trendmicro · felipecosta09 · May 2, 2023
diff --git a/.github/CONTRIBUTING.md b/.github/CONTRIBUTING.md
@@ -0,0 +1,21 @@
+# Contributing to conformity-migration-tool
+
+:tada: Thank you for taking the time to contribute! :tada:
+
+## How can I contribute?
+
+- Fork this repository.
+- Commit your code with a message that is structured according to the [Conventional Commits](https://www.conventionalcommits.org/en/v1.0.0/) specification.
+- Submit a PR with the information requested in PR template.
+- You are very likely to be asked to squash you commits after PR review is done. There are several ways to do so.
+  But if you don't know any, here is an example that squashes the latest 3 commits.
+
+  ```bash
+  git reset --soft HEAD~3
+  git commit -m "feat: Add some cool stuff"
+  ```
+
+  > Tip: Backup your branch before you try new things.
+
+  > If you submit a PR on console and not familiar with git CLI, no big deal!
+  > Just leave a comment in PR and we can do it for you!
diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md
@@ -0,0 +1,45 @@
+---
+name: Bug report
+about: Create a report to help us improve
+title: ''
+labels: bug
+assignees: ''
+
+---
+
+<!--
+Before submitting an issue, please search for existing issues and
+make sure it is not a duplicate.
+-->
+
+# <PATH_TO_THE_SOLUTION>
+<!-- For example: # post-scan-actions/aws-python-promote-or-quarantine -->
+
+## Describe the bug
+
+<!-- A clear and concise description of what the bug is. -->
+
+## To reproduce
+
+<!--
+Steps to reproduce the behavior:
+1. Go to ...
+2. Click on ...
+3. Scroll down to '....'
+4. See error
+-->
+
+## Expected behavior
+
+<!-- A clear and concise description of what you expected to happen. -->
+
+## Screenshots
+
+<!-- If applicable, add screenshots to help explain your problem. -->
+
+## Additional context
+
+<!--
+Anything you think that would help to resolve the issue,
+such as environment, platform, or a solution proposal.
+-->
diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md
@@ -0,0 +1,23 @@
+# Description
+<!--- Describe your changes in detail -->
+
+## Proposed Changes
+
+- New blah blah
+- Creates blah blah
+- Full details listed here.
+
+## Type of change
+
+Please delete options that are not relevant.
+
+- [ ] Bug fix (non-breaking change which fixes an issue)
+- [ ] New feature (non-breaking change which adds functionality)
+- [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
+- [ ] This change requires a documentation update
+
+## Checklist before requesting a review
+
+- [ ] I have performed a self-review of my code
+- [ ] If it is a core feature, I have added thorough tests.
+
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,38 @@
+# Security Policy
+
+## Supported Versions
+
+There are no official “Long Term Support” versions, instead, fixes to vulnerabilities are made
+for the latest feature release and merged up to the main branch.
+
+We makes no formal guarantee for any older maintenance tracks to receive updates.
+In practice, though, critical vulnerability fixes are applied only to the most recent version.
+
+## Reporting a Vulnerability 
+
+We take all security vulnerabilities seriously.
+Thank you for improving the security of our open source software.
+We appreciate your efforts and responsible disclosure and will
+make every effort to acknowledge your contributions.
+
+Report security vulnerabilities by creating a request to the Cloud One Community security team [here](https://github.com/trendmicro/conformity-migration-tool/security/advisories/new)
+
+The lead maintainer will acknowledge your request, and will
+send a more detailed response indicating the next steps in 
+handling your report. After the initial reply to your report, the security
+team will endeavor to keep you informed of the progress towards a fix and
+full announcement, and may ask for additional information or guidance.
+
+Report security vulnerabilities in third-party modules to the person or 
+team maintaining the module.
+
+## Disclosure Policy
+
+When the security team receives a security bug report, they will assign it
+to a primary handler. This person will coordinate the fix and release
+process, involving the following steps:
+
+  * Confirm the problem and determine the affected versions.
+  * Audit code to find any potential similar problems.
+  * Prepare fixes for all releases still under maintenance.
+  * These fixes will be released as fast as possible.