diff --git a/docs/repository.md b/docs/repository.md index 0e89c6cc3c9..7b4811e02f5 100644 --- a/docs/repository.md +++ b/docs/repository.md @@ -6,12 +6,12 @@ it can release a `1.0.0` version. ## Required Files - MUST have a `CHANGELOG.md` updated for every release -- MUST add the [CODE_OF_CONDUCT](CODE_OF_CONDUCT) -- MUST add the [CONTRIBUTING.md](CONTRIBUTING.md) +- MUST add the [templates/CODE_OF_CONDUCT](CODE_OF_CONDUCT) +- MUST add the [templates/CONTRIBUTING.md](CONTRIBUTING.md) - MUST have a `.github/CODEOWNERS` file with at least two currently full-time Splunkers listed - - MUST NOT have any not currently full-time Splunkers listed in `.github/CODEOWNERS` + - MUST NOT have any non-full-time Splunkers listed in `.github/CODEOWNERS` - MUST have an Apache 2.0 `LICENSE` file -- MUST have a `MIGRATING.md` +- SHOULD have a `MIGRATING.md` if applicable - MUST have a `README.md` - MUST have badges on `README.md` with code coverage and build status - SHOULD have badges on `README.md` for other relevant things including artifacts @@ -19,6 +19,8 @@ it can release a `1.0.0` version. - MUST have troubleshooting information in `README.md` - MUST have license information in `README.md` - MUST have a `RELEASE.md` documenting the release process +- MUST add the [templates/SECURITY.md](SECURITY.md) +- SHOULD add dependabot information to SECURITY.md if applicable ## Required Configuration diff --git a/docs/CODE_OF_CONDUCT.md b/docs/templates/CODE_OF_CONDUCT.md similarity index 100% rename from docs/CODE_OF_CONDUCT.md rename to docs/templates/CODE_OF_CONDUCT.md diff --git a/docs/CONTRIBUTING.md b/docs/templates/CONTRIBUTING.md similarity index 100% rename from docs/CONTRIBUTING.md rename to docs/templates/CONTRIBUTING.md diff --git a/docs/templates/SECURITY.md b/docs/templates/SECURITY.md new file mode 100644 index 00000000000..b6b5f162d26 --- /dev/null +++ b/docs/templates/SECURITY.md @@ -0,0 +1,7 @@ +# Security + +## Reporting Security Issues + +Please *DO NOT* report security vulnerabilities with public GitHub issue +reports. Please [report security issues here]( +https://www.splunk.com/en_us/product-security/report.html).