From c8175baee465a12d67bf17840f7587e970f42881 Mon Sep 17 00:00:00 2001 From: Elsa Mayra Irgens Date: Mon, 9 Oct 2023 12:11:22 +0200 Subject: [PATCH] * Update readme * Add security.md * Add contributing.md --- CONTRIBUTING.md | 37 +++++++++++++++++++++++++++++++++++++ README.md | 8 ++++++++ SECURITY.md | 18 ++++++++++++++++++ 3 files changed, 63 insertions(+) create mode 100644 CONTRIBUTING.md create mode 100644 SECURITY.md diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100644 index 00000000..76851a24 --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1,37 @@ +# How to contribute to this repo + +We love your input! We want to make contributing to this project as easy and transparent as possible, whether it's: + +- Reporting a bug +- Proposing new features +- Discussing the current state of the code +- Submitting a fix + +This is how you should do it: + +Use our [issue list](../../issues) to report a **bug** or **propose a new feature**, including + +### For **bug report** +- A quick summary and/or background +- Steps to reproduce + - Be specific! + - Give sample code if you can +- What you expected would happen +- What actually happens + +The team love thorough bug reports - no it's not a joke! + +### For **feature request** +- Brief description of the feature +- What problem/issue will this solve +- A sort of Definition of Done - "How should it look when finsihed" + +### When submitting a fix using a Pull Request (PR) + +- Fork this repository from GitHub +- Once, you have a local copy (after forking) you can make edits to the code, make formatting changes, reorganise the code, add documentation etc … +- After you have made the changes, you have to create a pull request + +We will review the pull request and if it appropriate and there are no clashes or vulnerabilities, it will be merged to the main code + +Voila! you have contributed to a piece of software and the cycle repeats. diff --git a/README.md b/README.md index 774b834e..f0aff5bf 100644 --- a/README.md +++ b/README.md @@ -100,3 +100,11 @@ If radix-operator is updated to a new tag, `go.mod` should be updated as follows ## Pull request checking Radix API makes use of [GitHub Actions](https://github.com/features/actions) for build checking in every pull request to the `master` branch. Refer to the [configuration file](https://github.com/equinor/radix-api/blob/master/.github/workflows/radix-api-pr.yml) of the workflow for more details. + +## Contributing + +Read our [contributing guidelines](./CONTRIBUTING.md) + +------------------ + +[Security notification](./SECURITY.md) \ No newline at end of file diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 00000000..df75dcf8 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,18 @@ +# How to manage security in this repo + +If you discover a security vulnerability in this project, please follow these steps to responsibly disclose it: + +1. **Do not** create a public GitHub issue for the vulnerability. +2. Follow our guideline for Responsible Disclosure Policy at [https://www.equinor.com/about-us/csirt](https://www.equinor.com/about-us/csirt) to report the issue + +The following information will help us triage your report more quickly: + +- Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.) +- Full paths of source file(s) related to the manifestation of the issue +- The location of the affected source code (tag/branch/commit or direct URL) +- Any special configuration required to reproduce the issue +- Step-by-step instructions to reproduce the issue +- Proof-of-concept or exploit code (if possible) +- Impact of the issue, including how an attacker might exploit the issue + +We prefer all communications to be in English.