├── README.md ├── .github └── workflows │ └── semgrep.yml ├── SECURITY.md ├── CONTRIBUTING.md └── CODE_OF_CONDUCT.md /README.md: -------------------------------------------------------------------------------- 1 | # .github 2 | > Cloudflare's template for open source community resources 3 | 4 | This repo contains shared community resources that will propagate to all public 5 | repositories that don't already have their own resource that fills this purpose. 6 | 7 | You can learn more about this GitHub feature [here](https://help.github.com/en/articles/creating-a-default-community-health-file-for-your-organization). 8 | 9 | 10 | -------------------------------------------------------------------------------- /.github/workflows/semgrep.yml: -------------------------------------------------------------------------------- 1 | 2 | on: 3 | pull_request: {} 4 | workflow_dispatch: {} 5 | push: 6 | branches: 7 | - main 8 | - master 9 | schedule: 10 | - cron: '0 0 * * *' 11 | name: Semgrep config 12 | jobs: 13 | semgrep: 14 | name: semgrep/ci 15 | runs-on: ubuntu-20.04 16 | env: 17 | SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }} 18 | SEMGREP_URL: https://cloudflare.semgrep.dev 19 | SEMGREP_APP_URL: https://cloudflare.semgrep.dev 20 | SEMGREP_VERSION_CHECK_URL: https://cloudflare.semgrep.dev/api/check-version 21 | container: 22 | image: returntocorp/semgrep 23 | steps: 24 | - uses: actions/checkout@v3 25 | - run: semgrep ci 26 | -------------------------------------------------------------------------------- /SECURITY.md: -------------------------------------------------------------------------------- 1 | # Security Policy 2 | 3 | https://www.cloudflare.com/disclosure 4 | 5 | ## Reporting a Vulnerability 6 | 7 | * https://hackerone.com/cloudflare 8 | * All Cloudflare products are in scope for reporting. If you submit a valid report on bounty-eligible assets through our disclosure program, we will transfer your report to our private bug bounty program and invite you as a participant. 9 | * `mailto:security@cloudflare.com` 10 | * If you'd like to encrypt your message, please do so within the the body of the message. Our email system doesn't handle PGP-MIME well. 11 | * https://www.cloudflare.com/gpg/security-at-cloudflare-pubkey-06A67236.txt 12 | 13 | All abuse reports should be submitted to our Trust & Safety team through our dedicated page: https://www.cloudflare.com/abuse/ 14 | 15 | -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | # Contributing 2 | 3 | Welcome to Cloudflare OpenSource! We're super excited to have you here. This document contains 4 | the best practices for contributing to our repositories. 5 | 6 | ## Filing an Issue 7 | 8 | If you are using one of our open source projects- you'll likely begin interacting with us by 9 | filing an issue. Regardless of whether you think the issue is with the project itself, if you're 10 | having trouble using the project, feel free to file an issue on the repo. 11 | 12 | **If you have a feature request, please file an issue before making a PR.** Everyone's time is 13 | incredibley valuable, so if you have an idea for a feature, please file an issue. This way we 14 | can have a discussion with you, and the community, about the design, before you have sunk a 15 | bunch of time into developing it. 16 | 17 | **You do not need to file an issue for small fixes.** If you are fixing a typo or refactoring 18 | a bit of code, you likely don't need to file an issue. This is a judgement call, and *sometimes* 19 | we may review your PR and ask you to file an issue if we expect there are larger design decisions 20 | to be made. 21 | 22 | **Each repository has an Issue Template.** This helps us make sure that you can give us the most 23 | information about your issue upfront, so we can limit the amount of back and forth required 24 | before your issue can be resolved. Do your best to fill it out, but if you have trouble, it's 25 | ok to file an incomplete issue template. 26 | 27 | ## Making a PR 28 | 29 | **If you are considering filing a pull request, make sure that there's an issue filed for the work 30 | you'd like to do.** There might be some discussion required! Filing an issue first will help ensure 31 | that the work you put into your pull request will get merged. 32 | 33 | Once your PR is made, it will be labelled *needs review*. A maintainer will review your PR as soon 34 | as they can. The reviewer may ask for changes- they will mark the PR as *changes requested* and 35 | *work in progress* and will give you details about the requested changes. Feel free to ask lots of 36 | questions! The maintainers are there to help you! 37 | 38 | ### IDE Configuration Files 39 | 40 | Machine specific configuration files may be generaged by your IDE while working on the project. Please make sure to add these files to a global .gitignore so they are kept from accidentally being commited to the project and causing issues for other contributors. 41 | 42 | Some examples of these files are the .idea folder created by JetBrains products (WebStorm, IntelliJ, etc) as well as .vscode created by Visual Studio Code for workspace specific settings. 43 | 44 | For help setting up a global `.gitignore` check out this [GitHub article](https://help.github.com/articles/ignoring-files/#create-a-global-gitignorea)! 45 | 46 | ## Conduct 47 | 48 | Cloudflare OpenSource follows the [Contributor Covenant Code of Conduct]. You can find a copy in each 49 | of our repositories. Violating the CoC could result in a warning or a ban to any and all repositories 50 | in this origanization. 51 | 52 | [Contributor Covenant Code of Conduct]: CODE_OF_CONDUCT.md 53 | 54 | ## Contact 55 | 56 | If you have any questions, please reach out to [opensource@cloudflare.com](mailto:opensource@cloudflare.com). 57 | -------------------------------------------------------------------------------- /CODE_OF_CONDUCT.md: -------------------------------------------------------------------------------- 1 | # Contributor Covenant Code of Conduct 2 | 3 | ## Our Pledge 4 | 5 | In the interest of fostering an open and welcoming environment, we as 6 | contributors and maintainers pledge to making participation in our project and 7 | our community a harassment-free experience for everyone, regardless of age, body 8 | size, disability, ethnicity, sex characteristics, gender identity and expression, 9 | level of experience, education, socio-economic status, nationality, personal 10 | appearance, race, religion, or sexual identity and orientation. 11 | 12 | ## Our Standards 13 | 14 | Examples of behavior that contributes to creating a positive environment 15 | include: 16 | 17 | * Using welcoming and inclusive language 18 | * Being respectful of differing viewpoints and experiences 19 | * Gracefully accepting constructive criticism 20 | * Focusing on what is best for the community 21 | * Showing empathy towards other community members 22 | 23 | Examples of unacceptable behavior by participants include: 24 | 25 | * The use of sexualized language or imagery and unwelcome sexual attention or 26 | advances 27 | * Trolling, insulting/derogatory comments, and personal or political attacks 28 | * Public or private harassment 29 | * Publishing others' private information, such as a physical or electronic 30 | address, without explicit permission 31 | * Other conduct which could reasonably be considered inappropriate in a 32 | professional setting 33 | 34 | ## Our Responsibilities 35 | 36 | Project maintainers are responsible for clarifying the standards of acceptable 37 | behavior and are expected to take appropriate and fair corrective action in 38 | response to any instances of unacceptable behavior. 39 | 40 | Project maintainers have the right and responsibility to remove, edit, or 41 | reject comments, commits, code, wiki edits, issues, and other contributions 42 | that are not aligned to this Code of Conduct, or to ban temporarily or 43 | permanently any contributor for other behaviors that they deem inappropriate, 44 | threatening, offensive, or harmful. 45 | 46 | ## Scope 47 | 48 | This Code of Conduct applies both within project spaces and in public spaces 49 | when an individual is representing the project or its community. Examples of 50 | representing a project or community include using an official project e-mail 51 | address, posting via an official social media account, or acting as an appointed 52 | representative at an online or offline event. Representation of a project may be 53 | further defined and clarified by project maintainers. 54 | 55 | ## Enforcement 56 | 57 | Instances of abusive, harassing, or otherwise unacceptable behavior may be 58 | reported by contacting the project team at [opensource@cloudflare.com]. All 59 | complaints will be reviewed and investigated and will result in a response that 60 | is deemed necessary and appropriate to the circumstances. The project team is 61 | obligated to maintain confidentiality with regard to the reporter of an incident. 62 | Further details of specific enforcement policies may be posted separately. 63 | 64 | Project maintainers who do not follow or enforce the Code of Conduct in good 65 | faith may face temporary or permanent repercussions as determined by other 66 | members of the project's leadership. 67 | 68 | ## Attribution 69 | 70 | This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, 71 | available at https://www.contributor-covenant.org/version/1/4/code-of-conduct.html 72 | 73 | [homepage]: https://www.contributor-covenant.org 74 | [opensource@cloudflare.com]: mailto:opensource@cloudflare.com 75 | 76 | For answers to common questions about this code of conduct, see 77 | https://www.contributor-covenant.org/faq 78 | 79 | --------------------------------------------------------------------------------