├── .github └── ISSUE_TEMPLATE │ ├── config.yml │ ├── bug-report.yml │ └── feature-request.yml ├── LICENSE ├── CONTRIBUTING.md ├── CODE_OF_CONDUCT.md └── SECURITY.md /.github/ISSUE_TEMPLATE/config.yml: -------------------------------------------------------------------------------- 1 | blank_issues_enabled: false 2 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | All Rights Reserved 2 | 3 | Copyright (c) 2021 VMware Inc 4 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/bug-report.yml: -------------------------------------------------------------------------------- 1 | name: 🐛 Bug report 2 | description: Create a report to help us improve 3 | labels: bug 4 | 5 | body: 6 | - type: markdown 7 | attributes: 8 | value: | 9 | Thanks for taking the time to fill out this bug report! 10 | 11 | - type: textarea 12 | id: describe-bug 13 | attributes: 14 | label: Describe the bug 15 | description: A clear and concise description of what the bug is. 16 | validations: 17 | required: true 18 | 19 | - type: textarea 20 | id: reproduction-steps 21 | attributes: 22 | label: Reproduction steps 23 | description: Steps to reproduce the behavior 24 | value: | 25 | 1. 26 | 2. 27 | 3. 28 | ... 29 | validations: 30 | required: true 31 | 32 | - type: textarea 33 | id: expected-behavior 34 | attributes: 35 | label: Expected behavior 36 | description: A clear and concise description of what you expected to happen. 37 | validations: 38 | required: true 39 | 40 | - type: textarea 41 | id: additional-context 42 | attributes: 43 | label: Additional context 44 | description: Add any other context about the problem here. 45 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/feature-request.yml: -------------------------------------------------------------------------------- 1 | name: 🚀 Feature request 2 | description: Suggest an idea for this project 3 | labels: enhancement 4 | 5 | body: 6 | - type: textarea 7 | id: describe-problem 8 | attributes: 9 | label: Is your feature request related to a problem? Please describe. 10 | description: A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] 11 | validations: 12 | required: true 13 | 14 | - type: textarea 15 | id: describe-solution 16 | attributes: 17 | label: Describe the solution you'd like 18 | description: A clear and concise description of what you want to happen. 19 | validations: 20 | required: true 21 | 22 | - type: textarea 23 | id: describe-alternatives 24 | attributes: 25 | label: Describe alternatives you've considered 26 | description: A clear and concise description of any alternative solutions or features you've considered. 27 | validations: 28 | required: false 29 | 30 | - type: textarea 31 | id: additional-context 32 | attributes: 33 | label: Additional context 34 | description: Add any other context or screenshots about the feature request here. 35 | validations: 36 | required: false 37 | -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | # Contributing to {{ project }} 2 | 3 | _NOTE: This is a template document that requires editing before it is ready to use!_ 4 | 5 | We welcome contributions from the community and first want to thank you for taking the time to contribute! 6 | 7 | Please familiarize yourself with the [Code of Conduct](https://github.com/vmware/.github/blob/main/CODE_OF_CONDUCT.md) before contributing. 8 | 9 | _TO BE EDITED: Depending on the open source license that governs the project, leave only one of the options below:_ 10 | 11 | * _DCO: Before you start working with {{ project }}, please read our [Developer Certificate of Origin](https://cla.vmware.com/dco). All contributions to this repository must be signed as described on that page. Your signature certifies that you wrote the patch or have the right to pass it on as an open-source patch._ 12 | * _CLA: Before you start working with {{ project }}, please read and sign our Contributor License Agreement [CLA](https://cla.vmware.com/cla/1/preview). If you wish to contribute code and you have not signed our contributor license agreement (CLA), our bot will update the issue when you open a Pull Request. For any questions about the CLA process, please refer to our [FAQ]([https://cla.vmware.com/faq](https://cla.vmware.com/faq))._ 13 | 14 | ## Ways to contribute 15 | 16 | We welcome many different types of contributions and not all of them need a Pull request. Contributions may include: 17 | 18 | * New features and proposals 19 | * Documentation 20 | * Bug fixes 21 | * Issue Triage 22 | * Answering questions and giving feedback 23 | * Helping to onboard new contributors 24 | * Other related activities 25 | 26 | ## Getting started 27 | 28 | _TO BE EDITED: This section explains how to build the project from source, including Development Environment Setup, Build, Run and Test._ 29 | 30 | _Provide information about how someone can find your project, get set up, build the code, test it, and submit a pull request successfully without having to ask any questions. Also include common errors people run into, or useful scripts they should run._ 31 | 32 | _List any tests that the contributor should run / or testing processes to follow before submitting. Describe any automated and manual checks performed by reviewers._ 33 | 34 | 35 | ## Contribution Flow 36 | 37 | This is a rough outline of what a contributor's workflow looks like: 38 | 39 | * Make a fork of the repository within your GitHub account 40 | * Create a topic branch in your fork from where you want to base your work 41 | * Make commits of logical units 42 | * Make sure your commit messages are with the proper format, quality and descriptiveness (see below) 43 | * Push your changes to the topic branch in your fork 44 | * Create a pull request containing that commit 45 | 46 | We follow the GitHub workflow and you can find more details on the [GitHub flow documentation](https://docs.github.com/en/get-started/quickstart/github-flow). 47 | 48 | Before submitting your pull request, we advise you to use the following: 49 | 50 | 51 | ### Pull Request Checklist 52 | 53 | 1. Check if your code changes will pass both code linting checks and unit tests. 54 | 2. Ensure your commit messages are descriptive. We follow the conventions on [How to Write a Git Commit Message](http://chris.beams.io/posts/git-commit/). Be sure to include any related GitHub issue references in the commit message. See [GFM syntax](https://guides.github.com/features/mastering-markdown/#GitHub-flavored-markdown) for referencing issues and commits. 55 | 3. Check the commits and commits messages and ensure they are free from typos. 56 | 57 | ## Reporting Bugs and Creating Issues 58 | 59 | For specifics on what to include in your report, please follow the guidelines in the issue and pull request templates when available. 60 | 61 | _TO BE EDITED: Add additional information if needed._ 62 | 63 | 64 | ## Ask for Help 65 | 66 | _TO BE EDITED: Provide information about the channels you use to communicate (i.e. Slack, IRC, Discord, etc)_ 67 | 68 | The best way to reach us with a question when contributing is to ask on: 69 | 70 | * The original GitHub issue 71 | * The developer mailing list 72 | * Our Slack channel 73 | 74 | 75 | ## Additional Resources 76 | 77 | _Optional_ 78 | 79 | -------------------------------------------------------------------------------- /CODE_OF_CONDUCT.md: -------------------------------------------------------------------------------- 1 | # Contributor Covenant Code of Conduct 2 | 3 | ## Our Pledge 4 | 5 | We as members, contributors, and leaders pledge to make participation in this project and our 6 | community a harassment-free experience for everyone, regardless of age, body 7 | size, visible or invisible disability, ethnicity, sex characteristics, gender 8 | identity and expression, level of experience, education, socio-economic status, 9 | nationality, personal appearance, race, religion, or sexual identity 10 | and orientation. 11 | 12 | We pledge to act and interact in ways that contribute to an open, welcoming, 13 | diverse, inclusive, and healthy community. 14 | 15 | ## Our Standards 16 | 17 | Examples of behavior that contributes to a positive environment for our 18 | community include: 19 | 20 | * Demonstrating empathy and kindness toward other people 21 | * Being respectful of differing opinions, viewpoints, and experiences 22 | * Giving and gracefully accepting constructive feedback 23 | * Accepting responsibility and apologizing to those affected by our mistakes, 24 | and learning from the experience 25 | * Focusing on what is best not just for us as individuals, but for the 26 | overall community 27 | 28 | Examples of unacceptable behavior include: 29 | 30 | * The use of sexualized language or imagery, and sexual attention or 31 | advances of any kind 32 | * Trolling, insulting or derogatory comments, and personal or political attacks 33 | * Public or private harassment 34 | * Publishing others' private information, such as a physical or email 35 | address, without their explicit permission 36 | * Other conduct which could reasonably be considered inappropriate in a 37 | professional setting 38 | 39 | ## Enforcement Responsibilities 40 | 41 | Community leaders are responsible for clarifying and enforcing our standards of 42 | acceptable behavior and will take appropriate and fair corrective action in 43 | response to any behavior that they deem inappropriate, threatening, offensive, 44 | or harmful. 45 | 46 | Community leaders have the right and responsibility to remove, edit, or reject 47 | comments, commits, code, wiki edits, issues, and other contributions that are 48 | not aligned to this Code of Conduct, and will communicate reasons for moderation 49 | decisions when appropriate. 50 | 51 | ## Scope 52 | 53 | This Code of Conduct applies within all community spaces, and also applies when 54 | an individual is officially representing the community in public spaces. 55 | Examples of representing our community include using an official e-mail address, 56 | posting via an official social media account, or acting as an appointed 57 | representative at an online or offline event. 58 | 59 | ## Enforcement 60 | 61 | Instances of abusive, harassing, or otherwise unacceptable behavior may be 62 | reported to the community leaders responsible for enforcement at oss-coc@vmware.com. 63 | All complaints will be reviewed and investigated promptly and fairly. 64 | 65 | All community leaders are obligated to respect the privacy and security of the 66 | reporter of any incident. 67 | 68 | ## Enforcement Guidelines 69 | 70 | Community leaders will follow these Community Impact Guidelines in determining 71 | the consequences for any action they deem in violation of this Code of Conduct: 72 | 73 | ### 1. Correction 74 | 75 | **Community Impact**: Use of inappropriate language or other behavior deemed 76 | unprofessional or unwelcome in the community. 77 | 78 | **Consequence**: A private, written warning from community leaders, providing 79 | clarity around the nature of the violation and an explanation of why the 80 | behavior was inappropriate. A public apology may be requested. 81 | 82 | ### 2. Warning 83 | 84 | **Community Impact**: A violation through a single incident or series 85 | of actions. 86 | 87 | **Consequence**: A warning with consequences for continued behavior. No 88 | interaction with the people involved, including unsolicited interaction with 89 | those enforcing the Code of Conduct, for a specified period of time. This 90 | includes avoiding interactions in community spaces as well as external channels 91 | like social media. Violating these terms may lead to a temporary or 92 | permanent ban. 93 | 94 | ### 3. Temporary Ban 95 | 96 | **Community Impact**: A serious violation of community standards, including 97 | sustained inappropriate behavior. 98 | 99 | **Consequence**: A temporary ban from any sort of interaction or public 100 | communication with the community for a specified period of time. No public or 101 | private interaction with the people involved, including unsolicited interaction 102 | with those enforcing the Code of Conduct, is allowed during this period. 103 | Violating these terms may lead to a permanent ban. 104 | 105 | ### 4. Permanent Ban 106 | 107 | **Community Impact**: Demonstrating a pattern of violation of community 108 | standards, including sustained inappropriate behavior, harassment of an 109 | individual, or aggression toward or disparagement of classes of individuals. 110 | 111 | **Consequence**: A permanent ban from any sort of public interaction within 112 | the community. 113 | 114 | ## Attribution 115 | 116 | This Code of Conduct is adapted from the [Contributor Covenant][homepage], 117 | version 2.0, available at 118 | https://www.contributor-covenant.org/version/2/0/code_of_conduct.html. 119 | 120 | Community Impact Guidelines were inspired by [Mozilla's code of conduct 121 | enforcement ladder](https://github.com/mozilla/diversity). 122 | 123 | [homepage]: https://www.contributor-covenant.org 124 | 125 | For answers to common questions about this code of conduct, see the FAQ at 126 | https://www.contributor-covenant.org/faq. Translations are available at 127 | https://www.contributor-covenant.org/translations. 128 | -------------------------------------------------------------------------------- /SECURITY.md: -------------------------------------------------------------------------------- 1 | # Security Release Process 2 | 3 | The community has adopted this security disclosure and response policy to ensure we responsibly handle critical issues. 4 | 5 | 6 | ## Supported Versions 7 | 8 | For a list of support versions that this project will potentially create security fixes for, please refer to the Releases page on this project's GitHub and/or project related documentation on release cadence and support. 9 | 10 | 11 | ## Reporting a Vulnerability - Private Disclosure Process 12 | 13 | Security is of the highest importance and all security vulnerabilities or suspected security vulnerabilities should be reported to this project privately, to minimize attacks against current users before they are fixed. Vulnerabilities will be investigated and patched on the next patch (or minor) release as soon as possible. This information could be kept entirely internal to the project. 14 | 15 | If you know of a publicly disclosed security vulnerability for this project, please **IMMEDIATELY** contact the maintainers of this project privately. The use of encrypted email is encouraged. 16 | 17 | 18 | **IMPORTANT: Do not file public issues on GitHub for security vulnerabilities** 19 | 20 | To report a vulnerability or a security-related issue, please contact the maintainers with enough details through one of the following channels: 21 | * Directly via their individual email addresses 22 | * Open a [GitHub Security Advisory](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability). This allows for anyone to report security vulnerabilities directly and privately to the maintainers via GitHub. Note that this option may not be present for every repository. 23 | 24 | The report will be fielded by the maintainers who have committer and release permissions. Feedback will be sent within 3 business days, including a detailed plan to investigate the issue and any potential workarounds to perform in the meantime. 25 | 26 | Do not report non-security-impacting bugs through this channel. Use GitHub issues for all non-security-impacting bugs. 27 | 28 | 29 | ## Proposed Report Content 30 | 31 | Provide a descriptive title and in the description of the report include the following information: 32 | 33 | * Basic identity information, such as your name and your affiliation or company. 34 | * Detailed steps to reproduce the vulnerability (POC scripts, screenshots, and logs are all helpful to us). 35 | * Description of the effects of the vulnerability on this project and the related hardware and software configurations, so that the maintainers can reproduce it. 36 | * How the vulnerability affects this project's usage and an estimation of the attack surface, if there is one. 37 | * List other projects or dependencies that were used in conjunction with this project to produce the vulnerability. 38 | 39 | 40 | ## When to report a vulnerability 41 | 42 | * When you think this project has a potential security vulnerability. 43 | * When you suspect a potential vulnerability but you are unsure that it impacts this project. 44 | * When you know of or suspect a potential vulnerability on another project that is used by this project. 45 | 46 | 47 | ## Patch, Release, and Disclosure 48 | 49 | The maintainers will respond to vulnerability reports as follows: 50 | 51 | 1. The maintainers will investigate the vulnerability and determine its effects and criticality. 52 | 2. If the issue is not deemed to be a vulnerability, the maintainers will follow up with a detailed reason for rejection. 53 | 3. The maintainers will initiate a conversation with the reporter within 3 business days. 54 | 4. If a vulnerability is acknowledged and the timeline for a fix is determined, the maintainers will work on a plan to communicate with the appropriate community, including identifying mitigating steps that affected users can take to protect themselves until the fix is rolled out. 55 | 5. The maintainers will also create a [Security Advisory](https://docs.github.com/en/code-security/repository-security-advisories/publishing-a-repository-security-advisory) using the [CVSS Calculator](https://www.first.org/cvss/calculator/3.0), if it is not created yet. The maintainers make the final call on the calculated CVSS; it is better to move quickly than making the CVSS perfect. Issues may also be reported to [Mitre](https://cve.mitre.org/) using this [scoring calculator](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator). The draft advisory will initially be set to private. 56 | 6. The maintainers will work on fixing the vulnerability and perform internal testing before preparing to roll out the fix. 57 | 7. Once the fix is confirmed, the maintainers will patch the vulnerability in the next patch or minor release, and backport a patch release into all earlier supported releases. 58 | 59 | 60 | ## Public Disclosure Process 61 | 62 | The maintainers publish the public advisory to this project's community via GitHub. In most cases, additional communication via Slack, Twitter, mailing lists, blog, and other channels will assist in educating the project's users and rolling out the patched release to affected users. 63 | 64 | The maintainers will also publish any mitigating steps users can take until the fix can be applied to their instances. This project's distributors will handle creating and publishing their own security advisories. 65 | 66 | 67 | ## Confidentiality, integrity and availability 68 | 69 | We consider vulnerabilities leading to the compromise of data confidentiality, elevation of privilege, or integrity to be our highest priority concerns. Availability, in particular in areas relating to DoS and resource exhaustion, is also a serious security concern. The maintainer team takes all vulnerabilities, potential vulnerabilities, and suspected vulnerabilities seriously and will investigate them in an urgent and expeditious manner. 70 | 71 | Note that we do not currently consider the default settings for this project to be secure-by-default. It is necessary for operators to explicitly configure settings, role based access control, and other resource related features in this project to provide a hardened environment. We will not act on any security disclosure that relates to a lack of safe defaults. Over time, we will work towards improved safe-by-default configuration, taking into account backwards compatibility. 72 | --------------------------------------------------------------------------------