Thank you for your interest in open-appsec. We welcome contributions of all kinds, there is no need to do code to be helpful! All of the following tasks are noble and worthy contributions that you can make without coding:
- Reporting security vulnerabilities
- Reporting a bug
- Helping a member of the community
- Notes about our documentation
- Providing feedback and feature requests
Before making any kind of contribution, read our Code of Conduct to keep our community approachable and respectable.
This guide will provide an overview of the various contribution options' guidelines - from reporting or fixing a bug to suggesting an enhancement.
If you've found a vulnerability or a potential vulnerability in open-appsec please let us know at [email protected]. We'll send a confirmation email to acknowledge your report within 24 hours and send an additional email when we've identified the issue positively or negatively.
An internal process will be activated upon determining the validity of a reported security vulnerability, which will end with releasing a fix and deciding on the appropriate disclosure actions. The reporter of the issue will receive updates on this process' progress.
Important - If the bug you wish to report regards a suspicion of a security vulnerability, please refer to the Reporting security vulnerability section
To report a bug, you can either open a new issue using a relevant issue form or, contact us via our open-appsec open source distribution list.
Be sure to include a title and clear description, as much relevant information as possible, and a code sample or an executable test case demonstrating the expected behavior that is not occurring.
Please contact us via our open-appsec open source distribution list before writing your code. We will want to make sure we understand the boundaries of the proposed fix, that the relevant coding style is clear for the proposed fix's location in the code, and that the suggested contribution is relevant and eligible.
Once you've received our confirmation follow the next steps:
- Fork the repository to your GitHub account.
- Clone your forked repository to your local machine.
- Add your contributions to relevant locations in the local copy of the codebase.
- Push your changes back to your forked repository.
- Open a pull request (PR) against the main branch of the original repository.
For any code-independent enhancements (such as docker-compose files, or instructions on how to compile on different OSs) please follow the next steps:
- suggest your change via our open-appsec open-source distribution list to inform us about your possible contribution and wait for our confirmation.
- Fork the repository to your GitHub account.
- Clone your forked repository to your local machine.
- Add your contributions to the "contrib" Folder in the local copy of the codebase.
- Push your changes back to your forked repository.
- Open a pull request (PR) against the main branch of the original repository.
Please note that during the PR review we might adjust the location of the contributions.
Please suggest your change via our open-appsec open-source distribution list before writing your code. We will contact you to make sure we understand the boundaries of the proposed fix, that the relevant coding style is clear for the proposed fix's location in the code, and that the suggested contribution is relevant and eligible. There may be additional considerations that we would like to discuss with you before implementing the enhancement.
to propose changes to our documentation you can either open a new issue using a relevant issue form or, contact us via our open-appsec open source distribution list.
We value all efforts to read, suggest changes, and/or contribute to our open-source files. Thank you for your time and efforts.
The open-appsec Team