You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: .github/CONTRIBUTING.md
+23-30Lines changed: 23 additions & 30 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,6 +1,6 @@
1
-
# Contributing to BASH
1
+
# Contributing
2
2
3
-
Welcome to the **BASH**project! We're excited to have you contribute. Whether you're fixing a bug, improving documentation, or proposing a new feature, your contributions are greatly appreciated. Follow the guidelines below to ensure a smooth and productive collaboration.
3
+
Welcome to the project! We're excited to have you contribute. Whether you're fixing a bug, improving documentation, or proposing a new feature, your contributions are greatly appreciated. Follow the guidelines below to ensure a smooth and productive collaboration.
4
4
5
5
---
6
6
@@ -29,8 +29,8 @@ This project adheres to the [Contributor Covenant Code of Conduct](https://www.c
29
29
1.**Fork the repository** to your own GitHub account.
- Pipelines & readability: use display pipes (put | at start of continuation lines).
105
+
- No UUOC: avoid unnecessary cat.
106
+
- Signal handling: trap SIGINT and SIGTERM and exit with a proper code (128 + signal).
107
+
- Dependency validation: scripts should early-check commands or environment (e.g. validate_commands).
108
+
- Linting / formatting: all scripts must pass shellcheck and be formatted with shfmt (as above).
109
+
110
+
If you’re unfamiliar with any of these rules, see the [bash_style_guide](https://github.com/tatanus/bash_style_guide) repository for full context.
118
111
119
112
---
120
113
@@ -137,6 +130,6 @@ Documentation improvements are highly valued! If you see errors or areas to enha
137
130
138
131
If you have any questions, feel free to reach out via:
139
132
140
-
- **Issues**: Use the [Issues](https://github.com/tatanus/BASH/issues) tab.
133
+
- **Issues**: Use the Issues tabin the repository.
141
134
142
135
Thank you for contributing and helping make **BASH** better!
The following versions of the project are actively supported for security updates:
6
+
7
+
| Version | Supported |
8
+
|-----------|--------------------|
9
+
|`v1.x`| ✅ Fully supported |
10
+
|`<v1.0`| ❌ No longer supported |
11
+
12
+
Please ensure you're using the latest version of the project to receive the most up-to-date security fixes.
13
+
14
+
---
15
+
16
+
## Reporting a Vulnerability
17
+
18
+
If you discover a security vulnerability in the project, please follow these steps:
19
+
20
+
1.**Do not disclose the vulnerability publicly**.
21
+
- Report it directly to the maintainers so a fix can be developed before disclosure.
22
+
2.**Submit a private report**:
23
+
- Alternative: open a [private security advisory on GitHub](https://docs.github.com/en/code-security/security-advisories/repository-security-advisories/creating-a-repository-security-advisory) if available.
24
+
3.**Wait for acknowledgment**:
25
+
- You should receive confirmation within **3 business days**. If you don’t, please follow up.
26
+
27
+
---
28
+
29
+
## Vulnerability Disclosure Process
30
+
31
+
1. Upon receiving a report, the maintainers will:
32
+
- Confirm the vulnerability.
33
+
- Investigate and develop a fix or mitigation.
34
+
35
+
2. Once a fix is ready:
36
+
- The reporter will be notified.
37
+
- A patch or release will be prepared.
38
+
- Security advisories will be drafted.
39
+
40
+
3. Public disclosure:
41
+
- The vulnerability will be disclosed publicly alongside the fix, after a reasonable grace period to allow users to update.
42
+
43
+
---
44
+
45
+
## Security Best Practices for Contributors
46
+
47
+
To help keep the project secure, contributors should follow these practices:
48
+
49
+
1.**Validate Inputs**:
50
+
- Always sanitize and validate user inputs to prevent injection vulnerabilities.
51
+
52
+
2.**Principle of Least Privilege**:
53
+
- Avoid running scripts or code with unnecessary privileges.
54
+
55
+
3.**Protect Secrets**:
56
+
- Never hardcode sensitive information (e.g., credentials, tokens, API keys).
57
+
- Use environment variables or secret managers.
58
+
59
+
4.**Static Analysis / Linters**:
60
+
- Run project-specific security tools before submitting contributions.
0 commit comments