Sylius is an open source, community-driven project.
Sylius follows Behavior-Driven-Development practices and we suggest you to read dedicated part which explains how we work.
You can learn how to contribute the patches and how we use Behat & PHPSpec in two separate parts of our Contributing Guide.
Sylius is not stable yet, but has been already used in production and we want to treat security very seriously. I decided to partially adopt the Symfony security procedures, you can read about it here.