You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: CONTRIBUTING.md
+12-12Lines changed: 12 additions & 12 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -6,19 +6,12 @@ We just ask that you follow our contribution guidelines when you do.
6
6
Contributions to this project must be accompanied by a signed [Contributor Agreement](ContributorAgreement.txt).
7
7
You (or your employer) retain the copyright to your contribution; this simply grants us permission to use and redistribute your contributions as part of the project.
8
8
9
-
## Pull Request Requirement
10
-
11
-
### Code reviews
12
-
All submissions to this project—including submissions from project members—require review.
13
-
Our review process typically involves performing unit tests, development tests, integration tests, and security scans using internal SAS infrastructure.
14
-
For this reason, we don’t often merge pull requests directly from GitHub.
15
-
16
-
Instead, we work with submissions internally first, vetting them to ensure they meet our security and quality standards.
17
-
We’ll do our best to work with contributors in public issues and pull requests; however, to ensure our code meets our internal compliance standards, we may need to incorporate your submission into a solution we push ourselves.
9
+
## Code Reviews
10
+
All submissions to this project—including submissions from project members—require
11
+
review. Our review process typically involves performing unit tests, development
12
+
tests, integration tests, and security scans.
18
13
19
-
This does not mean we don’t value or appreciate your contribution.
20
-
We simply need to review your code internally before merging it.
21
-
We work to ensure all contributors receive appropriate recognition for their contributions, at least by acknowledging them in our release notes.
14
+
## Pull Request Requirement
22
15
23
16
### Conventional Commits
24
17
All pull requests must follow the [Conventional Commit](https://www.conventionalcommits.org/en/v1.0.0/)
@@ -52,3 +45,10 @@ merged. These checks include:
52
45
-**Hadolint** – for Dockerfile best practices
53
46
-**ShellCheck** – for shell script issues
54
47
-**TFLint** – for Terraform code quality
48
+
49
+
## Security Scans
50
+
To ensure that all submissions meet our security and quality standards, we perform
51
+
security scans using internal SAS infrastructure. Contributions might be subjected
52
+
to security scans before they can be accepted. Reporting of any Common Vulnerabilities
53
+
and Exposures (CVEs) that are detected is not available in this project at this
0 commit comments