Skip to content

Commit 613e7cf

Browse files
LesiaChabanLesiaChaban
authored
Docs updates according to OGHO requirements
According to OGHO requirements all Oracle GitHub Enterprise repos should have SECURITY.md, LICENSE.txt, CONTRIBUTIND.md and README.md files. This PR adds SECURITY.md , CONTRIBUTING.md files (recommended by Global Product Security Team) to the repo, references to SECURITY.md and CONTRIBUTIND.md files to the README.md.
1 parent ca20efe commit 613e7cf

File tree

2 files changed

+95
-0
lines changed

2 files changed

+95
-0
lines changed

CONTRIBUTING.md

Lines changed: 57 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,57 @@
1+
*Detailed instructions on how to contribute to the project, if applicable. Must include section about Oracle Contributor Agreement with link and instructions*
2+
3+
# Contributing to this repository
4+
5+
We welcome your contributions! There are multiple ways to contribute.
6+
7+
## Opening issues
8+
9+
For bugs or enhancement requests, please file a GitHub issue unless it's
10+
security related. When filing a bug remember that the better written the bug is,
11+
the more likely it is to be fixed. If you think you've found a security
12+
vulnerability, do not raise a GitHub issue and follow the instructions in our
13+
[security policy](./SECURITY.md).
14+
15+
## Contributing code
16+
17+
We welcome your code contributions. Before submitting code via a pull request,
18+
you will need to have signed the [Oracle Contributor Agreement][OCA] (OCA) and
19+
your commits need to include the following line using the name and e-mail
20+
address you used to sign the OCA:
21+
22+
```text
23+
Signed-off-by: Your Name <you@example.org>
24+
```
25+
26+
This can be automatically added to pull requests by committing with `--sign-off`
27+
or `-s`, e.g.
28+
29+
```text
30+
git commit --signoff
31+
```
32+
33+
Only pull requests from committers that can be verified as having signed the OCA
34+
can be accepted.
35+
36+
## Pull request process
37+
38+
1. Ensure there is an issue created to track and discuss the fix or enhancement
39+
you intend to submit.
40+
1. Fork this repository.
41+
1. Create a branch in your fork to implement the changes. We recommend using
42+
the issue number as part of your branch name, e.g. `1234-fixes`.
43+
1. Ensure that any documentation is updated with the changes that are required
44+
by your change.
45+
1. Ensure that any samples are updated if the base image has been changed.
46+
1. Submit the pull request. *Do not leave the pull request blank*. Explain exactly
47+
what your changes are meant to do and provide simple steps on how to validate.
48+
your changes. Ensure that you reference the issue you created as well.
49+
1. We will assign the pull request to 2-3 people for review before it is merged.
50+
51+
## Code of conduct
52+
53+
Follow the [Golden Rule](https://en.wikipedia.org/wiki/Golden_Rule). If you'd
54+
like more specific guidelines, see the [Contributor Covenant Code of Conduct][COC].
55+
56+
[OCA]: https://oca.opensource.oracle.com
57+
[COC]: https://www.contributor-covenant.org/version/1/4/code-of-conduct/

SECURITY.md

Lines changed: 38 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,38 @@
1+
# Reporting security vulnerabilities
2+
3+
Oracle values the independent security research community and believes that
4+
responsible disclosure of security vulnerabilities helps us ensure the security
5+
and privacy of all our users.
6+
7+
Please do NOT raise a GitHub Issue to report a security vulnerability. If you
8+
believe you have found a security vulnerability, please submit a report to
9+
[secalert_us@oracle.com][1] preferably with a proof of concept. Please review
10+
some additional information on [how to report security vulnerabilities to Oracle][2].
11+
We encourage people who contact Oracle Security to use email encryption using
12+
[our encryption key][3].
13+
14+
We ask that you do not use other channels or contact the project maintainers
15+
directly.
16+
17+
Non-vulnerability related security issues including ideas for new or improved
18+
security features are welcome on GitHub Issues.
19+
20+
## Security updates, alerts and bulletins
21+
22+
Security updates will be released on a regular cadence. Many of our projects
23+
will typically release security fixes in conjunction with the
24+
Oracle Critical Patch Update program. Additional
25+
information, including past advisories, is available on our [security alerts][4]
26+
page.
27+
28+
## Security-related information
29+
30+
We will provide security related information such as a threat model, considerations
31+
for secure use, or any known security issues in our documentation. Please note
32+
that labs and sample code are intended to demonstrate a concept and may not be
33+
sufficiently hardened for production use.
34+
35+
[1]: mailto:secalert_us@oracle.com
36+
[2]: https://www.oracle.com/corporate/security-practices/assurance/vulnerability/reporting.html
37+
[3]: https://www.oracle.com/security-alerts/encryptionkey.html
38+
[4]: https://www.oracle.com/security-alerts/

0 commit comments

Comments
 (0)