Merge pull request #248 from JulianHayward/developmentJH

security & contribution guide
JulianHayward · Aug 16, 2024 · 687ab6a · 687ab6a
2 parents d17e405 + 74edc49
commit 687ab6a
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 13 deletions.
diff --git a/SECURITY.md b/SECURITY.md
@@ -1,11 +1,22 @@
 # Security Policy
 
+This document outlines security procedures for the Azure Governance Visualizer (aka AzGovViz) project.
+
+We appreciate your dedication to responsible disclosure and will make every effort to acknowledge your contributions.
+
 ## Supported Versions
 
 Latest
 
 ## Reporting a Vulnerability
 
-Please report (suspected) security vulnerabilities via LinkedIn PN.
-If the issue is confirmed, we will release a patch as soon
-as possible depending on complexity.
+We ask that all suspected vulnerabilities be privately and responsibly disclosed via [LinkedIn PN](https://www.linkedin.com/in/julianhayward/).
+
+Here are some helpful details to include in your report:
+
+- a detailed description of the issue
+- the steps required to reproduce the issue
+- versions of the project that may be affected by the issue
+- if known, any mitigations for the issue
+
+If the issue is confirmed, we will release a patch as soon as possible likely within 1 day to 30 days depending on complexity.
diff --git a/contributionGuide.md b/contributionGuide.md
@@ -1,18 +1,19 @@
 # Contribution guide
 
 1. Fork the repository.
-1. Change you working directory to `.\Azure-MG-Sub-Governance-Reporting`.
-1. In the folder `.\pwsh\dev` find the function you intend to work on and apply your changes.
-1. Edit the file `.\pwsh\dev\devAzGovVizParallel.ps1`.
+2. Create a branch.
+3. Change you working directory to `.\Azure-MG-Sub-Governance-Reporting`.
+4. In the folder `.\pwsh\dev` find the function you intend to work on and apply your changes.
+5. Edit the file `.\pwsh\dev\devAzGovVizParallel.ps1`.
    - In the param block update the parameter variable `$ProductVersion` accordingly.
    - Note: Do not change anything else in this file if you did not introduce new functions!
-1. Execute `.\pwsh\dev\buildAzGovVizParallel.ps1` - This step will rebuilt the main `.\pwsh\AzGovVizParallel.ps1` file, incorporating all changes you did in the `.\pwsh\dev` directory.
-1. Edit the file `.\README.md`.
+6. Execute `.\pwsh\dev\buildAzGovVizParallel.ps1` - This step will rebuild the main `.\pwsh\AzGovVizParallel.ps1` file, incorporating all changes you did in the `.\pwsh\dev` directory.
+7. Edit the file `.\README.md`.
    - Update the region `Release history`, replace the changes from the previous release with your changes.
-1. Edit the file `.\history.md`.
+8. Edit the file `.\history.md`.
    - Copy over text for the change description you just did for the `.\README.md`.
-1. Execute the newly created AzGovViz version to test if it completes successfully by running `.\pwsh\AzGovVizParallel.ps1 -ShowRunIdentifier`.
+9. Execute the newly created AzGovViz version to test if it completes successfully by running `.\pwsh\AzGovVizParallel.ps1 -ShowRunIdentifier`.
    - From the very last line of the output copy the __run identifier__, you'll need that when you open your pull request.
-1. Commit your changes.
-1. Create a pull request
-   - Provide the __run identifier__ in the pull request as a proof of successful test
+10. Commit your changes.
+11. Create a pull request.
+   - Provide the __run identifier__ in the pull request as a proof of successful test.