CONTRIBUTING.md

Contributing to the Common Requirements Enumeration Project

👍🎉 First off, thanks for taking the time to contribute! 🎉👍

The following is a set of guidelines for contributing. These are mostly guidelines, not rules. Use your best judgment, and feel free to propose changes to this document in a pull request.

Table Of Contents

• Code of Conduct

• I don't want to read this whole thing, I just have a question!!!

• How Can I Contribute?

  • Reporting Bugs
  • Suggesting Enhancements
  • Your First Code Contribution
  • Pull Requests

• Styleguides

  • Git Commit Messages
  • Documentation Styleguide

• Additional Notes

  • Issue and Pull Request Labels

Code of Conduct

This project and everyone participating in it is governed by the OWASP Code of Conduct. By participating, you are expected to uphold this code.

I don't want to read this whole thing I just have a question!!!

Note: Please don't file an issue to ask a question.

You can reach us in the OWASP Slack

The channel name is

 #project-cre

How Can I Contribute?

The "Issues" page lists a number of features we would like to implement, we have tagged the ones we believe are easy to pick up with the tag good first issue and/or beginner. Alternatively you can contribute content by adding a mapping or request features or mappings by opening an Issue.

Adding CREs and Mappings

You can contribute a new CRE or a new Mapping either by submitting a pull request with updated .yaml files in /cres or by filling in a GSuite spreadsheet that follows the template and opening a new issue requesting us to parse it. (Autoparsing and submit via website features are in the roadmap)

Reporting Bugs

When you are creating a bug report, please include as many details as possible. Fill out the required template, the information it asks for helps us resolve issues faster.

Note: If you find a Closed issue that seems like it is the same thing that you're experiencing, open a new issue and include a link to the original issue in the body of your new one.

How Do I Submit A (Good) Bug Report?

Bugs are tracked as GitHub issues. Create an issue and provide the following information by filling in the template.

Explain the problem and include additional details to help maintainers reproduce the problem:

• Use a clear and descriptive title for the issue to identify the problem.
• Describe the exact steps which reproduce the problem in as many details as possible.
• Provide specific examples to demonstrate the steps. Include links to files or GitHub projects, or copy/pasteable snippets, which you use in those examples. If you're providing snippets in the issue, use Markdown code blocks.
• Describe the behavior you observed after following the steps and point out what exactly is the problem with that behavior.
• Explain which behavior you expected to see instead and why.

Suggesting Enhancements

This section guides you through submitting an enhancement suggestion, including completely new features and minor improvements to existing functionality. Following these guidelines helps maintainers and the community understand your suggestion 📝 and find related suggestions 🔎.

When you are creating an enhancement suggestion, please include as many details as possible. Fill in the template, including the steps that you imagine you would take if the feature you're requesting existed.

How Do I Submit A (Good) Enhancement Suggestion?

Enhancement suggestions are tracked as GitHub issues. Create an issue on that repository and provide the following information:

• Use a clear and descriptive title for the issue to identify the suggestion.
• Provide a step-by-step description of the suggested enhancement in as many details as possible.
• Provide specific examples to demonstrate the steps. Include copy/pasteable snippets which you use in those examples, as Markdown code blocks.
• Describe the current behavior and explain which behavior you expected to see instead and why.
• Explain why this enhancement would be useful.

Your First Code Contribution

Unsure where to begin contributing? You can start by looking through these beginner, good first issue and help-wanted issues:

• Beginner issues - issues which should only require a few lines of code, and a test or two.
• Good first issue - issues which should require more substantial changes but can be done in an afternoon or two.
• Help wanted issues - issues which should be a bit more involved than beginner issues.

Pull Requests

Each Pull Request should close a single ticket and only make changes necessary in order for this to be done. Please reference the relevant ticket in the Pull Request. After you submit your pull request, verify that all status checks are passing

What if the status checks are failing?

If a status check is failing, and you believe that the failure is unrelated to your change, please leave a comment on the pull request explaining why you believe the failure is unrelated. A maintainer will re-run the status check for you. If we conclude that the failure was a false positive, then we will open an issue to track that problem with our status check suite.

Styleguides

We use eslint and black to enforce style. make lint should fix most style problems.

Git Commit Messages

• Use the present tense ("Add feature" not "Added feature")
• Use the imperative mood ("Move cursor to..." not "Moves cursor to...")
• Limit the first line to 72 characters or less
• Reference issues and pull requests liberally after the first line
• When only changing documentation, include [ci skip] in the commit title.