We're excited you're interested in contributing to the bomctl project! This document outlines the guidelines for contributing code, documentation, and other improvements to the project.
The bomctl project is under the Open Source Security Foundation (OpenSSF) Security Tooling Working Group, a collaborative effort to improve the security of open source software. We value contributions from everyone and strive to create a welcoming and inclusive community.
Before diving in, here are a few things to keep in mind:
The bomctl project is licensed under the Apache 2.0 license. By contributing, you agree to abide by the terms of this license. You can find the license file in the repository root directory.
We have a Code of Conduct that outlines the expectations for respectful and professional behavior in our community. Please review the Code of Conduct before contributing
There are many ways to contribute to the bomctl project:
- Code: Submit pull requests (PRs) for bug fixes, new features, or improvements to existing code.
- Documentation: Help improve the project's documentation by fixing typos, clarifying concepts, or adding new content.
- Testing: Write unit tests or integration tests to improve the project's code coverage and stability.
- Reporting Issues: If you find a bug or have a suggestion for improvement, report it as an issue on the project's GitHub repository.
Here's a step-by-step guide for making a contribution:
- Identify Issue: Find an existing issue you want to work or submit a new issue describing your proposed change.
- Claim Issue: Assign yourself to the issue if possible, or leave a comment on the issue stating your intent to work it.
- Fork the Repository: Fork the bomctl repository on GitHub to your own account. This allows you to make changes to the codebase without affecting the original project.
- Clone the Fork: Clone your forked repository to your local machine.
- Create a Branch: Create a new branch for your changes. Use a descriptive branch name that reflects the nature of your contribution.
- Make Changes: Make your changes to the codebase and write unit tests for any new features you introduce.
- Validate Changes: Run the following commands or pre-commit to to ensure the bomctl project standards are met.
- golangci-lint (
make lint
ormake lint-fix
) go mod tidy
go test ./...
go generate ./...
and ensure any modified files are committed
- golangci-lint (
- Commit Changes: Commit your changes with clear and concise commit messages following the conventional commit format.
- Your commits must be signed with a key associated with your GitHub account.
- Push Changes: Push your changes to your forked repository on GitHub.
- Open a Pull Request: Open a pull request from your branch to the main branch of the upstream repository.
- Your PR title should follow the conventional commit format.
- Address Reviews: Respond to any feedback or requests for changes from the project maintainers.
- Keep your pull requests focused on a single issue or feature.
- Ensure your code adheres to the project's coding style guidelines.
- Use pre-commit to ensure the bomctl project standards are met.
- Write clear and concise commit messages following the convention commit format that describe the changes you made.
- Be patient and responsive to feedback from the project maintainers.
Here are some additional resources that you may find helpful:
- GitHub Pull Requests: https://docs.github.com/en/pull-requests
- Git Basics: https://git-scm.com/
- Contributing to Open Source: https://www.freecodecamp.org/news/how-to-make-your-first-open-source-contribution/
We appreciate your contributions to the bomctl project! If you have any questions, feel free to reach out to the project maintainers or open an issue on the project's GitHub repository.