Compare commits
17 Commits
dipree/org
...
master
Author | SHA1 | Date |
---|---|---|
Zack Koppert | 95e9dcb0b8 | 2 years ago |
Zack Koppert | fdd808d654 | 2 years ago |
Zack Koppert | 6691a0f704 | 2 years ago |
Dinakar | 0a9881173c | 2 years ago |
Ashley Wolf | 0a9f7832a3 | 2 years ago |
Ashley Wolf | 45190ead2a | 2 years ago |
Zack Koppert | 3ba05a7a8e | 2 years ago |
Diana Moore | 1a2a884ebf | 2 years ago |
Ashley Wolf | efa4a30c25 | 2 years ago |
Zack Koppert | 6c51705ae4 | 2 years ago |
Ashley Wolf | 0b9abf27f2 | 2 years ago |
Ashley Wolf | ade2246a24 | 2 years ago |
Ashley Wolf | 5540da0237 | 2 years ago |
Nihaal Sangha | c91f25fc4e | 3 years ago |
Fayas Noushad | 876085dde5 | 3 years ago |
Matthias Wenz | abd807e291 | 3 years ago |
Daniel Adams | fd1446b693 | 3 years ago |
@ -1,5 +1,5 @@
|
||||
# .github
|
||||
|
||||
*Community health files for the @GitHub organization*
|
||||
*Community health files for the [@GitHub](https://github.com/github) organization*
|
||||
|
||||
For more information, please see the article on [creating a default community health file for your organization](https://help.github.com/en/articles/creating-a-default-community-health-file-for-your-organization).
|
||||
|
@ -1,7 +1,31 @@
|
||||
# GitHub Security Policy
|
||||
Thanks for helping make GitHub safe for everyone.
|
||||
|
||||
GitHub's [Bug Bounty program](https://bounty.github.com) rewards researchers for discovering security vulnerabilities in a number of repositories. The full list of projects that are eligible for rewards are [available on our Bug Bounty site](https://bounty.github.com/#scope).
|
||||
## Security
|
||||
|
||||
If the repository is eligible for rewards, you can submit a report via [HackerOne](https://hackerone.com/github). You can find more useful information in our [rules](https://bounty.github.com/#rules) and [FAQ](https://bounty.github.com/#faqs).
|
||||
GitHub takes the security of our software products and services seriously, including all of the open source code repositories managed through our GitHub organizations, such as [GitHub](https://github.com/GitHub).
|
||||
|
||||
For repositories not covered by the Bug Bounty program, please open an issue.
|
||||
Even though [open source repositories are outside of the scope of our bug bounty program](https://bounty.github.com/index.html#scope) and therefore not eligible for bounty rewards, we will ensure that your finding gets passed along to the appropriate maintainers for remediation.
|
||||
|
||||
## Reporting Security Issues
|
||||
|
||||
If you believe you have found a security vulnerability in any GitHub-owned repository, please report it to us through coordinated disclosure.
|
||||
|
||||
**Please do not report security vulnerabilities through public GitHub issues, discussions, or pull requests.**
|
||||
|
||||
Instead, please send an email to opensource-security[@]github.com.
|
||||
|
||||
Please include as much of the information listed below as you can to help us better understand and resolve the issue:
|
||||
|
||||
* The type of issue (e.g., buffer overflow, SQL injection, or cross-site scripting)
|
||||
* Full paths of source file(s) related to the manifestation of the issue
|
||||
* The location of the affected source code (tag/branch/commit or direct URL)
|
||||
* Any special configuration required to reproduce the issue
|
||||
* Step-by-step instructions to reproduce the issue
|
||||
* Proof-of-concept or exploit code (if possible)
|
||||
* Impact of the issue, including how an attacker might exploit the issue
|
||||
|
||||
This information will help us triage your report more quickly.
|
||||
|
||||
## Policy
|
||||
|
||||
See [GitHub's Safe Harbor Policy](https://docs.github.com/en/site-policy/security-policies/github-bug-bounty-program-legal-safe-harbor)
|
||||
|
@ -0,0 +1,70 @@
|
||||
{
|
||||
"$schema": "https://raw.githubusercontent.com/prototypicalpro/repolinter/master/rulesets/schema.json",
|
||||
"version": 2,
|
||||
"axioms": {},
|
||||
"rules": {
|
||||
"license-file-is-MIT": {
|
||||
"level": "warning",
|
||||
"rule": {
|
||||
"type": "file-contents",
|
||||
"options": {
|
||||
"globsAll": ["LICENSE*", "COPYING*"],
|
||||
"nocase": true,
|
||||
"fail-on-non-existant": true,
|
||||
"content": "MIT License"
|
||||
}
|
||||
},
|
||||
"fix": {
|
||||
"type": "file-create",
|
||||
"options": {
|
||||
"file": "LICENSE",
|
||||
"replace": true,
|
||||
"text": { "url": "https://opensource.org/licenses/MIT" }
|
||||
}
|
||||
},
|
||||
"policyInfo": "MIT License is required for code or legal approval for an alternative",
|
||||
"policyUrl": "https://github.com/github/open-source/blob/main/policies/release.md"
|
||||
},
|
||||
"readme-file-exists": {
|
||||
"level": "warning",
|
||||
"rule": {
|
||||
"type": "file-existence",
|
||||
"options": {
|
||||
"globsAny": ["README*"],
|
||||
"nocase": true
|
||||
}
|
||||
},
|
||||
"fix": {
|
||||
"type": "file-create",
|
||||
"options": {
|
||||
"file": "README.md",
|
||||
"text": { "url": "https://raw.githubusercontent.com/newrelic/open-source-tools/master/nerdpacks/oss-template/README.md" }
|
||||
}
|
||||
},
|
||||
"policyInfo": "GitHub requires a README file in all projects. This README should give a general overview of the project, and should point to additional resources (security, contributing, etc.) where developers and users can learn further",
|
||||
"policyUrl": "https://github.com/github/open-source/blob/main/policies/release.md"
|
||||
},
|
||||
"codeowners-file-exists": {
|
||||
"level": "warning",
|
||||
"rule": {
|
||||
"type": "file-existence",
|
||||
"options": {
|
||||
"globsAny": ["CODEOWNERS*", "*/CODEOWNERS*", ".github/CODEOWNERS*"],
|
||||
"nocase": true
|
||||
}
|
||||
},
|
||||
"fix": {
|
||||
"type": "file-create",
|
||||
"options": {
|
||||
"file": "CODEOWNERS",
|
||||
"text": { "url": "https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners" }
|
||||
}
|
||||
},
|
||||
"policyInfo": "GitHub requires a CODEOWNERS file in all projects. This enables GitHub to contact the maintainers in the event it is necessary.",
|
||||
"policyUrl": "https://github.com/github/open-source/blob/main/policies/release.md"
|
||||
},
|
||||
},
|
||||
"formatOptions": {
|
||||
"disclaimer": "🤖*This issue was automatically generated by [repolinter-action](https://github.com/newrelic/repolinter-action), developed by the Open Source and Developer Advocacy team at New Relic.*"
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue