Compare commits
17 Commits
dipree/org
...
master
Author | SHA1 | Date |
---|---|---|
Zack Koppert | 95e9dcb0b8 | 2 years ago |
Zack Koppert | fdd808d654 | 2 years ago |
Zack Koppert | 6691a0f704 | 2 years ago |
Dinakar | 0a9881173c | 2 years ago |
Ashley Wolf | 0a9f7832a3 | 2 years ago |
Ashley Wolf | 45190ead2a | 2 years ago |
Zack Koppert | 3ba05a7a8e | 2 years ago |
Diana Moore | 1a2a884ebf | 2 years ago |
Ashley Wolf | efa4a30c25 | 2 years ago |
Zack Koppert | 6c51705ae4 | 2 years ago |
Ashley Wolf | 0b9abf27f2 | 2 years ago |
Ashley Wolf | ade2246a24 | 2 years ago |
Ashley Wolf | 5540da0237 | 2 years ago |
Nihaal Sangha | c91f25fc4e | 3 years ago |
Fayas Noushad | 876085dde5 | 3 years ago |
Matthias Wenz | abd807e291 | 3 years ago |
Daniel Adams | fd1446b693 | 3 years ago |
@ -1,5 +1,5 @@
|
|||||||
# .github
|
# .github
|
||||||
|
|
||||||
*Community health files for the @GitHub organization*
|
*Community health files for the [@GitHub](https://github.com/github) organization*
|
||||||
|
|
||||||
For more information, please see the article on [creating a default community health file for your organization](https://help.github.com/en/articles/creating-a-default-community-health-file-for-your-organization).
|
For more information, please see the article on [creating a default community health file for your organization](https://help.github.com/en/articles/creating-a-default-community-health-file-for-your-organization).
|
||||||
|
@ -1,7 +1,31 @@
|
|||||||
# GitHub Security Policy
|
Thanks for helping make GitHub safe for everyone.
|
||||||
|
|
||||||
GitHub's [Bug Bounty program](https://bounty.github.com) rewards researchers for discovering security vulnerabilities in a number of repositories. The full list of projects that are eligible for rewards are [available on our Bug Bounty site](https://bounty.github.com/#scope).
|
## Security
|
||||||
|
|
||||||
If the repository is eligible for rewards, you can submit a report via [HackerOne](https://hackerone.com/github). You can find more useful information in our [rules](https://bounty.github.com/#rules) and [FAQ](https://bounty.github.com/#faqs).
|
GitHub takes the security of our software products and services seriously, including all of the open source code repositories managed through our GitHub organizations, such as [GitHub](https://github.com/GitHub).
|
||||||
|
|
||||||
For repositories not covered by the Bug Bounty program, please open an issue.
|
Even though [open source repositories are outside of the scope of our bug bounty program](https://bounty.github.com/index.html#scope) and therefore not eligible for bounty rewards, we will ensure that your finding gets passed along to the appropriate maintainers for remediation.
|
||||||
|
|
||||||
|
## Reporting Security Issues
|
||||||
|
|
||||||
|
If you believe you have found a security vulnerability in any GitHub-owned repository, please report it to us through coordinated disclosure.
|
||||||
|
|
||||||
|
**Please do not report security vulnerabilities through public GitHub issues, discussions, or pull requests.**
|
||||||
|
|
||||||
|
Instead, please send an email to opensource-security[@]github.com.
|
||||||
|
|
||||||
|
Please include as much of the information listed below as you can to help us better understand and resolve the issue:
|
||||||
|
|
||||||
|
* The type of issue (e.g., buffer overflow, SQL injection, or cross-site scripting)
|
||||||
|
* Full paths of source file(s) related to the manifestation of the issue
|
||||||
|
* The location of the affected source code (tag/branch/commit or direct URL)
|
||||||
|
* Any special configuration required to reproduce the issue
|
||||||
|
* Step-by-step instructions to reproduce the issue
|
||||||
|
* Proof-of-concept or exploit code (if possible)
|
||||||
|
* Impact of the issue, including how an attacker might exploit the issue
|
||||||
|
|
||||||
|
This information will help us triage your report more quickly.
|
||||||
|
|
||||||
|
## Policy
|
||||||
|
|
||||||
|
See [GitHub's Safe Harbor Policy](https://docs.github.com/en/site-policy/security-policies/github-bug-bounty-program-legal-safe-harbor)
|
||||||
|
@ -0,0 +1,70 @@
|
|||||||
|
{
|
||||||
|
"$schema": "https://raw.githubusercontent.com/prototypicalpro/repolinter/master/rulesets/schema.json",
|
||||||
|
"version": 2,
|
||||||
|
"axioms": {},
|
||||||
|
"rules": {
|
||||||
|
"license-file-is-MIT": {
|
||||||
|
"level": "warning",
|
||||||
|
"rule": {
|
||||||
|
"type": "file-contents",
|
||||||
|
"options": {
|
||||||
|
"globsAll": ["LICENSE*", "COPYING*"],
|
||||||
|
"nocase": true,
|
||||||
|
"fail-on-non-existant": true,
|
||||||
|
"content": "MIT License"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"fix": {
|
||||||
|
"type": "file-create",
|
||||||
|
"options": {
|
||||||
|
"file": "LICENSE",
|
||||||
|
"replace": true,
|
||||||
|
"text": { "url": "https://opensource.org/licenses/MIT" }
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"policyInfo": "MIT License is required for code or legal approval for an alternative",
|
||||||
|
"policyUrl": "https://github.com/github/open-source/blob/main/policies/release.md"
|
||||||
|
},
|
||||||
|
"readme-file-exists": {
|
||||||
|
"level": "warning",
|
||||||
|
"rule": {
|
||||||
|
"type": "file-existence",
|
||||||
|
"options": {
|
||||||
|
"globsAny": ["README*"],
|
||||||
|
"nocase": true
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"fix": {
|
||||||
|
"type": "file-create",
|
||||||
|
"options": {
|
||||||
|
"file": "README.md",
|
||||||
|
"text": { "url": "https://raw.githubusercontent.com/newrelic/open-source-tools/master/nerdpacks/oss-template/README.md" }
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"policyInfo": "GitHub requires a README file in all projects. This README should give a general overview of the project, and should point to additional resources (security, contributing, etc.) where developers and users can learn further",
|
||||||
|
"policyUrl": "https://github.com/github/open-source/blob/main/policies/release.md"
|
||||||
|
},
|
||||||
|
"codeowners-file-exists": {
|
||||||
|
"level": "warning",
|
||||||
|
"rule": {
|
||||||
|
"type": "file-existence",
|
||||||
|
"options": {
|
||||||
|
"globsAny": ["CODEOWNERS*", "*/CODEOWNERS*", ".github/CODEOWNERS*"],
|
||||||
|
"nocase": true
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"fix": {
|
||||||
|
"type": "file-create",
|
||||||
|
"options": {
|
||||||
|
"file": "CODEOWNERS",
|
||||||
|
"text": { "url": "https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners" }
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"policyInfo": "GitHub requires a CODEOWNERS file in all projects. This enables GitHub to contact the maintainers in the event it is necessary.",
|
||||||
|
"policyUrl": "https://github.com/github/open-source/blob/main/policies/release.md"
|
||||||
|
},
|
||||||
|
},
|
||||||
|
"formatOptions": {
|
||||||
|
"disclaimer": "🤖*This issue was automatically generated by [repolinter-action](https://github.com/newrelic/repolinter-action), developed by the Open Source and Developer Advocacy team at New Relic.*"
|
||||||
|
}
|
||||||
|
}
|
Loading…
Reference in New Issue