Update documentation references

Signed-off-by: Emmanuel Ferdman <emmanuelferdman@gmail.com>

CONTRIBUTING.md

@@ -167,7 +167,7 @@ We also release the software as open source software so others can review it.
 Since early detection and impact reduction can never be perfect, we also try to
 detect and repair problems during deployment as quickly as possible.
 This is *especially* true for security issues; see our
-[security information](docs/security.md) for more.
+[security information](docs/assurance-case.md) for more.
 
 ### No trailing whitespace
 
@@ -499,7 +499,7 @@ and ensure that third parties can't use interactions for tracking.
 When sending an email to an existing account, use the original account
 email not the claimed email address sent now; for why, see
 [Hacking GitHub with Unicode's dotless 'i'](https://eng.getwisdom.io/hacking-github-with-unicode-dotless-i/).
-For more about security, see [security](docs/security.md).
+For more about security, see [security](docs/assurance-case.md).
 
 We want the software to have decent performance for typical users.
 [Our goal is interaction in 1 second or less after making a request](https://developers.google.com/web/fundamentals/performance/rail).
@@ -925,7 +925,7 @@ make the update work.
 
 Specially check any update of nokogiri or loofah;
 we specially analyze those to prevent vulnerabilities in our
-[security assurance case](./docs/security.md).
+[security assurance case](./docs/assurance-case.md).
 
 #### Updating Ruby (and handling Ruby updates)
 

Gemfile

@@ -152,7 +152,7 @@ group :development do
   # this also keeps some gems happy that don't realize that loading
   # only *parts* of Rails is fine:
   gem 'rails', '~> 7.0.8' # Rails (our web framework)
-  # To update the translation gem, see the process docs in doc/testing.md
+  # To update the translation gem, see the process docs in docs/testing.md
   gem 'translation', '1.37' # translation.io - translation service
   gem 'web-console' # In-browser debugger; use <% console %> or console
 end

config/locales/en.yml

@@ -2293,7 +2293,7 @@ en:
           to list secure design principles (such as Saltzer and
           Schroeer) and common implementation security weaknesses
           (such as the OWASP top 10 or CWE/SANS top 25), and show
-          how each are countered. The <a href="https://github.com/coreinfrastructure/best-practices-badge/blob/master/doc/security.md">BadgeApp
+          how each are countered. The <a href="https://github.com/coreinfrastructure/best-practices-badge/blob/main/docs/assurance-case.md">BadgeApp
           assurance case</a> may be a useful example. This is
           related to documentation_security, documentation_architecture,
           and implement_secure_design.

config/locales/translation.de.yml

@@ -2717,7 +2717,7 @@ de:
           (wie Saltzer und Schroeer) und gemeinsame Implementierungssicherheitsschwächen
           (wie die OWASP Top 10 oder CWE/SANS Top 25) aufzurufen
           und zu zeigen, wie diesen entgegengewirkt wird. Die
-          <a href="https://github.com/coreinfrastructure/best-practices-badge/blob/master/doc/security.md">
+          <a href="https://github.com/coreinfrastructure/best-practices-badge/blob/main/docs/assurance-case.md">
           BadgeApp Assurance Case </a> kann ein nützliches Beispiel
           sein. Dies bezieht sich auf documentation_security,
           documentation_architecture und implement_secure_design.

config/locales/translation.es.yml

@@ -96,7 +96,7 @@ es:
       p2_html: >-
         Más información acerca del programa que
         confiere la insignia de Mejores Prácticas, incluyendo
-        sus antecedentes y <a href='https://github.com/coreinfrastructure/best-practices-badge/blob/master/doc/criteria.md'>criterios</a>
+        sus antecedentes y <a href='https://github.com/coreinfrastructure/best-practices-badge/blob/main/docs/criteria.md'>criterios</a>
         aplicables se puede encontrar en <a href='https://github.com/coreinfrastructure/best-practices-badge'>GitHub</a>.
         <a href="/es/project_stats">Las estad&iacute;sticas del
         proyecto</a> y las <a href="/es/criteria_stats">estad&iacute;sticas

config/locales/translation.fr.yml

@@ -2841,7 +2841,7 @@ fr:
           de conception sécurisés (tels que Saltzer et Schroeer)
           et des faiblesses de sécurité courantes de l'implémentation
           (comme le OWASP top 10 ou le CWE/SANS top 25) et de
-          montrer comment chacun est contré. L'<a href="https://github.com/coreinfrastructure/best-practices-badge/blob/master/doc/security.md">analyse
+          montrer comment chacun est contré. L'<a href="https://github.com/coreinfrastructure/best-practices-badge/blob/main/docs/assurance-case.md">analyse
           de fiabilité de BadgeApp</a> peut être un exemple utile.
           Ceci est lié à documentation_security, documentation_architecture
           et implement_secure_design.

config/locales/translation.ja.yml

@@ -1392,7 +1392,7 @@ ja:
           href="https://www.nist.gov/publications/software-assurance-using-structured-assurance-case-models">「構造化された保証ケースモデルを使用したソフトウェア保証」、Thomas
           Rhodes他、NIST Interagency Report 7608 </a>）。信頼境界は、データまたは実行がその信頼レベル、例えば、典型的なウェブアプリケーションにおけるサーバの境界、を変更する境界である。安全な設計原則（SaltzerやSchroeerなど）と一般的な実装セキュリティの弱点（OWASPトップ10やCWE
           / SANSトップ25など）をリストし、それぞれがどのように対抗しているかを示すのは一般的です。 <a
-          href="https://github.com/coreinfrastructure/best-practices-badge/blob/master/doc/security.md">
+          href="https://github.com/coreinfrastructure/best-practices-badge/blob/main/docs/assurance-case.md">
           BadgeAppの保証ケース</a>は良い参考例になるかもしれません。これは、documentation_security、documentation_architecture、およびimplement_secure_designに関連しています。
       achieve_passing:
         description: プロジェクトは合格レベルバッジに達成しなければなりません。

config/locales/translation.ru.yml

@@ -143,7 +143,7 @@ ru:
       p2_html: >-
         Более подробную информацию о программе значков OpenSSF
         "Передовая практика", в том числе о происхождении программы
-        и <a href='https://github.com/coreinfrastructure/best-practices-badge/blob/master/doc/criteria.md'>критериях</a>,
+        и <a href='https://github.com/coreinfrastructure/best-practices-badge/blob/main/docs/criteria.md'>критериях</a>,
         можно найти на <a href='https://github.com/coreinfrastructure/best-practices-badge'>странице
         проекта на GitHub</a>. Имеются <a href="/ru/project_stats">проектная
         статистика</a> и <a href="/ru/criteria_stats">статистика
@@ -2195,7 +2195,7 @@ ru:
           and Schroeer) и общие слабости безопасности в реализации
           (такие как OWASP Top 10 или CWE/SANS Top 25), и показывают,
           как противодействовать каждой из них. Полезным примером
-          может служить <a href="https://github.com/coreinfrastructure/best-practices-badge/blob/master/doc/security.md">BadgeApp
+          может служить <a href="https://github.com/coreinfrastructure/best-practices-badge/blob/main/docs/assurance-case.md">BadgeApp
           assurance case</a>. Этот критерий связан с documentation_security,
           documentation_architecture и implement_secure_design.
       documentation_current:

config/locales/translation.zh-CN.yml

@@ -1162,7 +1162,7 @@ zh-CN:
           一个保证案例是“一个文献记录的证据体系，提供了一个有说服力和有效的论据，指出一组关于系统属性的关键权利要求在给定环境中给定应用程序是充分合理的”（<a
           href ="http://nvlpubs.nist.gov/nistpubs/ir/2009/ir7608.pdf">使用结构化保证案例模型的软件保证，Thomas
           Rhodes等人，NIST机构间报告7608）。信任边界是数据或执行改变其信任级别的边界，例如，典型Web应用程序中的服务器边界。常见做法是列出安全设计原则（例如Saltzer和Schroeer）和常见的实施安全漏洞（例如OWASP前10名或CWE
-          / SANS前25名），并显示每个方案如何抵御。 <a href="https://github.com/coreinfrastructure/best-practices-badge/blob/master/doc/security.md">
+          / SANS前25名），并显示每个方案如何抵御。 <a href="https://github.com/coreinfrastructure/best-practices-badge/blob/main/docs/assurance-case.md">
           BadgeApp保证案例</a>可能是一个有用的例子。本条款与documentation_security，documentation_architecture和implement_secure_design等条款有关。
       achieve_passing:
         description: 项目必须拥有通过徽章。
@@ -1267,7 +1267,7 @@ zh-CN:
       p2_html: |-
         关于OpenSSF 最佳实践徽章计划的更多信息，
         包括背景以及
-        <a href='https://github.com/coreinfrastructure/best-practices-badge/blob/master/doc/criteria.md'>标准</a>, 可以访问
+        <a href='https://github.com/coreinfrastructure/best-practices-badge/blob/main/docs/criteria.md'>标准</a>, 可以访问
         <a href='https://github.com/coreinfrastructure/best-practices-badge'>GitHub 项目</a>.
         <a href="/zh-CN/project_stats">项目统计数据</a> 和
         <a href="/zh-CN/criteria_stats">标准统计数据</a> 也同时提供。

docs/api.md

@@ -298,7 +298,7 @@ list of projects in the requested format. The "as" parameter changes this:
     is shown instead.
 
 See
-[app/controllers/projects\_controller.rb](https://github.com/coreinfrastructure/best-practices-badge/blob/master/app/controllers/projects_controller.rb)
+[app/controllers/projects\_controller.rb](https://github.com/coreinfrastructure/best-practices-badge/blob/main/app/controllers/projects_controller.rb)
 if you want to see the implementation's source code.
 
 ## Downloading the database

docs/assurance-case.md

@@ -2600,7 +2600,7 @@ and how it helps make the software more secure:
   revealed to unauthorized individuals.
   Here are important examples of our negative testing:
     - local logins with wrong or unfilled passwords will lead to login failure
-      (see `test/features/login_test.rb`).
+      (see `test/system/login_test.rb`).
     - projects cannot be edited ("patched") by a timed-out session
       or a session lacking a signed timeout value
       (see `test/controllers/projects_controller_test.rb`)

docs/best_practices_modify.py

@@ -9,7 +9,7 @@
 This program programmatically modifies BadgeApp projects.
 
 An example of using this on the command line is
-doc/best-practices-modify.py -S 1 '{"test_status": "Met"}'
+docs/best_practices_modify.py -S 1 '{"test_status": "Met"}'
 which modifies project 1 on the staging site.
 To modify the *production* site data, use -P instead of -S.
 Updates use JSON format; remember to use double-quotes around all strings