructure focus:

Security focus:

Preparing and submitting changes

Before beginning your work on any given issue, we recommend asking questions or sharing an implementation proposal on the relevant GitHub issue. Alternatively, you can often find the development team on Gitter chat. Communicating early and often is especially important for larger changes.

When you’re ready to share your work with the SecureDrop team for review, submit a pull request with the proposed changes. Tests will run automatically on GitHub.

If you would like to contribute on a regular basis, you’ll want to read the developer documentation and set up a local development environment to preview changes, run tests locally, etc.

Technical Writers

Technical writers and editors are invited to review the documentation and fix any mistakes in accordance with the documentation guidelines. Our documentation code is located in our documentation repository.

If this is your first time contributing to SecureDrop documentation, consider working on low-hanging fruit to become familiar with the process.

If you would like to contribute to copywriting user-facing text in the SecureDrop UI, see these issues in our separate User Experience repo.

UX Contributors

If you have interaction or visual design skills, UI copywriting skills, or user research skills, check out our User Experience repository. It includes a wiki with notes from UX meetings, design standards, design principles, links to past research synthesis efforts, and ongoing and past work documented in the form of issues.

If you have front-end development skills, take a look at these issues in the primary SecureDrop repository in GitHub:

Translators

Translating SecureDrop is crucial to making it useful for investigative journalism around the world. If you know English and another language, we would welcome your help.

SecureDrop is translated using Weblate. We provide a detailed guide for translators, and feel free to contact us in our Gitter chat room or through Localization Lab communications platforms.

SecureDrop translation status

SecureDrop language status