Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore: minor changes, documentation updates #66

Merged
merged 1 commit into from
Apr 22, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 3 additions & 5 deletions .editorconfig
Original file line number Diff line number Diff line change
Expand Up @@ -11,10 +11,8 @@ trim_trailing_whitespace = true
[*.md]
trim_trailing_whitespace = false

[*{.yml,.yaml}]
indent_style = space
[*.{yml,yaml}]
indent_size = 2

[*.json]
indent_style = space
indent_size = 4
[Makefile]
indent_style = tab
71 changes: 12 additions & 59 deletions .github/ISSUE_TEMPLATE/5-security-report.yml
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
---

name: ⚠️ Security Report
description: Report a security issue to help improve the project's safety.
description: Please report security issues directly through GitHub Security Advisories to ensure privacy.
title: '[Security]: '
labels: ['type: bug', 'priority: high', 'type: security']

Expand All @@ -11,71 +11,24 @@ assignees:
body:
- type: markdown
attributes:
value: ⚠️ **Security Report**
value: >
⚠️ **Please DO NOT report security vulnerabilities here.** Instead, use the GitHub Security Advisories feature to report them privately and securely. This helps us address issues responsibly without exposing them publicly.

- type: textarea
id: security-issue-description
attributes:
label: Describe the security issue
description: Provide a clear and concise description of what the security issue is, without including sensitive details.
placeholder: Describe the security issue...
validations:
required: true

- type: textarea
id: steps-to-reproduce
attributes:
label: To Reproduce
description: |
Steps to reproduce the security issue:
1. Navigate to...
2. Perform action...
3. Observe outcome...
placeholder: |
1. Navigate to...
2. Perform action...
3. Observe outcome...
validations:
required: true

- type: textarea
id: expected-behaviour
attributes:
label: Expected behaviour
description: Describe what you expected to happen without the security flaw.
placeholder: What did you expect to happen?
validations:
required: true

- type: textarea
id: media-prove
- type: markdown
attributes:
label: Media prove
description: If applicable, add screenshots or videos that help explain your issue, ensuring no sensitive data is displayed.
placeholder: Upload files or paste links here...
validations:
required: false
value: >
GitHub Advisories do not automatically notify maintainers, so by using the advisories, you help maintain confidentiality while ensuring the issue is documented and tracked properly.

- type: textarea
id: environment
- type: markdown
attributes:
label: Your environment
description: |
Provide detailed information about your environment to help us replicate the issue:
* OS: [e.g. Ubuntu]
* PHP version: [e.g. 8.2.2]
* Package version: [e.g. 1.0.0]
* Any relevant environment details
placeholder: List your environment details here...
validations:
required: false
value: 'To create a new advisory, go to: [Create Security Advisory](https://github.com/wayofdev/gh-actions/security/advisories/new)'

- type: textarea
id: additional-context
id: github-advisory-url
attributes:
label: Additional context
description: Add any other context about the problem here, ensuring no sensitive data is included.
placeholder: Any additional information...
label: Your GitHub Advisory URL
description: Optionally, you can paste the URL of the GitHub Security Advisory you have created here for reference.
placeholder: Paste the GitHub Security Advisory URL here...
validations:
required: false

Expand Down
12 changes: 9 additions & 3 deletions .github/ISSUE_TEMPLATE/config.yml
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,12 @@
blank_issues_enabled: true

contact_links:
- name: Send an e-mail to the developer
url: mailto:the@wayof.dev
about: Please do NOT use this email to post issues or feature requests (only important business/personal contact).
- name: Start a discussion or ask a question.
url: https://github.com/wayofdev/.github/discussions
about: Please ask and answer questions here.

- name: Join our Discord Community
url: https://discord.gg/CE3TcCC5vr
about: Join our Discord community to get help, share your ideas, and chat with other developers.

...
14 changes: 11 additions & 3 deletions .github/SECURITY.md
Original file line number Diff line number Diff line change
Expand Up @@ -6,12 +6,20 @@ Thank you for helping keep project and its users safe. We greatly appreciate you

## 🚨 Reporting a Vulnerability

We take all security bugs in project seriously. Thank you for improving the security of this project. We appreciate your efforts and responsible disclosure and will make every effort to acknowledge your contributions.
We take all security bugs in our projects seriously. Please follow the instructions below to report security vulnerabilities.

### → How to Report a Vulnerability

1. **Direct Contact**: For highly sensitive information, please email us directly at `the@wayof.dev` with the subject line "SECURITY - Vulnerability Report". This will be treated with the highest priority.
1. **GitHub Security Advisories**: Please report security issues directly through our GitHub Security Advisories page: [https://github.com/wayofdev/gh-actions/security/advisories/new](https://github.com/wayofdev/gh-actions/security/advisories/new). This ensures that sensitive information is handled confidentially.

2. **GitHub Issues**: For vulnerabilities that do not immediately affect the security of the application or its users, such as those found in non-critical systems, please report them through our GitHub issues. Make sure to use the `⚠️ Security Report` issue template. Please do not include sensitive information in GitHub issues. Detailed instructions about how to fill this report are included within the issue template itself.
2. **Empty Security Issue**: After submitting through GitHub Security Advisories, please also create an empty security issue to alert us, as GitHub Advisories do not send automatic notifications. This can be done [here](https://github.com/wayofdev/gh-actions/issues/new?assignees=&labels=type%3A+bug%2Cpriority%3A+high%2Ctype%3A+security&projects=&template=5-security-report.yml&title=%5BSecurity%5D%3A+).

3. **Direct Contact**: For highly sensitive information, in addition to the GitHub Security Advisories, please email us directly at `the@wayof.dev` with the subject line "SECURITY - Vulnerability Report". This will be treated with the highest priority.

Please do not discuss potential security issues in public forums or through our public GitHub issues tracker.

## ❌ Third-Party Bug Bounty Platforms

At this moment, we DO NOT accept reports from third-party bug bounty platforms to minimize risk. All vulnerability reports should come through the specified channels above.

<br>
4 changes: 2 additions & 2 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -77,11 +77,11 @@ lint: lint-yaml lint-actions ## Lint all files
.PHONY: lint

lint-yaml: ## Lint all yaml files
@$(YAML_LINT_RUNNER)
@$(YAML_LINT_RUNNER) | tee -a $(MAKE_LOGFILE)
.PHONY: lint-yaml

lint-actions: ## Lint all github actions
@$(ACTION_LINT_RUNNER)
@$(ACTION_LINT_RUNNER) | tee -a $(MAKE_LOGFILE)
.PHONY: lint-actions

#
Expand Down
1 change: 0 additions & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,6 @@
</picture>
</a>
</div>

<br>

<br>
Expand Down