Merge pull request #79 from equinor/repo-info

readme, contribute, security info added
equinor · Nov 8, 2023 · 4d79626 · 4d79626
2 parents 54278bf + 8b746c1
commit 4d79626
Show file tree

Hide file tree

Showing 3 changed files with 63 additions and 0 deletions.
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -0,0 +1,37 @@
+# How to contribute to this repo
+
+We love your input! We want to make contributing to this project as easy and transparent as possible, whether it's:
+
+- Reporting a bug
+- Proposing new features
+- Discussing the current state of the code
+- Submitting a fix
+
+This is how you should do it:
+
+Use our [issue list](../../issues) to report a **bug** or **propose a new feature**, including
+
+### For **bug report**  
+- A quick summary and/or background
+- Steps to reproduce
+   - Be specific!
+   - Give sample code if you can
+- What you expected would happen
+- What actually happens
+
+The team love thorough bug reports - no it's not a joke!
+
+### For **feature request**  
+- Brief description of the feature
+- What problem/issue will this solve
+- A sort of Definition of Done - "How should it look when finsihed"
+
+### When submitting a fix using a Pull Request (PR)  
+
+- Fork this repository from GitHub  
+- Once, you have a local copy (after forking) you can make edits to the code, make formatting changes, reorganise the code, add documentation etc …  
+- After you have made the changes, you have to create a pull request  
+
+We will review the pull request and if it appropriate and there are no clashes or vulnerabilities, it will be merged to the main code  
+
+Voila! you have contributed to a piece of software and the cycle repeats.
diff --git a/README.md b/README.md
@@ -8,6 +8,10 @@ Support GitHub Webhook to trigger pipeline build through the API server
 
 [Github webhook integration best practices](https://docs.github.com/en/github-ae@latest/rest/guides/best-practices-for-integrators#use-appropriate-http-status-codes-when-responding-to-github)
 
+## Contribution
+
+Want to contribute? Read our [contributing guidelines](./CONTRIBUTING.md)
+
 ## Tips on debugging
 
 Install and run *ngrok* to expose localhost by `ngrok http 3001`. The Webhook in GitHub should point to the *ngrok* address.
@@ -55,3 +59,7 @@ When debug locally together with other apps and services - local `radix-api` can
 - `API_SERVER_ENDPOINT_PREFIX`: No defaults, ex: `https://server-radix-api-qa` 
 - `RADIX_CLUSTERNAME`: No defaults, ex: `dev` 
 - `RADIX_DNS_ZONE`: No defaults, ex: `radix.equinor.com`
+
+## Security
+
+This is how we handle [security issues](./SECURITY.md)
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,18 @@
+# How to manage security in this repo
+
+If you discover a security vulnerability in this project, please follow these steps to responsibly disclose it:
+
+1. **Do not** create a public GitHub issue for the vulnerability.
+2. Follow our guideline for Responsible Disclosure Policy at [https://www.equinor.com/about-us/csirt](https://www.equinor.com/about-us/csirt) to report the issue
+
+The following information will help us triage your report more quickly:
+
+- Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.)
+- Full paths of source file(s) related to the manifestation of the issue
+- The location of the affected source code (tag/branch/commit or direct URL)
+- Any special configuration required to reproduce the issue
+- Step-by-step instructions to reproduce the issue
+- Proof-of-concept or exploit code (if possible)
+- Impact of the issue, including how an attacker might exploit the issue
+
+We prefer all communications to be in English.