From aec717d65ab9128cd32625fb0e21a28c13a16cb7 Mon Sep 17 00:00:00 2001 From: Isaac Milarsky Date: Tue, 11 Feb 2025 11:22:47 -0600 Subject: [PATCH] changes based on repolinter output --- CONTRIBUTING.md | 70 +++++++++++++++++++++++++++++++++++++++++++++++++ README.md | 11 ++++++++ 2 files changed, 81 insertions(+) create mode 100644 CONTRIBUTING.md diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100644 index 0000000..b218476 --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1,70 @@ +# Contributing Guidelines + + + We're so thankful you're considering contributing to an [open source project of the U.S. government](https://code.gov/)! If you're unsure about anything, just ask -- or submit the issue or pull request anyway. The worst that can happen is you'll be politely asked to change something. We appreciate all friendly contributions. + + We encourage you to read this project's CONTRIBUTING policy (you are here), its [LICENSE](LICENSE.md), and its [README](README.md). + + ## Getting Started + + + ### Building Dependencies + + + ### Building the Project + + + ### Workflow and Branching + + + ### Testing Conventions + + + ### Coding Style and Linters + + + ### Writing Issues + + + ## Documentation + + + ## Policies + + ### Open Source Policy +We adhere to the [CMS Open Source Policy](https://github.com/CMSGov/cms-open-source-policy). If you have any questions, just [shoot us an email](mailto:opensource@cms.hhs.gov). + + ### Security and Responsible Disclosure Policy +*Submit a vulnerability:* Vulnerability reports can be submitted through [Bugcrowd](https://bugcrowd.com/cms-vdp). Reports may be submitted anonymously. If you share contact information, we will acknowledge receipt of your report within 3 business days. + For more information about our Security, Vulnerability, and Responsible Disclosure Policies, see [SECURITY.md](SECURITY.md). + + ## Public Domain +This project is in the public domain within the United States, and copyright and related rights in the work worldwide are waived through the [CC0 1.0 Universal public domain dedication](https://creativecommons.org/publicdomain/zero/1.0/) as indicated in [LICENSE](LICENSE). + All contributions to this project will be released under the CC0 dedication. By submitting a pull request or issue, you are agreeing to comply with this waiver of copyright interest. diff --git a/README.md b/README.md index 1431487..643db7e 100644 --- a/README.md +++ b/README.md @@ -74,3 +74,14 @@ dedication](https://creativecommons.org/publicdomain/zero/1.0/) as indicated in All contributions to this project will be released under the CC0 dedication. By submitting a pull request or issue, you are agreeing to comply with this waiver of copyright interest. + + ## About the Project + + + ## Core Team +An up-to-date list of core team members can be found in [MAINTAINERS.md](MAINTAINERS.md). At this time, the project is still building the core team and defining roles and responsibilities. We are eagerly seeking individuals who would like to join the community and help us define and fill these roles. + + ### Software Bill of Materials (SBOM) +A Software Bill of Materials (SBOM) is a formal record containing the details and supply chain relationships of various components used in building software. +In the spirit of [Executive Order 14028 - Improving the Nation's Cyber Security](https://www.gsa.gov/technology/it-contract-vehicles-and-purchasing-programs/information-technology-category/it-security/executive-order-14028), a SBOM for this repository is provided here: https://github.com/{repo_org}/{repo_name}/network/dependencies. +For more information and resources about SBOMs, visit: https://www.cisa.gov/sbom. \ No newline at end of file