From 96ae665f6e509a2784ae9274b48a1f711746a00f Mon Sep 17 00:00:00 2001
From: aeneasr <3372410+aeneasr@users.noreply.github.com>
Date: Mon, 7 Aug 2023 14:49:18 +0000
Subject: [PATCH] chore: update repository templates to
 https://github.com/ory/meta/commit/c78ed2330ca2a3fa1722a9552761d633468bb3b8

---
 .github/ISSUE_TEMPLATE/BUG-REPORT.yml      |  26 +-
 .github/ISSUE_TEMPLATE/DESIGN-DOC.yml      |  26 +-
 .github/ISSUE_TEMPLATE/FEATURE-REQUEST.yml |  32 ++-
 .github/ISSUE_TEMPLATE/config.yml          |   6 +-
 CODE_OF_CONDUCT.md                         | 140 +++++++++++
 CONTRIBUTING.md                            | 267 +++++++++++++++++++++
 SECURITY.md                                |  30 +++
 7 files changed, 477 insertions(+), 50 deletions(-)
 create mode 100644 CODE_OF_CONDUCT.md
 create mode 100644 CONTRIBUTING.md
 create mode 100644 SECURITY.md

diff --git a/.github/ISSUE_TEMPLATE/BUG-REPORT.yml b/.github/ISSUE_TEMPLATE/BUG-REPORT.yml
index b5e079d..ce1dce2 100644
--- a/.github/ISSUE_TEMPLATE/BUG-REPORT.yml
+++ b/.github/ISSUE_TEMPLATE/BUG-REPORT.yml
@@ -12,27 +12,26 @@ body:
   - attributes:
       label: "Preflight checklist"
       options:
-        - label:
-            "I could not find a solution in the existing issues, docs, nor
+        - label: "I could not find a solution in the existing issues, docs, nor
             discussions."
           required: true
-        - label:
-            "I agree to follow this project's [Code of
+        - label: "I agree to follow this project's [Code of
             Conduct](https://github.com/ory/oathkeeper-client-go/blob/master/CODE_OF_CONDUCT.md)."
           required: true
-        - label:
-            "I have read and am following this repository's [Contribution
+        - label: "I have read and am following this repository's [Contribution
             Guidelines](https://github.com/ory/oathkeeper-client-go/blob/master/CONTRIBUTING.md)."
           required: true
-        - label:
-            "This issue affects my [Ory Network](https://www.ory.sh/) project."
-        - label:
-            "I have joined the [Ory Community Slack](https://slack.ory.sh)."
-        - label:
-            "I am signed up to the [Ory Security Patch
+        - label: "I have joined the [Ory Community Slack](https://slack.ory.sh)."
+        - label: "I am signed up to the [Ory Security Patch
             Newsletter](https://ory.us10.list-manage.com/subscribe?u=ffb1a878e4ec6c0ed312a3480&id=f605a41b53)."
     id: checklist
     type: checkboxes
+  - attributes:
+      description: "Enter the slug or API URL of the affected Ory Network project. Leave empty when you are self-hosting."
+      label: "Ory Network Project"
+      placeholder: "https://<your-project-slug>.projects.oryapis.com"
+    id: ory-network-project
+    type: input
   - attributes:
       description: "A clear and concise description of what the bug is."
       label: "Describe the bug"
@@ -56,8 +55,7 @@ body:
     validations:
       required: true
   - attributes:
-      description:
-        "Please copy and paste any relevant log output. This will be
+      description: "Please copy and paste any relevant log output. This will be
         automatically formatted into code, so no need for backticks. Please
         redact any sensitive information"
       label: "Relevant log output"
diff --git a/.github/ISSUE_TEMPLATE/DESIGN-DOC.yml b/.github/ISSUE_TEMPLATE/DESIGN-DOC.yml
index d3f145a..4475723 100644
--- a/.github/ISSUE_TEMPLATE/DESIGN-DOC.yml
+++ b/.github/ISSUE_TEMPLATE/DESIGN-DOC.yml
@@ -1,8 +1,7 @@
 # AUTO-GENERATED, DO NOT EDIT!
 # Please edit the original at https://github.com/ory/meta/blob/master/templates/repository/common/.github/ISSUE_TEMPLATE/DESIGN-DOC.yml
 
-description:
-  "A design document is needed for non-trivial changes to the code base."
+description: "A design document is needed for non-trivial changes to the code base."
 labels:
   - rfc
 name: "Design Document"
@@ -23,27 +22,26 @@ body:
   - attributes:
       label: "Preflight checklist"
       options:
-        - label:
-            "I could not find a solution in the existing issues, docs, nor
+        - label: "I could not find a solution in the existing issues, docs, nor
             discussions."
           required: true
-        - label:
-            "I agree to follow this project's [Code of
+        - label: "I agree to follow this project's [Code of
             Conduct](https://github.com/ory/oathkeeper-client-go/blob/master/CODE_OF_CONDUCT.md)."
           required: true
-        - label:
-            "I have read and am following this repository's [Contribution
+        - label: "I have read and am following this repository's [Contribution
             Guidelines](https://github.com/ory/oathkeeper-client-go/blob/master/CONTRIBUTING.md)."
           required: true
-        - label:
-            "This issue affects my [Ory Network](https://www.ory.sh/) project."
-        - label:
-            "I have joined the [Ory Community Slack](https://slack.ory.sh)."
-        - label:
-            "I am signed up to the [Ory Security Patch
+        - label: "I have joined the [Ory Community Slack](https://slack.ory.sh)."
+        - label: "I am signed up to the [Ory Security Patch
             Newsletter](https://ory.us10.list-manage.com/subscribe?u=ffb1a878e4ec6c0ed312a3480&id=f605a41b53)."
     id: checklist
     type: checkboxes
+  - attributes:
+      description: "Enter the slug or API URL of the affected Ory Network project. Leave empty when you are self-hosting."
+      label: "Ory Network Project"
+      placeholder: "https://<your-project-slug>.projects.oryapis.com"
+    id: ory-network-project
+    type: input
   - attributes:
       description: |
         This section gives the reader a very rough overview of the landscape in which the new system is being built and what is actually being built. This isn’t a requirements doc. Keep it succinct! The goal is that readers are brought up to speed but some previous knowledge can be assumed and detailed info can be linked to. This section should be entirely focused on objective background facts.
diff --git a/.github/ISSUE_TEMPLATE/FEATURE-REQUEST.yml b/.github/ISSUE_TEMPLATE/FEATURE-REQUEST.yml
index 5e9336f..95426f4 100644
--- a/.github/ISSUE_TEMPLATE/FEATURE-REQUEST.yml
+++ b/.github/ISSUE_TEMPLATE/FEATURE-REQUEST.yml
@@ -1,8 +1,7 @@
 # AUTO-GENERATED, DO NOT EDIT!
 # Please edit the original at https://github.com/ory/meta/blob/master/templates/repository/common/.github/ISSUE_TEMPLATE/FEATURE-REQUEST.yml
 
-description:
-  "Suggest an idea for this project without a plan for implementation"
+description: "Suggest an idea for this project without a plan for implementation"
 labels:
   - feat
 name: "Feature Request"
@@ -16,30 +15,28 @@ body:
   - attributes:
       label: "Preflight checklist"
       options:
-        - label:
-            "I could not find a solution in the existing issues, docs, nor
+        - label: "I could not find a solution in the existing issues, docs, nor
             discussions."
           required: true
-        - label:
-            "I agree to follow this project's [Code of
+        - label: "I agree to follow this project's [Code of
             Conduct](https://github.com/ory/oathkeeper-client-go/blob/master/CODE_OF_CONDUCT.md)."
           required: true
-        - label:
-            "I have read and am following this repository's [Contribution
+        - label: "I have read and am following this repository's [Contribution
             Guidelines](https://github.com/ory/oathkeeper-client-go/blob/master/CONTRIBUTING.md)."
           required: true
-        - label:
-            "This issue affects my [Ory Network](https://www.ory.sh/) project."
-        - label:
-            "I have joined the [Ory Community Slack](https://slack.ory.sh)."
-        - label:
-            "I am signed up to the [Ory Security Patch
+        - label: "I have joined the [Ory Community Slack](https://slack.ory.sh)."
+        - label: "I am signed up to the [Ory Security Patch
             Newsletter](https://ory.us10.list-manage.com/subscribe?u=ffb1a878e4ec6c0ed312a3480&id=f605a41b53)."
     id: checklist
     type: checkboxes
   - attributes:
-      description:
-        "Is your feature request related to a problem? Please describe."
+      description: "Enter the slug or API URL of the affected Ory Network project. Leave empty when you are self-hosting."
+      label: "Ory Network Project"
+      placeholder: "https://<your-project-slug>.projects.oryapis.com"
+    id: ory-network-project
+    type: input
+  - attributes:
+      description: "Is your feature request related to a problem? Please describe."
       label: "Describe your problem"
       placeholder:
         "A clear and concise description of what the problem is. Ex. I'm always
@@ -73,8 +70,7 @@ body:
     validations:
       required: true
   - attributes:
-      description:
-        "Add any other context or screenshots about the feature request here."
+      description: "Add any other context or screenshots about the feature request here."
       label: Additional Context
     id: additional
     type: textarea
diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml
index f1418f4..72a243f 100644
--- a/.github/ISSUE_TEMPLATE/config.yml
+++ b/.github/ISSUE_TEMPLATE/config.yml
@@ -5,10 +5,8 @@ blank_issues_enabled: false
 contact_links:
   - name: Ory Ory Oathkeeper Go Client Forum
     url: https://github.com/orgs/ory/discussions
-    about:
-      Please ask and answer questions here, show your implementations and
+    about: Please ask and answer questions here, show your implementations and
       discuss ideas.
   - name: Ory Chat
     url: https://www.ory.sh/chat
-    about:
-      Hang out with other Ory community members to ask and answer questions.
+    about: Hang out with other Ory community members to ask and answer questions.
diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md
new file mode 100644
index 0000000..0f29f3a
--- /dev/null
+++ b/CODE_OF_CONDUCT.md
@@ -0,0 +1,140 @@
+<!-- AUTO-GENERATED, DO NOT EDIT! -->
+<!-- Please edit the original at https://github.com/ory/meta/blob/master/templates/repository/common/CODE_OF_CONDUCT.md -->
+
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+We as members, contributors, and leaders pledge to make participation in our
+community a harassment-free experience for everyone, regardless of age, body
+size, visible or invisible disability, ethnicity, sex characteristics, gender
+identity and expression, level of experience, education, socio-economic status,
+nationality, personal appearance, race, caste, color, religion, or sexual
+identity and orientation.
+
+We pledge to act and interact in ways that contribute to an open, welcoming,
+diverse, inclusive, and healthy community.
+
+## Our Standards
+
+Examples of behavior that contributes to a positive environment for our
+community include:
+
+- Demonstrating empathy and kindness toward other people
+- Being respectful of differing opinions, viewpoints, and experiences
+- Giving and gracefully accepting constructive feedback
+- Accepting responsibility and apologizing to those affected by our mistakes,
+  and learning from the experience
+- Focusing on what is best not just for us as individuals, but for the overall
+  community
+
+Examples of unacceptable behavior include:
+
+- The use of sexualized language or imagery, and sexual attention or advances of
+  any kind
+- Trolling, insulting or derogatory comments, and personal or political attacks
+- Public or private harassment
+- Publishing others' private information, such as a physical or email address,
+  without their explicit permission
+- Other conduct which could reasonably be considered inappropriate in a
+  professional setting
+
+## Open Source Community Support
+
+Ory Open source software is collaborative and based on contributions by developers in the Ory community. There is no obligation from Ory to help with individual problems.
+If Ory open source software is used in production in a for-profit company or enterprise environment, we mandate a paid support contract where Ory is obligated under their service level agreements (SLAs) to offer a defined level of availability and responsibility. For more information about paid support please contact us at sales@ory.sh.
+
+## Enforcement Responsibilities
+
+Community leaders are responsible for clarifying and enforcing our standards of
+acceptable behavior and will take appropriate and fair corrective action in
+response to any behavior that they deem inappropriate, threatening, offensive,
+or harmful.
+
+Community leaders have the right and responsibility to remove, edit, or reject
+comments, commits, code, wiki edits, issues, and other contributions that are
+not aligned to this Code of Conduct, and will communicate reasons for moderation
+decisions when appropriate.
+
+## Scope
+
+This Code of Conduct applies within all community spaces, and also applies when
+an individual is officially representing the community in public spaces.
+Examples of representing our community include using an official e-mail address,
+posting via an official social media account, or acting as an appointed
+representative at an online or offline event.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported to the community leaders responsible for enforcement at
+[office@ory.sh](mailto:office@ory.sh). All complaints will be reviewed and
+investigated promptly and fairly.
+
+All community leaders are obligated to respect the privacy and security of the
+reporter of any incident.
+
+## Enforcement Guidelines
+
+Community leaders will follow these Community Impact Guidelines in determining
+the consequences for any action they deem in violation of this Code of Conduct:
+
+### 1. Correction
+
+**Community Impact**: Use of inappropriate language or other behavior deemed
+unprofessional or unwelcome in the community.
+
+**Consequence**: A private, written warning from community leaders, providing
+clarity around the nature of the violation and an explanation of why the
+behavior was inappropriate. A public apology may be requested.
+
+### 2. Warning
+
+**Community Impact**: A violation through a single incident or series of
+actions.
+
+**Consequence**: A warning with consequences for continued behavior. No
+interaction with the people involved, including unsolicited interaction with
+those enforcing the Code of Conduct, for a specified period of time. This
+includes avoiding interactions in community spaces as well as external channels
+like social media. Violating these terms may lead to a temporary or permanent
+ban.
+
+### 3. Temporary Ban
+
+**Community Impact**: A serious violation of community standards, including
+sustained inappropriate behavior.
+
+**Consequence**: A temporary ban from any sort of interaction or public
+communication with the community for a specified period of time. No public or
+private interaction with the people involved, including unsolicited interaction
+with those enforcing the Code of Conduct, is allowed during this period.
+Violating these terms may lead to a permanent ban.
+
+### 4. Permanent Ban
+
+**Community Impact**: Demonstrating a pattern of violation of community
+standards, including sustained inappropriate behavior, harassment of an
+individual, or aggression toward or disparagement of classes of individuals.
+
+**Consequence**: A permanent ban from any sort of public interaction within the
+community.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage],
+version 2.1, available at
+[https://www.contributor-covenant.org/version/2/1/code_of_conduct.html][v2.1].
+
+Community Impact Guidelines were inspired by [Mozilla's code of conduct
+enforcement ladder][mozilla coc].
+
+For answers to common questions about this code of conduct, see the FAQ at
+[https://www.contributor-covenant.org/faq][faq]. Translations are available at
+[https://www.contributor-covenant.org/translations][translations].
+
+[homepage]: https://www.contributor-covenant.org
+[v2.1]: https://www.contributor-covenant.org/version/2/1/code_of_conduct.html
+[mozilla coc]: https://github.com/mozilla/diversity
+[faq]: https://www.contributor-covenant.org/faq
+[translations]: https://www.contributor-covenant.org/translations
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
new file mode 100644
index 0000000..efed9eb
--- /dev/null
+++ b/CONTRIBUTING.md
@@ -0,0 +1,267 @@
+<!-- AUTO-GENERATED, DO NOT EDIT! -->
+<!-- Please edit the original at https://github.com/ory/meta/blob/master/templates/repository/common/CONTRIBUTING.md -->
+
+# Contribute to Ory Ory Oathkeeper Go Client<!-- omit in toc -->
+
+<!-- START doctoc generated TOC please keep comment here to allow auto update -->
+<!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE -->
+
+- [Introduction](#introduction)
+- [FAQ](#faq)
+- [How can I contribute?](#how-can-i-contribute)
+- [Communication](#communication)
+- [Contribute examples](#contribute-examples)
+- [Contribute code](#contribute-code)
+- [Contribute documentation](#contribute-documentation)
+- [Disclosing vulnerabilities](#disclosing-vulnerabilities)
+- [Code style](#code-style)
+  - [Working with forks](#working-with-forks)
+- [Conduct](#conduct)
+
+<!-- END doctoc generated TOC please keep comment here to allow auto update -->
+
+## Introduction
+
+_Please note_: We take Ory Ory Oathkeeper Go Client's security and our users' trust very
+seriously. If you believe you have found a security issue in Ory Ory Oathkeeper Go Client,
+please disclose it by contacting us at security@ory.sh.
+
+There are many ways in which you can contribute. The goal of this document is to
+provide a high-level overview of how you can get involved in Ory.
+
+As a potential contributor, your changes and ideas are welcome at any hour of
+the day or night, on weekdays, weekends, and holidays. Please do not ever
+hesitate to ask a question or send a pull request.
+
+If you are unsure, just ask or submit the issue or pull request anyways. You
+won't be yelled at for giving it your best effort. The worst that can happen is
+that you'll be politely asked to change something. We appreciate any sort of
+contributions and don't want a wall of rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash with Ory
+Ory Oathkeeper Go Client's direction. A great way to
+do this is via
+[Ory Ory Oathkeeper Go Client Discussions](https://github.com/orgs/ory/discussions)
+or the [Ory Chat](https://www.ory.sh/chat).
+
+## FAQ
+
+- I am new to the community. Where can I find the
+  [Ory Community Code of Conduct?](https://github.com/ory/oathkeeper-client-go/blob/master/CODE_OF_CONDUCT.md)
+
+- I have a question. Where can I get
+  [answers to questions regarding Ory Ory Oathkeeper Go Client?](#communication)
+
+- I would like to contribute but I am not sure how. Are there
+  [easy ways to contribute?](#how-can-i-contribute)
+  [Or good first issues?](https://github.com/search?l=&o=desc&q=label%3A%22help+wanted%22+label%3A%22good+first+issue%22+is%3Aopen+user%3Aory+user%3Aory-corp&s=updated&type=Issues)
+
+- I want to talk to other Ory Ory Oathkeeper Go Client users.
+  [How can I become a part of the community?](#communication)
+
+- I would like to know what I am agreeing to when I contribute to Ory
+  Ory Oathkeeper Go Client.
+  Does Ory have
+  [a Contributors License Agreement?](https://cla-assistant.io/ory/oathkeeper-client-go)
+
+- I would like updates about new versions of Ory Ory Oathkeeper Go Client.
+  [How are new releases announced?](https://ory.us10.list-manage.com/subscribe?u=ffb1a878e4ec6c0ed312a3480&id=f605a41b53)
+
+## How can I contribute?
+
+If you want to start to contribute code right away, take a look at the
+[list of good first issues](https://github.com/ory/oathkeeper-client-go/labels/good%20first%20issue).
+
+There are many other ways you can contribute. Here are a few things you can do
+to help out:
+
+- **Give us a star.** It may not seem like much, but it really makes a
+  difference. This is something that everyone can do to help out Ory Ory Oathkeeper Go Client.
+  Github stars help the project gain visibility and stand out.
+
+- **Join the community.** Sometimes helping people can be as easy as listening
+  to their problems and offering a different perspective. Join our Slack, have a
+  look at discussions in the forum and take part in community events. More info
+  on this in [Communication](#communication).
+
+- **Answer discussions.** At all times, there are several unanswered discussions
+  on GitHub. You can see an
+  [overview here](https://github.com/discussions?discussions_q=is%3Aunanswered+org%3Aory+sort%3Aupdated-desc).
+  If you think you know an answer or can provide some information that might
+  help, please share it! Bonus: You get GitHub achievements for answered
+  discussions.
+
+- **Help with open issues.** We have a lot of open issues for Ory Ory Oathkeeper Go Client and
+  some of them may lack necessary information, some are duplicates of older
+  issues. You can help out by guiding people through the process of filling out
+  the issue template, asking for clarifying information or pointing them to
+  existing issues that match their description of the problem.
+
+- **Review documentation changes.** Most documentation just needs a review for
+  proper spelling and grammar. If you think a document can be improved in any
+  way, feel free to hit the `edit` button at the top of the page. More info on
+  contributing to the documentation [here](#contribute-documentation).
+
+- **Help with tests.** Pull requests may lack proper tests or test plans. These
+  are needed for the change to be implemented safely.
+
+## Communication
+
+We use [Slack](https://www.ory.sh/chat). You are welcome to drop in and ask
+questions, discuss bugs and feature requests, talk to other users of Ory, etc.
+
+Check out [Ory Ory Oathkeeper Go Client Discussions](https://github.com/orgs/ory/discussions). This is a great place for
+in-depth discussions and lots of code examples, logs and similar data.
+
+You can also join our community calls if you want to speak to the Ory team
+directly or ask some questions. You can find more info and participate in
+[Slack](https://www.ory.sh/chat) in the #community-call channel.
+
+If you want to receive regular notifications about updates to Ory Ory Oathkeeper Go Client,
+consider joining the mailing list. We will _only_ send you vital information on
+the projects that you are interested in.
+
+Also, [follow us on Twitter](https://twitter.com/orycorp).
+
+## Contribute examples
+
+One of the most impactful ways to contribute is by adding examples. You can find
+an overview of examples using Ory services on the
+[documentation examples page](https://www.ory.sh/docs/examples). Source code for
+examples can be found in most cases in the
+[ory/examples](https://github.com/ory/examples) repository.
+
+_If you would like to contribute a new example, we would love to hear from you!_
+
+Please [open an issue](https://github.com/ory/examples/issues/new/choose) to
+describe your example before you start working on it. We would love to provide
+guidance to make for a pleasant contribution experience. Go through this
+checklist to contribute an example:
+
+1. Create a GitHub issue proposing a new example and make sure it's different
+   from an existing one.
+1. Fork the repo and create a feature branch off of `master` so that changes do
+   not get mixed up.
+1. Add a descriptive prefix to commits. This ensures a uniform commit history
+   and helps structure the changelog. Please refer to this
+   [list of prefixes for Ory Oathkeeper Go Client](https://github.com/ory/oathkeeper-client-go/blob/master/.github/semantic.yml)
+   for an overview.
+1. Create a `README.md` that explains how to use the example. (Use
+   [the README template](https://github.com/ory/examples/blob/master/_common/README)).
+1. Open a pull request and maintainers will review and merge your example.
+
+## Contribute code
+
+Unless you are fixing a known bug, we **strongly** recommend discussing it with
+the core team via a GitHub issue or [in our chat](https://www.ory.sh/chat)
+before getting started to ensure your work is consistent with Ory Ory Oathkeeper Go Client's
+roadmap and architecture.
+
+All contributions are made via pull requests. To make a pull request, you will
+need a GitHub account; if you are unclear on this process, see GitHub's
+documentation on [forking](https://help.github.com/articles/fork-a-repo) and
+[pull requests](https://help.github.com/articles/using-pull-requests). Pull
+requests should be targeted at the `master` branch. Before creating a pull
+request, go through this checklist:
+
+1. Create a feature branch off of `master` so that changes do not get mixed up.
+1. [Rebase](http://git-scm.com/book/en/Git-Branching-Rebasing) your local
+   changes against the `master` branch.
+1. Run the full project test suite with the `go test -tags sqlite ./...` (or
+   equivalent) command and confirm that it passes.
+1. Run `make format`
+1. Add a descriptive prefix to commits. This ensures a uniform commit history
+   and helps structure the changelog. Please refer to this
+   [list of prefixes for Ory Oathkeeper Go Client](https://github.com/ory/oathkeeper-client-go/blob/master/.github/semantic.yml)
+   for an overview.
+
+If a pull request is not ready to be reviewed yet
+[it should be marked as a "Draft"](https://docs.github.com/en/github/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-stage-of-a-pull-request).
+
+Before your contributions can be reviewed you need to sign our
+[Contributor License Agreement](https://cla-assistant.io/ory/oathkeeper-client-go).
+
+This agreement defines the terms under which your code is contributed to Ory.
+More specifically it declares that you have the right to, and actually do, grant
+us the rights to use your contribution. You can see the Apache 2.0 license under
+which our projects are published
+[here](https://github.com/ory/meta/blob/master/LICENSE).
+
+When pull requests fail the automated testing stages (for example unit or E2E
+tests), authors are expected to update their pull requests to address the
+failures until the tests pass.
+
+Pull requests eligible for review
+
+1. follow the repository's code formatting conventions;
+2. include tests that prove that the change works as intended and does not add
+   regressions;
+3. document the changes in the code and/or the project's documentation;
+4. pass the CI pipeline;
+5. have signed our
+   [Contributor License Agreement](https://cla-assistant.io/ory/oathkeeper-client-go);
+6. include a proper git commit message following the
+   [Conventional Commit Specification](https://www.conventionalcommits.org/en/v1.0.0/).
+
+If all of these items are checked, the pull request is ready to be reviewed and
+you should change the status to "Ready for review" and
+[request review from a maintainer](https://docs.github.com/en/github/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/requesting-a-pull-request-review).
+
+Reviewers will approve the pull request once they are satisfied with the patch.
+
+## Contribute documentation
+
+Please provide documentation when changing, removing, or adding features. All
+Ory Documentation resides in the
+[Ory documentation repository](https://github.com/ory/docs/). For further
+instructions please head over to the Ory Documentation
+[README.md](https://github.com/ory/docs/blob/master/README.md).
+
+## Disclosing vulnerabilities
+
+Please disclose vulnerabilities exclusively to
+[security@ory.sh](mailto:security@ory.sh). Do not use GitHub issues.
+
+## Code style
+
+Please run `make format` to format all source code following the Ory standard.
+
+### Working with forks
+
+```bash
+# First you clone the original repository
+git clone git@github.com:ory/ory/oathkeeper-client-go.git
+
+# Next you add a git remote that is your fork:
+git remote add fork git@github.com:<YOUR-GITHUB-USERNAME-HERE>/ory/oathkeeper-client-go.git
+
+# Next you fetch the latest changes from origin for master:
+git fetch origin
+git checkout master
+git pull --rebase
+
+# Next you create a new feature branch off of master:
+git checkout my-feature-branch
+
+# Now you do your work and commit your changes:
+git add -A
+git commit -a -m "fix: this is the subject line" -m "This is the body line. Closes #123"
+
+# And the last step is pushing this to your fork
+git push -u fork my-feature-branch
+```
+
+Now go to the project's GitHub Pull Request page and click "New pull request"
+
+## Conduct
+
+Whether you are a regular contributor or a newcomer, we care about making this
+community a safe place for you and we've got your back.
+
+[Ory Community Code of Conduct](https://github.com/ory/oathkeeper-client-go/blob/master/CODE_OF_CONDUCT.md)
+
+We welcome discussion about creating a welcoming, safe, and productive
+environment for the community. If you have any questions, feedback, or concerns
+[please let us know](https://www.ory.sh/chat).
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..7a05c1c
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,30 @@
+<!-- AUTO-GENERATED, DO NOT EDIT! -->
+<!-- Please edit the original at https://github.com/ory/meta/blob/master/templates/repository/common/SECURITY.md -->
+
+<!-- START doctoc generated TOC please keep comment here to allow auto update -->
+<!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE -->
+
+- [Security Policy](#security-policy)
+  - [Supported Versions](#supported-versions)
+  - [Reporting a Vulnerability](#reporting-a-vulnerability)
+
+<!-- END doctoc generated TOC please keep comment here to allow auto update -->
+
+# Security Policy
+
+## Supported Versions
+
+We release patches for security vulnerabilities. Which versions are eligible for
+receiving such patches depends on the CVSS v3.0 Rating:
+
+| CVSS v3.0 | Supported Versions                        |
+| --------- | ----------------------------------------- |
+| 9.0-10.0  | Releases within the previous three months |
+| 4.0-8.9   | Most recent release                       |
+
+## Reporting a Vulnerability
+
+Please report (suspected) security vulnerabilities to
+**[security@ory.sh](mailto:security@ory.sh)**. You will receive a response from
+us within 48 hours. If the issue is confirmed, we will release a patch as soon
+as possible depending on complexity but historically within a few days.