Merge pull request #124 from secureCodeBox/feature/improve-readme-files

Updating ISSUE_TEMPLATES and PR TEMPLATE

Author: J12934

.github/ISSUE_TEMPLATE/bug_report.md

@@ -1,31 +1,42 @@
 ---
-name: Bug report
-about: Create a report to help us improve
+name: "🐞 Bug report"
+about: Please create a bug report if you encouter any project specific issue.
+labels: bug
 
 ---
+<!--
+Thank you for reporting an issue in our project 🙌
+
+Before opening a new issue, please make sure that we do not have any duplicates already open. You can ensure this by searching the issue list for this repository. If there is a duplicate, please close your issue and add a comment to the existing issue instead.
+-->
 
 **Describe the bug**
-A clear and concise description of what the bug is.
+<!-- A clear and concise description of what the bug is. -->
 
 **To Reproduce**
+<!--
 Steps to reproduce the behavior:
 1. Go to '...'
 2. Click on '....'
 3. Scroll down to '....'
 4. See error
+-->
 
 **Expected behavior**
-A clear and concise description of what you expected to happen.
+<!-- A clear and concise description of what you expected to happen. -->
 
 
 **System (please complete the following information):**
+<!--
+ - secureCodeBox Version/Release
  - OS: [e.g. iOS]
+ - Kubernetes Version [command: `kubectl version`]
  - Docker Version [command: `docker -v`]
- - Docker Compose Version [command: `docker-compose -v`]
- - Browser [e.g. chrome, safari]
+ - Browser [e.g. chrome, safari, firefox,...]
+-->
 
 **Screenshots / Logs**
-If applicable, add screenshots to help explain your problem.
+<!-- If applicable, add screenshots to help explain your problem. -->
 
 **Additional context**
-Add any other context about the problem here.
+<!-- Add any other context about the problem here. -->

.github/ISSUE_TEMPLATE/documentation_issue.md

@@ -0,0 +1,20 @@
+---
+name: "📚 Documentation Issue"
+about: "Did you come across parts of our documentation that should be fixed?"
+labels: documentation
+
+---
+<!--
+Thank you for reporting an issue in our documentation 🙌
+
+Before opening a new issue, please make sure that we do not have any duplicates already open. You can ensure this by searching the issue list for this repository. If there is a duplicate, please close your issue and add a comment to the existing issue instead.
+-->
+
+## Where to find the issue
+<!-- Be as specific as possible by naming the document, page, and ideally paragraph. -->
+
+## Describe the issue
+<!-- Please let us know what exactly is the issue with that part of the documentation -->
+
+## Suggested change
+<!-- If you have ideas on how to fix this issue, please note them here, or consider creating a Pull Request -->

.github/ISSUE_TEMPLATE/feature_request.md

@@ -1,17 +1,22 @@
 ---
-name: Feature request
-about: Suggest an idea for this project
+name: "➹ Feature request"
+about: "Suggest an idea for this project"
 
 ---
+<!--
+Thank you for reporting an issue in our documentation 🙌
+
+Before opening a new issue, please make sure that we do not have any duplicates already open. You can ensure this by searching the issue list for this repository. If there is a duplicate, please close your issue and add a comment to the existing issue instead.
+-->
 
 **Is your feature request related to a problem? Please describe.**
-A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+<!-- A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] -->
 
 **Describe the solution you'd like**
-A clear and concise description of what you want to happen.
+<!-- A clear and concise description of what you want to happen. -->
 
 **Describe alternatives you've considered**
-A clear and concise description of any alternative solutions or features you've considered.
+<!-- A clear and concise description of any alternative solutions or features you've considered. -->
 
 **Additional context**
-Add any other context or screenshots about the feature request here.
+<!-- Add any other context or screenshots about the feature request here. -->

.github/ISSUE_TEMPLATE/new_hook.md

@@ -0,0 +1,38 @@
+---
+name: '⚓️ New Hook request'
+about: 'Suggest an idea for a new data processing or integration hook in this project.'
+labels: 'hook'
+---
+
+<!--
+Thank you for contributing to our project 🙌
+
+Before opening a new issue, please make sure that we do not have any duplicates already open. You can ensure this by searching the issue list for this repository. If there is a duplicate, please close your issue and add a comment to the existing issue instead. Also, please, have a look at our FAQs and existing questions before opening a new question.
+-->
+
+## New Hook implementation request
+
+**Is your feature request related to a problem? Please describe.**
+<!-- A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] -->
+
+**Describe the solution you'd like**
+<!-- A clear and concise description of what you want to happen. -->
+
+**Describe alternatives you've considered**
+<!-- A clear and concise description of any alternative solutions or features you've considered. -->
+
+**Additional context**
+<!-- Add any other context or screenshots about the feature request here. -->
+
+## Steps to implement a new Hook
+<!--
+Hint: A general guide how to implement a new scanner is documented [here](https://github.com/secureCodeBox/secureCodeBox-v2/tree/master/docs/developer-guide)
+-->
+
+- [ ] Create a new folder with the name of the [hook here](https://github.com/secureCodeBox/secureCodeBox-v2/tree/master/hooks)
+- [ ] Add a README and give a brief overview of the scanner and its configuration options.
+- [ ] Add (optional) a Dockerfile for the scanner if there is no existing one publicly available on dockerHub
+- [ ] Use the [Hook-SDK](https://github.com/secureCodeBox/secureCodeBox-v2/tree/master/hook-sdk) to implement a new hook (currently based on NodeJS)
+- [ ] Add unit tests with at minimum 80% test coverage
+- [ ] Add some example scan.yaml and finding.yaml files in the example folder
+- [ ] Implement a new integration test for the hook [here](https://github.com/secureCodeBox/secureCodeBox-v2/tree/master/tests/integration)

.github/ISSUE_TEMPLATE/new_security_scanner.md

@@ -1,35 +1,39 @@
 ---
-name: 'New Security Scanner request'
+name: '🚓 New Security Scanner request'
 about: 'Suggest an idea for a new security scanner to integrate in this project.'
-labels: 'security scanner'
+labels: 'scanner'
 ---
+
+<!--
+Thank you for contributing to our project 🙌
+
+Before opening a new issue, please make sure that we do not have any duplicates already open. You can ensure this by searching the issue list for this repository. If there is a duplicate, please close your issue and add a comment to the existing issue instead. Also, please, have a look at our FAQs and existing questions before opening a new question.
+-->
+
 ## New Scanner implementation request
 
 **Is your feature request related to a problem? Please describe.**
-- _A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]_
+<!-- A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] -->
 
 **Describe the solution you'd like**
-- _A clear and concise description of what you want to happen._
+<!-- A clear and concise description of what you want to happen. -->
 
 **Describe alternatives you've considered**
-- _A clear and concise description of any alternative solutions or features you've considered._
+<!-- A clear and concise description of any alternative solutions or features you've considered. -->
 
 **Additional context**
-- _Add any other context or screenshots about the feature request here._
+<!-- Add any other context or screenshots about the feature request here. -->
 
 ## Steps to implement a new scanner
-> Hint: A general guide how to implement a new scanner is documented [here]( https://github.com/secureCodeBox/secureCodeBox/blob/master/docs/developer-guide/README.md#developing-own-processes)
-
-### Must have
-- [ ] Create a [new public secureCodeBox repository](https://github.com/organizations/secureCodeBox/repositories/new) for the scanner implementation
-- [ ] Implement a new scanner microservice an reuse some of the existing stuff, if possible
-- [ ] Check if there is a [healthcheck](https://github.com/secureCodeBox/secureCodeBox/blob/master/docs/developer-guide/README.md#healthchecks-for-scanner-microservices) for the microservice implemented
-- [ ] Implement a [new basic security process](https://github.com/secureCodeBox/secureCodeBox/blob/master/docs/developer-guide/README.md#developing-a-process-model) for the scanner
-- [ ] Update the [docker-compose](https://github.com/secureCodeBox/secureCodeBox/blob/master/docker-compose.yml) files and integrate your new scanner there
-- [ ] Update the [user guide](https://github.com/secureCodeBox/secureCodeBox/tree/master/docs/user-guide) and [developer guide](https://github.com/secureCodeBox/secureCodeBox/tree/master/docs/developer-guide)
-- [ ] Implement a integration test for the scanner [here](https://github.com/secureCodeBox/secureCodeBox/tree/master/test)
-
-### Should have
-- [ ] Update the [CLI examples](https://github.com/secureCodeBox/secureCodeBox/tree/master/cli)
-- [ ] Update the [Jenkins Pipeline](https://github.com/secureCodeBox/integration-pipeline-jenkins-examples) examples
-- [ ] Update the [OpenShift Container Setup](https://github.com/secureCodeBox/ansible-role-securecodebox-openshift)
+<!--
+Hint: A general guide how to implement a new scanner is documented [here](https://github.com/secureCodeBox/secureCodeBox-v2/tree/master/docs/developer-guide)
+-->
+
+- [ ] Create a new folder with the name of the [scanner here](https://github.com/secureCodeBox/secureCodeBox-v2/tree/master/scanners)
+- [ ] Add a README.md and give a brief overview of the scanner and its configuration options.
+- [ ] Implement a new scanner specific scan-type.yaml
+- [ ] Implement a new scanner specific parse-definition.yaml
+- [ ] Add (optional) some cascading-rules.yaml
+- [ ] Add (optional) a Dockerfile for the scanner if there is no existing one publicly available on dockerHub
+- [ ] Use the [parser-SDK](https://github.com/secureCodeBox/secureCodeBox-v2/tree/master/parser-sdk) to implement a new findings parser (currently based on NodeJS)
+- [ ] Add unit tests with at minimum 80% test coverage

.github/ISSUE_TEMPLATE/question.md

@@ -0,0 +1,14 @@
+---
+name: "🤨 Question"
+about: "If you have *specific* questions about the project, please post them here."
+labels: question
+
+---
+<!--
+Thank you for supporting our project 🙌
+
+Before opening a new issue, please make sure that we do not have any duplicates already open. You can ensure this by searching the issue list for this repository. If there is a duplicate, please close your issue and add a comment to the existing issue instead. Also, please, have a look at our FAQs and existing questions before opening a new question.
+-->
+
+## Your Question
+<!-- Include details about your question. -->

.github/pull_request_template.md

@@ -0,0 +1,20 @@
+<!-- 
+Thank you for your contribution to our Project 🙌 
+
+Before submitting your Pull Request, please take the time to check the points below and provide some descriptive information.
+* [ ] If this PR comes from a fork, please [Allow edits from maintainers](https://help.github.com/en/github/collaborating-with-issues-and-pull-requests/allowing-changes-to-a-pull-request-branch-created-from-a-fork)
+* [ ] Set a meaningful title. Format: {task_name} (closes #{issue_number}). For example: Use logger (closes #41)
+* [ ] [Link your Pull Request to an issue](https://help.github.com/en/github/managing-your-work-on-github/linking-a-pull-request-to-an-issue) (if applicable)
+* [ ] Create Draft pull requests if you need clarification or an explicit review before you can continue your work item.
+* [ ] Make sure that your PR is not introducing _unncessary_ reformatting (e.g., introduced by on-save hooks in your IDE)
+* [ ] Make sure each new source file you add has a correct license header.
+-->
+
+## Checklist
+
+* [ ] Test your changes as thoroughly as possible before you commit them. Preferably, automate your test by unit/integration tests.
+* [ ] Make sure `npm test` runs for the whole project.
+
+## Description
+
+<!-- Please be brief in describing which issue is solved by your PR or which enhancement it brings -->

README.md

@@ -65,7 +65,9 @@ The typical way to ensure application security is to hire a security specialist
 
 With the _secureCodeBox_ we provide a toolchain for continuous scanning of applications to find the low-hanging fruit issues early in the development process and free the resources of the penetration tester to concentrate on the major security issues.
 
-The purpose of _secureCodeBox_ **is not** to replace the penetration testers or make them obsolete. We strongly recommend running extensive tests by experienced penetration testers on all your applications.
+![secureCodeBox Architecture](./docs/resources/macbook_kibana.jpg)
+
+The purpose of _secureCodeBox_ **is not** to replace the penetration testers or make them obsolete. We strongly recommend to run extensive tests by experienced penetration testers on all your applications.
 
 **Important note**: The _secureCodeBox_ is no simple one-button-click-solution! You must have a deep understanding of security and how to configure the scanners. Furthermore, an understanding of the scan results and how to interpret them is also necessary.
 

docs/_config.yml

@@ -0,0 +1,13 @@
+# Glossary
+
+This overview provides a description for all acronyms and special terms which are used in this project. If you encounter any missing terms, please [let us know](https://github.com/corona-warn-app/cwa-documentation/issues/new?labels=documentation%2C+bug&template=01_doc_issue.md) or [create a pull request](https://github.com/secureCodeBox/secureCodeBox-v2/pulls).
+
+| Term, acronym... | Description |
+| --- | --- |
+| API | An [Application Programming Interface](https://en.wikipedia.org/wiki/Application_programming_interface) (API) is a computing interface which defines interactions between multiple software intermediaries. |
+| CRD | Acronym for "[Custom Ressource Definition](https://kubernetes.io/docs/concepts/extend-kubernetes/api-extension/custom-resources/)". |
+| GUID | Acronym for "[Globally Unique Identifier](https://en.wikipedia.org/wiki/Universally_unique_identifier)". |
+| K8S | Acronym for "[Kubernetes](https://kubernetes.io/docs/home/)". |
+| SCB | Acronym for "[secureCodeBox (This Project)](https://www.secureCodeBox.io)". |
+
+