The audit happens completely in the version control platform and is designed to fit in to a regular agile software development process. When a contribution is presented for inclusion in the codebase, a Foundation for Public Code staff auditor familiar with the codebase will provide a review or certify the contribution.
The review or certification will happen within 2 business days to enable agile development and not block users and maintainers from making progress.
The codebase maintainers will be notified when a contribution passes the audit and is certified.
As a help to review a codebase, this template can be used.