Skip to content

Commit 8a9f7e0

Browse files
yaperez-anssigmolveau-anssi
yaperez-anssi
authored and
gmolveau-anssi
committed
add CONTRIBUTING and SECURITY file
- Mention that we accept only security-related contributions - Mention how to report security vulnerabilities
1 parent d44e8ab commit 8a9f7e0

2 files changed

Lines changed: 56 additions & 0 deletions

File tree

CONTRIBUTING.md

Lines changed: 40 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,40 @@
1+
# Contributing to This Project
2+
3+
Thank you for your interest in this project. Please read this document
4+
carefully before considering any contributions.
5+
6+
## Scope of Contributions
7+
8+
This project only accepts contributions related to security maintenance. No
9+
other types of contributions are expected or will be accepted at this time.
10+
11+
## Support Policy
12+
13+
Thank you for understanding and respecting the limited scope of this project's
14+
contributions and support. In particular, there is no commitment regarding
15+
processing times.
16+
17+
### Limited Support Scope
18+
19+
- Support is provided exclusively to contributors working on security-related
20+
improvements.
21+
- The project maintainers will only assist with issues directly related to your
22+
security maintenance contributions.
23+
24+
### No General Support
25+
26+
- We do not offer general support for using or setting up the project.
27+
- Questions, feature requests, or issues unrelated to active security
28+
maintenance contributions will not be addressed.
29+
30+
## How to Contribute
31+
32+
1. Ensure your contribution is strictly related to security maintenance.
33+
2. Fork the repository and create a new branch for your work.
34+
3. Submit a pull request with a clear description of your security-related
35+
improvements.
36+
37+
## Security Vulnerabilities
38+
39+
If you discover a security vulnerability, please report it according to our
40+
security policy outlined in the [`SECURITY.md`](SECURITY.md).

SECURITY.md

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,16 @@
1+
# Security Policy
2+
3+
## Reporting a Vulnerability
4+
5+
If you discover a security vulnerability in this project, please help us
6+
address it responsibly by following these steps:
7+
8+
1. **Do not publicly disclose the vulnerability.**
9+
2. Contact us directly at
10+
[opensource@ssi.gouv.fr](mailto:opensource@ssi.gouv.fr) with the following
11+
details:
12+
- A clear description of the issue.
13+
- Steps to reproduce the vulnerability.
14+
- Any potential impact or exploit scenarios.
15+
16+
Thank you for helping us keep this project secure!

0 commit comments

Comments
 (0)