From 74edc49741027d91c4b0266c70f3cd070bb894d4 Mon Sep 17 00:00:00 2001 From: JulianHayward Date: Fri, 16 Aug 2024 08:46:38 +0200 Subject: [PATCH] security & contribution guide --- SECURITY.md | 17 ++++++++++++++--- contributionGuide.md | 21 +++++++++++---------- 2 files changed, 25 insertions(+), 13 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index 07d19aff..6725e37f 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -1,11 +1,22 @@ # Security Policy +This document outlines security procedures for the Azure Governance Visualizer (aka AzGovViz) project. + +We appreciate your dedication to responsible disclosure and will make every effort to acknowledge your contributions. + ## Supported Versions Latest ## Reporting a Vulnerability -Please report (suspected) security vulnerabilities via LinkedIn PN. -If the issue is confirmed, we will release a patch as soon -as possible depending on complexity. \ No newline at end of file +We ask that all suspected vulnerabilities be privately and responsibly disclosed via [LinkedIn PN](https://www.linkedin.com/in/julianhayward/). + +Here are some helpful details to include in your report: + +- a detailed description of the issue +- the steps required to reproduce the issue +- versions of the project that may be affected by the issue +- if known, any mitigations for the issue + +If the issue is confirmed, we will release a patch as soon as possible likely within 1 day to 30 days depending on complexity. \ No newline at end of file diff --git a/contributionGuide.md b/contributionGuide.md index 4f15edee..5fff9626 100644 --- a/contributionGuide.md +++ b/contributionGuide.md @@ -1,18 +1,19 @@ # Contribution guide 1. Fork the repository. -1. Change you working directory to `.\Azure-MG-Sub-Governance-Reporting`. -1. In the folder `.\pwsh\dev` find the function you intend to work on and apply your changes. -1. Edit the file `.\pwsh\dev\devAzGovVizParallel.ps1`. +2. Create a branch. +3. Change you working directory to `.\Azure-MG-Sub-Governance-Reporting`. +4. In the folder `.\pwsh\dev` find the function you intend to work on and apply your changes. +5. Edit the file `.\pwsh\dev\devAzGovVizParallel.ps1`. - In the param block update the parameter variable `$ProductVersion` accordingly. - Note: Do not change anything else in this file if you did not introduce new functions! -1. Execute `.\pwsh\dev\buildAzGovVizParallel.ps1` - This step will rebuilt the main `.\pwsh\AzGovVizParallel.ps1` file, incorporating all changes you did in the `.\pwsh\dev` directory. -1. Edit the file `.\README.md`. +6. Execute `.\pwsh\dev\buildAzGovVizParallel.ps1` - This step will rebuild the main `.\pwsh\AzGovVizParallel.ps1` file, incorporating all changes you did in the `.\pwsh\dev` directory. +7. Edit the file `.\README.md`. - Update the region `Release history`, replace the changes from the previous release with your changes. -1. Edit the file `.\history.md`. +8. Edit the file `.\history.md`. - Copy over text for the change description you just did for the `.\README.md`. -1. Execute the newly created AzGovViz version to test if it completes successfully by running `.\pwsh\AzGovVizParallel.ps1 -ShowRunIdentifier`. +9. Execute the newly created AzGovViz version to test if it completes successfully by running `.\pwsh\AzGovVizParallel.ps1 -ShowRunIdentifier`. - From the very last line of the output copy the __run identifier__, you'll need that when you open your pull request. -1. Commit your changes. -1. Create a pull request - - Provide the __run identifier__ in the pull request as a proof of successful test +10. Commit your changes. +11. Create a pull request. + - Provide the __run identifier__ in the pull request as a proof of successful test. \ No newline at end of file