Compare commits
2 Commits
master
...
dipree/org
Author | SHA1 | Date |
---|---|---|
Daniel Adams | 5ee45c1544 | 3 years ago |
Daniel Adams | 980ed70d9d | 3 years ago |
@ -1,5 +1,5 @@
|
|||||||
# .github
|
# .github
|
||||||
|
|
||||||
*Community health files for the [@GitHub](https://github.com/github) organization*
|
*Community health files for the @GitHub organization*
|
||||||
|
|
||||||
For more information, please see the article on [creating a default community health file for your organization](https://help.github.com/en/articles/creating-a-default-community-health-file-for-your-organization).
|
For more information, please see the article on [creating a default community health file for your organization](https://help.github.com/en/articles/creating-a-default-community-health-file-for-your-organization).
|
||||||
|
@ -1,31 +1,7 @@
|
|||||||
Thanks for helping make GitHub safe for everyone.
|
# GitHub Security Policy
|
||||||
|
|
||||||
## Security
|
GitHub's [Bug Bounty program](https://bounty.github.com) rewards researchers for discovering security vulnerabilities in a number of repositories. The full list of projects that are eligible for rewards are [available on our Bug Bounty site](https://bounty.github.com/#scope).
|
||||||
|
|
||||||
GitHub takes the security of our software products and services seriously, including all of the open source code repositories managed through our GitHub organizations, such as [GitHub](https://github.com/GitHub).
|
If the repository is eligible for rewards, you can submit a report via [HackerOne](https://hackerone.com/github). You can find more useful information in our [rules](https://bounty.github.com/#rules) and [FAQ](https://bounty.github.com/#faqs).
|
||||||
|
|
||||||
Even though [open source repositories are outside of the scope of our bug bounty program](https://bounty.github.com/index.html#scope) and therefore not eligible for bounty rewards, we will ensure that your finding gets passed along to the appropriate maintainers for remediation.
|
For repositories not covered by the Bug Bounty program, please open an issue.
|
||||||
|
|
||||||
## Reporting Security Issues
|
|
||||||
|
|
||||||
If you believe you have found a security vulnerability in any GitHub-owned repository, please report it to us through coordinated disclosure.
|
|
||||||
|
|
||||||
**Please do not report security vulnerabilities through public GitHub issues, discussions, or pull requests.**
|
|
||||||
|
|
||||||
Instead, please send an email to opensource-security[@]github.com.
|
|
||||||
|
|
||||||
Please include as much of the information listed below as you can to help us better understand and resolve the issue:
|
|
||||||
|
|
||||||
* The type of issue (e.g., buffer overflow, SQL injection, or cross-site scripting)
|
|
||||||
* Full paths of source file(s) related to the manifestation of the issue
|
|
||||||
* The location of the affected source code (tag/branch/commit or direct URL)
|
|
||||||
* Any special configuration required to reproduce the issue
|
|
||||||
* Step-by-step instructions to reproduce the issue
|
|
||||||
* Proof-of-concept or exploit code (if possible)
|
|
||||||
* Impact of the issue, including how an attacker might exploit the issue
|
|
||||||
|
|
||||||
This information will help us triage your report more quickly.
|
|
||||||
|
|
||||||
## Policy
|
|
||||||
|
|
||||||
See [GitHub's Safe Harbor Policy](https://docs.github.com/en/site-policy/security-policies/github-bug-bounty-program-legal-safe-harbor)
|
|
||||||
|
@ -1,70 +0,0 @@
|
|||||||
{
|
|
||||||
"$schema": "https://raw.githubusercontent.com/prototypicalpro/repolinter/master/rulesets/schema.json",
|
|
||||||
"version": 2,
|
|
||||||
"axioms": {},
|
|
||||||
"rules": {
|
|
||||||
"license-file-is-MIT": {
|
|
||||||
"level": "warning",
|
|
||||||
"rule": {
|
|
||||||
"type": "file-contents",
|
|
||||||
"options": {
|
|
||||||
"globsAll": ["LICENSE*", "COPYING*"],
|
|
||||||
"nocase": true,
|
|
||||||
"fail-on-non-existant": true,
|
|
||||||
"content": "MIT License"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"fix": {
|
|
||||||
"type": "file-create",
|
|
||||||
"options": {
|
|
||||||
"file": "LICENSE",
|
|
||||||
"replace": true,
|
|
||||||
"text": { "url": "https://opensource.org/licenses/MIT" }
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"policyInfo": "MIT License is required for code or legal approval for an alternative",
|
|
||||||
"policyUrl": "https://github.com/github/open-source/blob/main/policies/release.md"
|
|
||||||
},
|
|
||||||
"readme-file-exists": {
|
|
||||||
"level": "warning",
|
|
||||||
"rule": {
|
|
||||||
"type": "file-existence",
|
|
||||||
"options": {
|
|
||||||
"globsAny": ["README*"],
|
|
||||||
"nocase": true
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"fix": {
|
|
||||||
"type": "file-create",
|
|
||||||
"options": {
|
|
||||||
"file": "README.md",
|
|
||||||
"text": { "url": "https://raw.githubusercontent.com/newrelic/open-source-tools/master/nerdpacks/oss-template/README.md" }
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"policyInfo": "GitHub requires a README file in all projects. This README should give a general overview of the project, and should point to additional resources (security, contributing, etc.) where developers and users can learn further",
|
|
||||||
"policyUrl": "https://github.com/github/open-source/blob/main/policies/release.md"
|
|
||||||
},
|
|
||||||
"codeowners-file-exists": {
|
|
||||||
"level": "warning",
|
|
||||||
"rule": {
|
|
||||||
"type": "file-existence",
|
|
||||||
"options": {
|
|
||||||
"globsAny": ["CODEOWNERS*", "*/CODEOWNERS*", ".github/CODEOWNERS*"],
|
|
||||||
"nocase": true
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"fix": {
|
|
||||||
"type": "file-create",
|
|
||||||
"options": {
|
|
||||||
"file": "CODEOWNERS",
|
|
||||||
"text": { "url": "https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners" }
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"policyInfo": "GitHub requires a CODEOWNERS file in all projects. This enables GitHub to contact the maintainers in the event it is necessary.",
|
|
||||||
"policyUrl": "https://github.com/github/open-source/blob/main/policies/release.md"
|
|
||||||
},
|
|
||||||
},
|
|
||||||
"formatOptions": {
|
|
||||||
"disclaimer": "🤖*This issue was automatically generated by [repolinter-action](https://github.com/newrelic/repolinter-action), developed by the Open Source and Developer Advocacy team at New Relic.*"
|
|
||||||
}
|
|
||||||
}
|
|
Loading…
Reference in New Issue