Skip to content

Commit

Permalink
adding contributor's guide
Browse files Browse the repository at this point in the history
  • Loading branch information
@matthewdfuller
matthewdfuller committed Apr 19, 2019
1 parent 6f9439f commit 95d8f1e
Show file tree
Hide file tree
Showing 2 changed files with 48 additions and 7 deletions.
47 changes: 47 additions & 0 deletions .github/CONTRIBUTING.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
# Contributing to CloudSploit Remediation Guides

Thank you for your contributions to the CloudSploit Remediation Guide. This repository exists as an open source knowledge base of cloud (AWS and Azure) security guidelines to remediate common misconfigurations.

## Repo Format

This repository uses the following layout:
```
|_remediations
|_langugage (e.g. en)
|_cloud (e.g. aws)
|_category (e.g acm)
|_guide.md
```

## Guidelines for New Pages

Please ensure that your contributions include the following:

1. Each new guide should begin with the CloudSploit logo code:
```
[![CloudSploit](https://cloudsploit.com/img/logo-new-big-text-100.png "CloudSploit")](https://cloudsploit.com)
```
2. The title should follow the following format:
```
# Cloud / Category / Remediation Guide
```
For example:
```
# AWS / ACM / ACM Certificate Validation
```
3. A `## Quick Info` section containing information on the CloudSploit plugin.
4. A `## Detailed Remediation Steps` section with steps that users can follow to remediate detected issues.

## Guidelines for Adding Steps

To ensure consistent quality, please follow the below steps when contributing new remediation steps:

1. Steps should be clear and concise for users of AWS or Azure.
2. Steps should include details such as "Log into the AWS console" and "navigate to the EC2 page".
3. Describe the process to locate the detected misconfiguration or vulnerability.
4. Include as many screenshots as possible.
5. Describe how the user can verify the fix (e.g. "ensure the security group port list has changed to x").

## Submitting Changes

Please submit each new guide or each change as a separate PR by forking this repository and using your own branches.
8 changes: 1 addition & 7 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -143,10 +143,4 @@ This repository is an extension of CloudSploit's [open-source scanning engine](h

## Contributing

We welcome and encourage contributions from the community. To contribute, please fork this repository and create a pull request with your changes. If you are adding a new security control that CloudSploit does not yet scan for, we would also love if you submitted a pull request to our scans repository as well, but it isn't required.

Please consider the following guidelines:

* Each cloud provider (AWS, Azure, etc) has its own sub-folder.
* Within each provider, there are sub-folders for the services. For example, `ec2` and `s3` for AWS.
* Each security guide has its own file with the same format and structure. Please copy an existing one for reference.
Please see the [contributor's guide](.github/CONTRIBUTING.md).

0 comments on commit 95d8f1e

Please sign in to comment.