From 48747017e7e0f085fece31165bc01a8c3c268ba2 Mon Sep 17 00:00:00 2001 From: svrnm Date: Thu, 5 Dec 2024 09:09:08 +0100 Subject: [PATCH] Initialize repository Signed-off-by: svrnm --- .github/CODEOWNERS | 1 + .github/ISSUE_TEMPLATE/bug_report.yml | 61 ++++++++++ .github/ISSUE_TEMPLATE/feature_request.yml | 55 +++++++++ .github/dependabot.yml | 12 ++ .github/pull_request_template.md | 28 +++++ .github/workflows/dependency.yml | 31 +++++ .github/workflows/scorecard.yml | 31 +++++ CODE_OF_CONDUCT.md | 132 +++++++++++++++++++++ LICENSE | 28 +++++ README.md | 4 + SECURITY.md | 57 +++++++++ 11 files changed, 440 insertions(+) create mode 100644 .github/CODEOWNERS create mode 100644 .github/ISSUE_TEMPLATE/bug_report.yml create mode 100644 .github/ISSUE_TEMPLATE/feature_request.yml create mode 100644 .github/dependabot.yml create mode 100644 .github/pull_request_template.md create mode 100644 .github/workflows/dependency.yml create mode 100644 .github/workflows/scorecard.yml create mode 100644 CODE_OF_CONDUCT.md create mode 100644 LICENSE create mode 100644 README.md create mode 100644 SECURITY.md diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS new file mode 100644 index 0000000..b02c058 --- /dev/null +++ b/.github/CODEOWNERS @@ -0,0 +1 @@ +* @cisco-open/app-simulator-admins \ No newline at end of file diff --git a/.github/ISSUE_TEMPLATE/bug_report.yml b/.github/ISSUE_TEMPLATE/bug_report.yml new file mode 100644 index 0000000..2d811c4 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/bug_report.yml @@ -0,0 +1,61 @@ +--- +name: Bug Report +description: Report a bug to help us improve. +title: "[Bug]: " +labels: ["bug", "triage"] +body: + - type: markdown + attributes: + value: | + Thanks for taking the time to fill out this bug report! + - type: textarea + id: description + attributes: + label: Bug Description + description: Please provide a description of the problem + validations: + required: true + - type: textarea + id: expected + attributes: + label: Expected Behavior + description: Please describe what you expected would happen + validations: + required: true + - type: dropdown + id: version + attributes: + label: Affected Version + description: | + If applicable, provide the version number or release tag where this + issue was encountered + options: + - v1.0.0 + - v1.0.1 + - v1.0.2 + - v1.0.3 + default: 0 + validations: + required: false + - type: textarea + id: steps + attributes: + label: Steps to Reproduce + description: Please provide all steps to reproduce the behavior + placeholder: | + 1. In this environment... + 1. With this config... + 1. Run `this command`... + 1. See error... + validations: + required: true + - type: checkboxes + id: checklist + attributes: + label: Checklist + description: By submitting this issue, you agree to the following + options: + - label: I have read the [contributing guidelines](/cisco-ospo/oss-template/blob/main/CONTRIBUTING.md) + required: true + - label: I have verified this does not duplicate an existing issue + required: true diff --git a/.github/ISSUE_TEMPLATE/feature_request.yml b/.github/ISSUE_TEMPLATE/feature_request.yml new file mode 100644 index 0000000..74d8bfb --- /dev/null +++ b/.github/ISSUE_TEMPLATE/feature_request.yml @@ -0,0 +1,55 @@ +--- +name: Feature Request +description: Suggest a feature for this project. +title: "[Feature]: " +labels: ["enhancement", "triage"] +body: + - type: markdown + attributes: + value: | + Thanks for taking the time to request a feature or enhancement! + - type: textarea + id: description + attributes: + label: Problem Statement + description: | + Please describe the problem or limitation to be addressed by + the proposed feature + validations: + required: true + - type: textarea + id: solution + attributes: + label: Proposed Solution + description: | + Please describe what you envision the solution to this + problem would look like + validations: + required: true + - type: textarea + id: alternatives + attributes: + label: Alternatives Considered + description: | + Please briefly describe which alternatives, if any, have been + considered, including merits of alternate approaches and any tradeoffs + validations: + required: false + - type: textarea + id: context + attributes: + label: Additional Context + description: Please provide any other information that may be relevant + validations: + required: false + - type: checkboxes + id: checklist + attributes: + label: Checklist + description: By submitting this request, you agree to the following + options: + - label: I have read the [contributing guidelines](/cisco-ospo/oss-template/blob/main/CONTRIBUTING.md) + required: true + - label: | + I have verified this does not duplicate an existing feature request + required: true diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..3cecac4 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,12 @@ +--- +version: 2 +updates: + - package-ecosystem: "github-actions" + directory: "/" + groups: + github: + patterns: + - "actions/*" + - "github/*" + schedule: + interval: "weekly" diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md new file mode 100644 index 0000000..6b17414 --- /dev/null +++ b/.github/pull_request_template.md @@ -0,0 +1,28 @@ +# Description + +Please provide a meaningful description of what this change will do, or is for. +Bonus points for including links to related issues, other PRs, or technical +references. + +Note that by _not_ including a description, you are asking reviewers to do extra +work to understand the context of this change, which may lead to your PR taking +much longer to review, or result in it not being reviewed at all. + +## Type of Change + +- [ ] Bugfix +- [ ] New Feature +- [ ] Breaking Change +- [ ] Refactor +- [ ] Documentation +- [ ] Other (please describe) + +## Checklist + +- [ ] I have read the contributing guidelines +- [ ] Existing issues have been referenced (where applicable) +- [ ] I have verified this change is not present in other open pull requests +- [ ] Functionality is documented +- [ ] All code style checks pass +- [ ] New code contribution is covered by automated tests +- [ ] All new and existing tests pass diff --git a/.github/workflows/dependency.yml b/.github/workflows/dependency.yml new file mode 100644 index 0000000..6d8aa17 --- /dev/null +++ b/.github/workflows/dependency.yml @@ -0,0 +1,31 @@ +--- + name: dependency + + on: + # Review dependencies on pull requests to the default branch + pull_request: + branches: ["main"] + + # Declare default permissions as read-only + permissions: read-all + + jobs: + dependency-review: + runs-on: ubuntu-latest + permissions: + contents: read + pull-requests: write + steps: + - name: 🔒 harden runner + uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1 + with: + egress-policy: audit + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - name: 🔂 dependency review + uses: actions/dependency-review-action@5a2ce3f5b92ee19cbb1541a4984c76d921601d7c # v4.3.4 + with: + fail-on-severity: "high" + deny-licenses: "AGPL-1.0, AGPL-3.0" + comment-summary-in-pr: true + warn-on-openssf-scorecard-level: 3 + \ No newline at end of file diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml new file mode 100644 index 0000000..bc5eb83 --- /dev/null +++ b/.github/workflows/scorecard.yml @@ -0,0 +1,31 @@ +--- + name: scorecard + + on: + push: + branches: + # Run on pushes to default branch + - main + schedule: + # Run weekly on Saturdays + - cron: "30 1 * * 6" + # Run when branch protection rules change + branch_protection_rule: + # Run the workflow manually + workflow_dispatch: + + # Declare default permissions as read-only + permissions: read-all + + jobs: + run-scorecard: + # Call reusable workflow file + uses: cisco-ospo/.github/.github/workflows/_scorecard.yml@main + permissions: + id-token: write + security-events: write + secrets: inherit + with: + # Publish results of Scorecard analysis + publish-results: true + \ No newline at end of file diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md new file mode 100644 index 0000000..bf30955 --- /dev/null +++ b/CODE_OF_CONDUCT.md @@ -0,0 +1,132 @@ +# Contributor Covenant Code of Conduct + +## Our Pledge + +We as members, contributors, and leaders pledge to make participation in our +community a harassment-free experience for everyone, regardless of age, body +size, visible or invisible disability, ethnicity, sex characteristics, gender +identity and expression, level of experience, education, socio-economic status, +nationality, personal appearance, race, caste, color, religion, or sexual +identity and orientation. + +We pledge to act and interact in ways that contribute to an open, welcoming, +diverse, inclusive, and healthy community. + +## Our Standards + +Examples of behavior that contributes to a positive environment for our +community include: + +* Demonstrating empathy and kindness toward other people +* Being respectful of differing opinions, viewpoints, and experiences +* Giving and gracefully accepting constructive feedback +* Accepting responsibility and apologizing to those affected by our mistakes, + and learning from the experience +* Focusing on what is best not just for us as individuals, but for the overall + community + +Examples of unacceptable behavior include: + +* The use of sexualized language or imagery, and sexual attention or advances of + any kind +* Trolling, insulting or derogatory comments, and personal or political attacks +* Public or private harassment +* Publishing others' private information, such as a physical or email address, + without their explicit permission +* Other conduct which could reasonably be considered inappropriate in a + professional setting + +## Enforcement Responsibilities + +Community leaders are responsible for clarifying and enforcing our standards of +acceptable behavior and will take appropriate and fair corrective action in +response to any behavior that they deem inappropriate, threatening, offensive, +or harmful. + +Community leaders have the right and responsibility to remove, edit, or reject +comments, commits, code, wiki edits, issues, and other contributions that are +not aligned to this Code of Conduct, and will communicate reasons for moderation +decisions when appropriate. + +## Scope + +This Code of Conduct applies within all community spaces, and also applies when +an individual is officially representing the community in public spaces. +Examples of representing our community include using an official email address, +posting via an official social media account, or acting as an appointed +representative at an online or offline event. + +## Enforcement + +Instances of abusive, harassing, or otherwise unacceptable behavior may be +reported to the community leaders responsible for enforcement at +[oss-conduct@cisco.com](mailto:oss-conduct@cisco.com). All complaints will be reviewed and investigated +promptly and fairly. + +All community leaders are obligated to respect the privacy and security of the +reporter of any incident. + +## Enforcement Guidelines + +Community leaders will follow these Community Impact Guidelines in determining +the consequences for any action they deem in violation of this Code of Conduct: + +### 1. Correction + +**Community Impact**: Use of inappropriate language or other behavior deemed +unprofessional or unwelcome in the community. + +**Consequence**: A private, written warning from community leaders, providing +clarity around the nature of the violation and an explanation of why the +behavior was inappropriate. A public apology may be requested. + +### 2. Warning + +**Community Impact**: A violation through a single incident or series of +actions. + +**Consequence**: A warning with consequences for continued behavior. No +interaction with the people involved, including unsolicited interaction with +those enforcing the Code of Conduct, for a specified period of time. This +includes avoiding interactions in community spaces as well as external channels +like social media. Violating these terms may lead to a temporary or permanent +ban. + +### 3. Temporary Ban + +**Community Impact**: A serious violation of community standards, including +sustained inappropriate behavior. + +**Consequence**: A temporary ban from any sort of interaction or public +communication with the community for a specified period of time. No public or +private interaction with the people involved, including unsolicited interaction +with those enforcing the Code of Conduct, is allowed during this period. +Violating these terms may lead to a permanent ban. + +### 4. Permanent Ban + +**Community Impact**: Demonstrating a pattern of violation of community +standards, including sustained inappropriate behavior, harassment of an +individual, or aggression toward or disparagement of classes of individuals. + +**Consequence**: A permanent ban from any sort of public interaction within the +community. + +## Attribution + +This Code of Conduct is adapted from the [Contributor Covenant][homepage], +version 2.1, available at +[https://www.contributor-covenant.org/version/2/1/code_of_conduct.html][v2.1]. + +Community Impact Guidelines were inspired by [Mozilla's code of conduct +enforcement ladder][Mozilla CoC]. + +For answers to common questions about this code of conduct, see the FAQ at +[https://www.contributor-covenant.org/faq][FAQ]. Translations are available at +[https://www.contributor-covenant.org/translations][translations]. + +[homepage]: https://www.contributor-covenant.org +[v2.1]: https://www.contributor-covenant.org/version/2/1/code_of_conduct.html +[Mozilla CoC]: https://github.com/mozilla/diversity +[FAQ]: https://www.contributor-covenant.org/faq +[translations]: https://www.contributor-covenant.org/translations diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..62f38aa --- /dev/null +++ b/LICENSE @@ -0,0 +1,28 @@ +BSD 3-Clause License + +Copyright (c) 2024, Cisco Systems, Inc. and its affiliates + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + +* Redistributions of source code must retain the above copyright notice, this + list of conditions and the following disclaimer. + +* Redistributions in binary form must reproduce the above copyright notice, + this list of conditions and the following disclaimer in the documentation + and/or other materials provided with the distribution. + +* Neither the name of the copyright holder nor the names of its + contributors may be used to endorse or promote products derived from + this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" +AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. \ No newline at end of file diff --git a/README.md b/README.md new file mode 100644 index 0000000..80a8e9f --- /dev/null +++ b/README.md @@ -0,0 +1,4 @@ +# Application Simulator + +[![Contributor-Covenant](https://img.shields.io/badge/Contributor%20Covenant-2.1-fbab2c.svg)](CODE_OF_CONDUCT.md) +[![Maintainer](https://img.shields.io/badge/Maintainer-Cisco-00bceb.svg)](https://opensource.cisco.com) \ No newline at end of file diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..1846a96 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,57 @@ +# Security Policies and Procedures + +This document outlines security procedures and general policies for the +`app-simulator` project. + +- [Disclosing a security issue](#disclosing-a-security-issue) +- [Vulnerability management](#vulnerability-management) +- [Suggesting changes](#suggesting-changes) + +## Disclosing a security issue + +The `app-simulator` maintainers take all security issues in the project +seriously. Thank you for improving the security of `app-simulator`. We +appreciate your dedication to responsible disclosure and will make every effort +to acknowledge your contributions. + +`app-simulator` leverages GitHub's private vulnerability reporting. + +To learn more about this feature and how to submit a vulnerability report, +review [GitHub's documentation on private reporting](https://docs.github.com/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/privately-reporting-a-security-vulnerability). + +Here are some helpful details to include in your report: + +- a detailed description of the issue +- the steps required to reproduce the issue +- versions of the project that may be affected by the issue +- if known, any mitigations for the issue + +A maintainer will acknowledge the report within three (3) business days, and +will send a more detailed response within an additional three (3) business days +indicating the next steps in handling your report. + +If you've been unable to successfully draft a vulnerability report via GitHub +or have not received a response during the alloted response window, please +reach out via the [Cisco Open security contact email](mailto:oss-security@cisco.com). + +After the initial reply to your report, the maintainers will endeavor to keep +you informed of the progress towards a fix and full announcement, and may ask +for additional information or guidance. + +## Vulnerability management + +When the maintainers receive a disclosure report, they will assign it to a +primary handler. + +This person will coordinate the fix and release process, which involves the +following steps: + +- confirming the issue +- determining affected versions of the project +- auditing code to find any potential similar problems +- preparing fixes for all releases under maintenance + +## Suggesting changes + +If you have suggestions on how this process could be improved please submit an +issue or pull request.