Align repo with the OGHO requirements. (#506)

oracle-samples · Jan 14, 2025 · c9b0a8e · c9b0a8e
1 parent 927bfef
commit c9b0a8e
Show file tree

Hide file tree

Showing 4 changed files with 94 additions and 14 deletions.
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -1,12 +1,18 @@
-# Contributing
+# Contributing to this repository
 
 Help us to make this project better by contributing. Whether it's new features, bug fixes, or simply improving documentation, your contributions are welcome. Please start with logging a [github issue][1] or submit a pull request.
 
 Before you contribute, please review these guidelines to help ensure a smooth process for everyone.
 
 Thanks.
 
-## Issue reporting
+## Opening issues
+
+For bugs or enhancement requests, please file a GitHub issue unless it's
+security related. When filing a bug remember that the better written the bug is,
+the more likely it is to be fixed. If you think you've found a security
+vulnerability, do not raise a GitHub issue and follow the instructions in our
+[security policy](./SECURITY.md).
 
 * Please browse our [existing issues][1] before logging new issues.
 * Check that the issue has not already been fixed in the `main` branch.
@@ -15,7 +21,28 @@ Thanks.
 * Please state the version of Clojure and Clara you are using in the description.
 * Include any relevant code in the issue summary.
 
-## Pull requests
+## Contributing code
+
+We welcome your code contributions. Before submitting code via a pull request,
+you will need to have signed the [Oracle Contributor Agreement][OCA] (OCA) and
+your commits need to include the following line using the name and e-mail
+address you used to sign the OCA:
+
+```text
+Signed-off-by: Your Name <you@example.org>
+```
+
+This can be automatically added to pull requests by committing with `--sign-off`
+or `-s`, e.g.
+
+```text
+git commit --signoff
+```
+
+Only pull requests from committers that can be verified as having signed the OCA
+can be accepted.
+
+## Pull request process
 
 * Read [how to properly contribute to open source projects on Github][2].
 * Fork the project.
@@ -30,10 +57,17 @@ Thanks.
 * Open a [pull request][7].
 * The pull request will be reviewed by the community and merged by the project committers.
 
+## Code of conduct
+
+Follow the [Golden Rule](https://en.wikipedia.org/wiki/Golden_Rule). If you'd
+like more specific guidelines, see the [Contributor Covenant Code of Conduct][COC].
+
 [1]: https://github.com/cerner/clara-rules/issues
 [2]: http://gun.io/blog/how-to-github-fork-branch-and-pull-request
 [3]: http://tbaggery.com/2008/04/19/a-note-about-git-commit-messages.html
 [4]: ./CHANGELOG.md
 [5]: ./LICENSE
 [6]: http://gitready.com/advanced/2009/02/10/squashing-commits-with-rebase.html
-[7]: https://help.github.com/articles/using-pull-requests
+[7]: https://help.github.com/articles/using-pull-requests
+[OCA]: https://oca.opensource.oracle.com
+[COC]: https://www.contributor-covenant.org/version/1/4/code-of-conduct/
diff --git a/LICENSE → LICENSE.txt b/LICENSE → LICENSE.txt
@@ -199,4 +199,4 @@
    distributed under the License is distributed on an "AS IS" BASIS,
    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    See the License for the specific language governing permissions and
-   limitations under the License.
+   limitations under the License.
diff --git a/README.md b/README.md
@@ -1,10 +1,14 @@
 [![Build Status](https://github.com/cerner/clara-rules/actions/workflows/clojure.yml/badge.svg)](https://github.com/cerner/clara-rules/actions/workflows/clojure.yml)
 
-# _About_
+# Project name
+
+clara-rules - it's a forward-chaining rules in Clojure(Script)
+
+## _About_
 
 Clara is a forward-chaining rules engine written in Clojure(Script) with Java interoperability. It aims to simplify code with a developer-centric approach to expert systems. See [clara-rules.org](http://www.clara-rules.org) for more.
 
-# _Usage_
+## _Usage_
 
 Here's a simple example. Complete documentation is at [clara-rules.org](http://www.clara-rules.org/docs/firststeps/).
 
@@ -41,7 +45,7 @@ Here's a simple example. Complete documentation is at [clara-rules.org](http://w
 ;; Notify Alice that Acme has a new support request!
 ```
 
-# _Building_
+## _Building_
 
 Clara is built, tested, and deployed using [Leiningen](http://leiningen.org). 
 ClojureScript tests are executed via [puppeteer](https://pptr.dev/). 
@@ -50,23 +54,27 @@ npm install -g puppeteer
 npx puppeteer browsers install chrome
 ```
 
-# _Availability_
+## _Availability_
 
 Clara releases are on [Clojars](https://clojars.org/). Simply add the following to your project:
 
 [![Clojars Project](http://clojars.org/com.cerner/clara-rules/latest-version.svg)](http://clojars.org/com.cerner/clara-rules)
 
-# _Communication_
+## _Communication_
 
 Questions can be posted to the [Clara Rules Google Group](https://groups.google.com/forum/?hl=en#!forum/clara-rules) or the [Slack channel](https://clojurians.slack.com/messages/clara/).  
 
-# Contributing
+## Contributing
+
+This project welcomes contributions from the community. Before submitting a pull request, please [review our contribution guide](./CONTRIBUTING.md)
+
+## Security
 
-See [CONTRIBUTING.md](CONTRIBUTING.md)
+Please consult the [security guide](./SECURITY.md) for our responsible security vulnerability disclosure process
 
-# LICENSE
+## License
 
-Copyright 2018 Cerner Innovation, Inc.
+Copyright (c) 2018, 2025 Oracle and/or its affiliates.
 
 Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
 

diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,38 @@
+# Reporting security vulnerabilities
+
+Oracle values the independent security research community and believes that
+responsible disclosure of security vulnerabilities helps us ensure the security
+and privacy of all our users.
+
+Please do NOT raise a GitHub Issue to report a security vulnerability. If you
+believe you have found a security vulnerability, please submit a report to
+[secalert_us@oracle.com][1] preferably with a proof of concept. Please review
+some additional information on [how to report security vulnerabilities to Oracle][2].
+We encourage people who contact Oracle Security to use email encryption using
+[our encryption key][3].
+
+We ask that you do not use other channels or contact the project maintainers
+directly.
+
+Non-vulnerability related security issues including ideas for new or improved
+security features are welcome on GitHub Issues.
+
+## Security updates, alerts and bulletins
+
+Security updates will be released on a regular cadence. Many of our projects
+will typically release security fixes in conjunction with the
+Oracle Critical Patch Update program. Additional
+information, including past advisories, is available on our [security alerts][4]
+page.
+
+## Security-related information
+
+We will provide security related information such as a threat model, considerations
+for secure use, or any known security issues in our documentation. Please note
+that labs and sample code are intended to demonstrate a concept and may not be
+sufficiently hardened for production use.
+
+[1]: mailto:secalert_us@oracle.com
+[2]: https://www.oracle.com/corporate/security-practices/assurance/vulnerability/reporting.html
+[3]: https://www.oracle.com/security-alerts/encryptionkey.html
+[4]: https://www.oracle.com/security-alerts/