CERTCC · ahouseholder · Mar 8, 2024 · Sep 15, 2023 · Sep 15, 2023 · Sep 26, 2023
@@ -0,0 +1,33 @@
+# These rules follow a last-match behavior.
+
+# default (if nothing else matches)
+* @ahouseholder @sei-vsarvepalli @cgyarbrough
+
+# any markdown file in doc
+/doc/**/*.md @ahouseholder @cgyarbrough @sei-vsarvepalli @j---
+
+# any markdown file in docs
+/docs/**/*.md @ahouseholder @cgyarbrough @sei-vsarvepalli @j---
+
+# architecture decision records
+/docs/adr/*.md @ahouseholder @cgyarbrough @sei-vsarvepalli @j---
+
+# ssvc-calc, wherever it lives
+ssvc-calc/ @sei-vsarvepalli @ahouseholder
+
+# source code
+/src/ @ahouseholder @sei-vsarvepalli
+*.py @ahouseholder
+*.js @sei-vsarvepalli
+
+# data
+/data/ @sei-vsarvepalli @ahouseholder
+/data/csvs @ahouseholder @j---
+/data/schema @sei-vsarvepalli
+/data/schema_examples @sei-vsarvepalli
+
+# website config
+mkdocs.yml @ahouseholder
+
+# github setup
+/.github/ @ahouseholder @sei-vsarvepalli
@@ -0,0 +1,30 @@
+---
+name: Bug report
+about: Create a report to help us improve
+title: Add a brief title for your report here
+labels: bug
+assignees: ''
+
+---
+
+**Describe the bug**
+A clear and concise description of what the bug is.
+
+**To Reproduce**
+Steps to reproduce the behavior:
+1. Go to '...'
+2. Click on '....'
+3. Scroll down to '....'
+4. See error
+
+**Expected behavior**
+A clear and concise description of what you expected to happen.
+
+**Screenshots**
+If applicable, add screenshots to help explain your problem.
+
+**Platform details**
+Include any relevant details like OS, browser, versions, etc.
+
+**Additional context**
+Add any other context about the problem here.
@@ -0,0 +1,20 @@
+---
+name: Feature request
+about: Suggest an idea for this project
+title: Add a concise title for your request
+labels: enhancement
+assignees: ''
+
+---
+
+**Is your feature request related to a problem? Please describe.**
+A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+
+**Describe the solution you'd like**
+A clear and concise description of what you want to happen.
+
+**Describe alternatives you've considered**
+A clear and concise description of any alternative solutions or features you've considered.
+
+**Additional context**
+Add any other context or screenshots about the feature request here.
@@ -0,0 +1,12 @@
+---
+name: Question
+about: Ask the SSVC team a question
+title: Add a concise title for your question
+labels: question
+assignees: ''
+
+---
+
+_Note:_ Questions for the SSVC team can be asked here in the form of an issue. More general questions directed at the SSVC user community
+might be a better fit in the [Q&A](https://github.com/CERTCC/SSVC/discussions/categories/q-a) category of our
+[Discussions](https://github.com/CERTCC/SSVC/discussions) area.
@@ -0,0 +1,23 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
+version: 2
+updates:
+  - package-ecosystem: "pip" # See documentation for possible values
+    directory: "/" # Location of package manifests
+    schedule:
+      interval: "weekly"
+    groups:
+      mkdocs:
+        patterns:
+        - "mkdocs*"
+        update-types:
+        - "minor"
+        - "patch"
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+
@@ -0,0 +1,62 @@
+# Simple workflow for deploying static content to GitHub Pages
+name: Deploy static content to Pages
+
+on:
+  # Allows you to run this workflow manually from the Actions tab
+  workflow_dispatch:
+
+  # Runs on pushes targeting specific branch(es)
+  push:
+    branches:
+      - publish
+
+
+# Sets permissions of the GITHUB_TOKEN to allow deployment to GitHub Pages
+permissions:
+  contents: read
+  pages: write
+  id-token: write
+
+# Allow only one concurrent deployment, skipping runs queued between the run in-progress and latest queued.
+# However, do NOT cancel in-progress runs as we want to allow these production deployments to complete.
+concurrency:
+  group: "pages"
+  cancel-in-progress: false
+
+jobs:
+  # Single deploy job since we're just deploying
+  deploy:
+    environment:
+      name: github-pages
+      url: ${{ steps.deployment.outputs.page_url }}
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.10'
+
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          python -m pip install -r requirements.txt
+
+      - name: Setup Pages
+        uses: actions/configure-pages@v4
+
+      - name: Build Site
+        run: |
+          mkdocs build --verbose --clean --config-file mkdocs.yml       
+
+      - name: Upload artifact
+        uses: actions/upload-pages-artifact@v3
+        with:
+          # Upload entire repository
+          path: 'site'
+
+      - name: Deploy to GitHub Pages
+        id: deployment
+        uses: actions/deploy-pages@v4
@@ -0,0 +1,45 @@
+name: Link Checker
+on:
+  push:
+    branches:
+      # run on any push to main 
+      - main
+  pull_request:
+    paths:
+      # run on any PR that modifies a markdown file
+      - '**/*.md'
+      # run on any PR that changes this workflow
+      - .github/workflows/linkchecker.yml
+  # let us trigger it manually
+  workflow_dispatch:
+
+jobs:
+  linkcheck:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.10'
+
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          python -m pip install -r requirements.txt
+          python -m pip install linkchecker
+
+      - name: Install our python stuff
+        run: |
+          python -m pip install -e src
+
+      - name: Build Site
+        run: |
+          mkdocs build --verbose --clean --config-file mkdocs.yml       
+
+      - name: Check links
+        run: |
+          linkchecker site/index.html
+
@@ -0,0 +1,45 @@
+# This workflow will install Python dependencies, run tests and lint with a single version of Python
+# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-python
+
+name: Python application
+
+on:
+  push:
+    branches: [ "main" ]
+  pull_request:
+    branches: [ "main" ]
+
+permissions:
+  contents: read
+
+jobs:
+  build:
+
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v4
+      with:
+        fetch-tags: true
+    - name: Set up Python 3.10
+      uses: actions/setup-python@v5
+      with:
+        python-version: "3.10"
+    - name: Install dependencies
+      run: |
+        python -m pip install --upgrade pip
+        pip install pytest build
+        if [ -f requirements.txt ]; then pip install -r requirements.txt; fi
+#    - uses: psf/black@stable
+    - name: Test with pytest
+      run: |
+        pytest
+    - name: Build
+      run: |
+        python -m build src
+    - name: Upload Artifacts
+      uses: actions/upload-artifact@v4
+      with:
+        name: ssvc
+        path: src/dist/ssvc-*.tar.gz
+        retention-days: 14
@@ -128,3 +128,4 @@ dmypy.json
 # Pyre type checker
 .pyre/
 ssvc2-applier-wip.xlsx
+_version.py
@@ -1,39 +1,17 @@
 # How to contribute
 
-Thanks for your help on improving our stakeholder-specific vulnerability categorization work. To account for different stakeholder perspectives, we benefit from a diverse group of contributors. 
+Thanks for your help on improving our stakeholder-specific vulnerability categorization work.
+To account for different stakeholder perspectives, we benefit from a diverse group of contributors. 
 
-## Where to contribute
+Please see our project documentation in the [wiki](https://github.com/CERTCC/SSVC/wiki) that accompanies this repository
+for more information on how you can contribute to the project.
 
-This repository contains both a written document with the English-langauge spec, and some code for automating application of SSVC. Contributions to these two parts of the project look different. We are focusing on getting the English right first, so we know what code to write. 
-Right now we don't have any plans for translations, but if you have interest in that let us know. 
+## Licenses
 
-# Contributing to the document
-
-The English text lives in the `doc` [subfolder](https://github.com/CERTCC/SSVC/tree/main/doc). 
-We welcome any issues from anyone in the community, so we can discuss them and improve SSVC. If you have a suggestion, please create an issue. 
-In general, please create an issue before making a pull request to submit a change, except in the case of fixing a small typo, etc.
-Please check that your suggestion does not overlap with existing [issues](https://github.com/CERTCC/SSVC/issues) (including [closed ones](https://github.com/CERTCC/SSVC/issues?q=is%3Aissue+is%3Aclosed+))
-
-In the `doc` folder, please see the `style-guide`, `crossref-how-to`, and `reference-how-to` for how to keep any suggestions or commits aligned with our style consistently. 
-
-# Contributing code
-
-The tools for working with SSVC live in the `src` [subfolder](https://github.com/CERTCC/SSVC/tree/main/src). 
-
-We have limited tooling at the moment. The expectation is that these will mostly be flexible helper-type scripts and plug-ins. Therefore, interoperability is important. 
-Where the code implements or directly references some aspect of the English document, please make that linkage explicit. We use config files stored in `data` to to prevent code in `src` from having fragile dependencies on the English doc. 
-We would like to minimize manual change management, but at the very least we need to document where changes in the document need to result in changes to code. 
-Information likely to change based on changes to the English should go in config files to be stored in the `data` [subfolder](https://github.com/CERTCC/SSVC/tree/main/data). Code in the `src` folder should (as robustly as plausible) be reading that data in. 
-
-The process is similar to that for the doc, though the language is different. Please create issues before making pull requests.
-Pull requests on code should be clear about what they've changed and what you've done. Thanks in advance!
-
-# Licenses
-
- - The license for all code in the repository is [here](https://github.com/CERTCC/SSVC/blob/main/LICENSE)
- - The license for all English writing in the repository is [here](https://github.com/CERTCC/SSVC/blob/main/doc/version_1/900_license.md)
+See [LICENSE](https://github.com/CERTCC/SSVC/blob/main/LICENSE)
 
-# Questions
+## Questions
 
-If you have any questions, a message to j--- should work, or tweet @zmanion or @\_\_adh\_\_.
+If you have any questions, an [issue](https://github.com/CERTCC/SSVC/issues) or
+[discussion](https://github.com/CERTCC/SSVC/discussions) is the best way to get in touch with us.
 
@@ -24,8 +24,7 @@ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 SOFTWARE.
 
 ----
-The following statement applies to documents contained in this repository, and can also be found in each
-individual document.
+The following statement applies to PDF, markdown, and text documents contained in this repository.
 
 This material is based upon work funded and supported by the Department of Defense
 under Contract No. FA8702-15-D-0002 with Carnegie Mellon University for the operation