diff --git a/.github/CONTRIBUTING.md b/.github/CONTRIBUTING.md new file mode 100644 index 0000000..380cc09 --- /dev/null +++ b/.github/CONTRIBUTING.md @@ -0,0 +1,29 @@ +Thank you for your interest in contributing to the Security Insights Specification! + +## How to Contribute + +1. [Fork](https://docs.github.com/en/get-started/quickstart/fork-a-repo) the repository to your own GitHub account. +2. Make changes or improvements to the specification document in your forked repository. +3. Create a [Pull Request](https://docs.github.com/en/get-started/quickstart/opening-a-pull-request) with a clear title and description of your changes. + +## Issue Reporting + +If you find issues or inconsistencies in the specification, please [open an issue](https://docs.github.com/en/get-started/quickstart/opening-an-issue) with a detailed description. + +## Review Process + +Our team will review your contributions and provide feedback. Once approved, we'll merge your changes. + +Reach out to us on [Slack](https://openssf.slack.com/messages/security_insights) or join a [community meeting](https://calendar.google.com/calendar?cid=czYzdm9lZmhwNWk5cGZsdGI1cTY3bmdwZXNAZ3JvdXAuY2FsZW5kYXIuZ29vZ2xlLmNvbQ) for the Metrics & Metadata working group. + +## Code of Conduct + +Please adhere to our [Code of Conduct](https://github.com/ossf/.github/CODE_OF_CONDUCT.md) when participating in this project. + +## Licensing + +By contributing, you agree that your contributions will be licensed under the [project's license](LICENSE.md). + +## Thanks! + +Thank you for helping improve the Security Insights Specification! diff --git a/.github/SECURITY.md b/.github/SECURITY.md new file mode 100644 index 0000000..fb6f872 --- /dev/null +++ b/.github/SECURITY.md @@ -0,0 +1,7 @@ +# Reporting Security Issues + +To report a security issue or vulnerability, submit a [private vulnerability report via GitHub](https://github.com/ossf/security-insights-spec/security/advisories/new) to the repository maintainers with a description of the issue, the steps you took to create the issue, affected versions, and, if known, mitigations for the issue. + +Our vulnerability management team will respond within 7 working days of your report. If the issue is confirmed as a vulnerability, we will open a Security Advisory and acknowledge your contributions as part of it. This project follows a 90 day disclosure timeline. + +Other contacts: security@openssf.org \ No newline at end of file diff --git a/specification-details/aliases.md b/specification-details/aliases.md index c3e9129..47f3134 100644 --- a/specification-details/aliases.md +++ b/specification-details/aliases.md @@ -97,13 +97,18 @@ A list of objects describing various release attestations or artifacts. ## Validation Types -- `date` +### `date` + - **Type**: `string` - **Description**: A date in ISO 8601 format (`YYYY-MM-DD`). -- `email` + +### `email` + - **Type**: `string` - **Matches Pattern**: `^[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\\.[A-Za-z]{2,}$` -- `url` + +### `url` + - **Type**: `string` - **Matches Pattern**: `^https?://[^\\s]+$` diff --git a/specification-details/header.md b/specification-details/header.md index a336a2f..ed59ed5 100644 --- a/specification-details/header.md +++ b/specification-details/header.md @@ -46,6 +46,6 @@ The `header` object captures high-level metadata about the schema. --- -[URL]: #url -[Email]: #email -[Date]: #date +[URL]: ./aliases.md#url +[Email]: ./aliases.md#email +[Date]: ./aliases.md#date diff --git a/specification-details/project.md b/specification-details/project.md index 2770801..534c2e8 100644 --- a/specification-details/project.md +++ b/specification-details/project.md @@ -31,7 +31,7 @@ Optional: ## `project.administrators` -- **Type**: `slice` of [contacts] +- **Type**: `slice` of [Contact] - **Description**: A list of individuals who have administrative access to the project's resources. --- @@ -157,4 +157,3 @@ An object containing references to key documentation URLs. [URL]: ./aliases.md#url [Contact]: ./aliases.md#contact -[contacts]: ./aliases.md#contact diff --git a/specification-details/repository.md b/specification-details/repository.md index 15d9da3..18a0eea 100644 --- a/specification-details/repository.md +++ b/specification-details/repository.md @@ -70,7 +70,7 @@ Optional top-level fields: ## `repository.core-team` -- **Type**: `slice` of [contacts] +- **Type**: `slice` of [Contact] - **Description**: A list of core team members for this repository, such as maintainers or approvers. --- @@ -203,7 +203,6 @@ An object describing release-related details for this repository. --- [Assessment]: ./aliases.md#assessment -[contacts]: ./aliases.md#contact [Contact]: ./aliases.md#contact [License]: ./aliases.md#license [Link]: ./aliases.md#link