Skip to content

Commit

Permalink
[Task]: Update SECURITY.md (#8)
Browse files Browse the repository at this point in the history
* Updated GitHub info

* Created stale.yml bot

* Create cla-check.yaml

* Update SECURITY.md

---------

Co-authored-by: Bernhard Rusch <[email protected]>
Co-authored-by: Shonster88 <[email protected]>
  • Loading branch information
3 people authored Apr 29, 2024
1 parent 1038def commit f19cd49
Show file tree
Hide file tree
Showing 7 changed files with 145 additions and 0 deletions.
37 changes: 37 additions & 0 deletions .github/ISSUE_TEMPLATE/Bug-Report.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
name: Bug Report
description: File a bug report
title: "[Bug]: "
labels: [Bug]
body:
- type: markdown
attributes:
value: |
## Important notice
As an open source project we love to work together with our community to improve and develop our products.
It's also important for us to make clear that **we're not working for you or your company**,
but we enjoy to work together to solve existing bugs.
So we would love to see PRs with bugfixes, discuss them and we are happy to merge them when they are ready.
For details see also our [contributing guidelines](https://github.com/pimcore/pimcore/blob/10.x/CONTRIBUTING.md).
Bug reports that do not meet the conditions listed below will be closed/deleted without comment.
- Bug was verified on the latest supported version.
- This is not a security issue -> see [our security policy](https://github.com/pimcore/pimcore/security/policy) instead.
- You are not able to provide a pull request that fixes the issue.
- There's no existing ticket for the same issue.
- type: textarea
attributes:
label: Expected behavior
validations:
required: true
- type: textarea
attributes:
label: Actual behavior
validations:
required: true
- type: textarea
attributes:
label: Steps to reproduce
validations:
required: true
27 changes: 27 additions & 0 deletions .github/ISSUE_TEMPLATE/Feature-Request.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
name: Feature Request
description: Request or propose a new feature
title: "[Feature]: "
labels: ["New Feature"]
body:
- type: markdown
attributes:
value: |
## Important notice
As an open source project we love to work together with our community to improve and develop our products.
It's also important for us to make clear that **we're not working for you or your company**,
but we enjoy to work together to improve or add new features to the product.
So we are always ready to discuss features and improvements with our community.
Especially for bigger topics, please [start a discussion](https://github.com/pimcore/pimcore/discussions) first to aviod unnecessary efforts.
As soon as a topic is more specific, feel free to create issues for it or even better provide a corresponding PR as we love to
review and merge contributions.
Feature requests that do not meet the conditions listed below will be closed/deleted without comment.
- There's no existing ticket for the same topic
- This is already a specific ready-to-work-on feature request
- type: textarea
attributes:
label: Feature description
validations:
required: true
27 changes: 27 additions & 0 deletions .github/ISSUE_TEMPLATE/Improvement.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
name: Improvement
description: Request or propose an improvement
title: "[Improvement]: "
labels: ["Improvement"]
body:
- type: markdown
attributes:
value: |
## Important notice
As an open source project we love to work together with our community to improve and develop our products.
It's also important for us to make clear that **we're not working for you or your company**,
but we enjoy to work together to improve or add new features to the product.
So we are always ready to discuss features and improvements with our community.
Especially for bigger topics, please [start a discussion](https://github.com/pimcore/pimcore/discussions) first to aviod unnecessary efforts.
As soon as a topic is more specific, feel free to create issues for it or even better provide a corresponding PR as we love to
review and merge contributions.
Feature requests that do not meet the conditions listed below will be closed/deleted without comment.
- There's no existing ticket for the same topic
- This is already a specific ready-to-work-on feature request
- type: textarea
attributes:
label: Improvement description
validations:
required: true
8 changes: 8 additions & 0 deletions .github/ISSUE_TEMPLATE/config.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
blank_issues_enabled: false
contact_links:
- name: We are hiring!
url: https://pimcore.com/en/careers?utm_source=github&utm_medium=issue-template-payment-provider-payu&utm_campaign=careers
about: Enjoy working with Pimcore? Join us on our mission!
- name: Community Support
url: https://github.com/pimcore/pimcore/discussions
about: Please ask and answer questions here.
14 changes: 14 additions & 0 deletions .github/workflows/cla-check.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
name: CLA check

on:
issue_comment:
types: [created]
pull_request_target:
types: [opened, closed, synchronize]

jobs:
cla-workflow:
uses: pimcore/workflows-collection-public/.github/workflows/[email protected]
if: (github.event.comment.body == 'recheck' || github.event.comment.body == 'I have read the CLA Document and I hereby sign the CLA') || github.event_name == 'pull_request_target'
secrets:
CLA_ACTION_ACCESS_TOKEN: ${{ secrets.CLA_ACTION_ACCESS_TOKEN }}
10 changes: 10 additions & 0 deletions .github/workflows/stale.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
name: Handle stale issues

on:
workflow_dispatch:
schedule:
- cron: '37 7 * * *'

jobs:
call-stale-workflow:
uses: pimcore/workflows-collection-public/.github/workflows/[email protected]
22 changes: 22 additions & 0 deletions SECURITY.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
# Security Policy

## Reporting a Vulnerability

If you think that you have found a security issue,
don’t use the bug tracker and don’t publish it publicly.
Instead, all security issues must be reported via a private vulnerability report.

Please follow the [instructions](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/privately-reporting-a-security-vulnerability#privately-reporting-a-security-vulnerability) to submit a private report.


## Resolving Process
Every submitted security issue is handled with top priority by following these steps:

1. Confirm the vulnerability
2. Determine the severity
3. Contact reporter
4. Work on a patch
5. Get a CVE identification number (may be done by the reporter or a security service provider)
6. Patch reviewing
7. Tagging a new release for supported versions
8. Publish security announcement

0 comments on commit f19cd49

Please sign in to comment.