diff --git a/.backlog/tasks/task-5 - Add-SECURITY.md.md b/.backlog/completed/task-5 - Add-SECURITY.md.md similarity index 74% rename from .backlog/tasks/task-5 - Add-SECURITY.md.md rename to .backlog/completed/task-5 - Add-SECURITY.md.md index c35d374b..376cc42c 100644 --- a/.backlog/tasks/task-5 - Add-SECURITY.md.md +++ b/.backlog/completed/task-5 - Add-SECURITY.md.md @@ -1,8 +1,10 @@ --- id: TASK-5 title: Add SECURITY.md -status: To Do -assignee: [] +status: Done +assignee: + - claude + - piotrzajac created_date: '2026-04-07 20:56' labels: - doc @@ -19,7 +21,7 @@ Create a SECURITY.md file at the repository root that documents the vulnerabilit ## Acceptance Criteria -- [ ] #1 SECURITY.md exists at the repository root -- [ ] #2 Covers: how to report a vulnerability privately, expected response timeline, supported versions -- [ ] #3 GitHub 'Report a vulnerability' link is active (enabled in repo Security settings) +- [x] #1 SECURITY.md exists at the repository root +- [x] #2 Covers: how to report a vulnerability privately, expected response timeline, supported versions +- [x] #3 GitHub 'Report a vulnerability' link is active (enabled in repo Security settings) diff --git a/.backlog/completed/task-6 - Add-CODE_OF_CONDUCT.md.md b/.backlog/completed/task-6 - Add-CODE_OF_CONDUCT.md.md new file mode 100644 index 00000000..db1e033e --- /dev/null +++ b/.backlog/completed/task-6 - Add-CODE_OF_CONDUCT.md.md @@ -0,0 +1,26 @@ +--- +id: TASK-6 +title: Add CODE_OF_CONDUCT.md +status: Done +assignee: + - claude + - piotrzajac +created_date: '2026-04-07 20:57' +labels: + - doc +dependencies: [] +priority: low +--- + +## Description + + +Add a CODE_OF_CONDUCT.md to the repository root. The [Contributor Covenant](https://www.contributor-covenant.org/) is the standard for OSS projects and is widely recognised. GitHub surfaces this file in the community health checklist. + + +## Acceptance Criteria + +- [x] #1 CODE_OF_CONDUCT.md exists at the repository root +- [x] #2 Based on a recognised standard (Contributor Covenant v2.1) +- [x] #3 Enforcement contact set to maintainer GitHub profile (@piotrzajac) — no email per project policy + diff --git a/.backlog/tasks/task-7 - Add-CODEOWNERS-file.md b/.backlog/completed/task-7 - Add-CODEOWNERS-file.md similarity index 71% rename from .backlog/tasks/task-7 - Add-CODEOWNERS-file.md rename to .backlog/completed/task-7 - Add-CODEOWNERS-file.md index c392d1a6..0a22fb3b 100644 --- a/.backlog/tasks/task-7 - Add-CODEOWNERS-file.md +++ b/.backlog/completed/task-7 - Add-CODEOWNERS-file.md @@ -1,8 +1,10 @@ --- id: TASK-7 title: Add CODEOWNERS file -status: To Do -assignee: [] +status: Done +assignee: + - claude + - piotrzajac created_date: '2026-04-07 20:58' labels: - dx @@ -18,7 +20,7 @@ Create a .github/CODEOWNERS file that maps paths to GitHub teams or users who ar ## Acceptance Criteria -- [ ] #1 .github/CODEOWNERS exists and is syntactically valid -- [ ] #2 A default owner (* pattern) is defined -- [ ] #3 Reviewers are automatically requested on PRs touching covered paths +- [x] #1 .github/CODEOWNERS exists and is syntactically valid +- [x] #2 A default owner (* pattern) is defined +- [x] #3 Reviewers are automatically requested on PRs touching covered paths diff --git a/.backlog/tasks/task-6 - Add-CODE_OF_CONDUCT.md.md b/.backlog/tasks/task-6 - Add-CODE_OF_CONDUCT.md.md deleted file mode 100644 index ff4424cc..00000000 --- a/.backlog/tasks/task-6 - Add-CODE_OF_CONDUCT.md.md +++ /dev/null @@ -1,24 +0,0 @@ ---- -id: TASK-6 -title: Add CODE_OF_CONDUCT.md -status: To Do -assignee: [] -created_date: '2026-04-07 20:57' -labels: - - doc -dependencies: [] -priority: low ---- - -## Description - - -Add a CODE_OF_CONDUCT.md to the repository root. The Contributor Covenant (https://www.contributor-covenant.org/) is the standard for OSS projects and is widely recognised. GitHub surfaces this file in the community health checklist. - - -## Acceptance Criteria - -- [ ] #1 CODE_OF_CONDUCT.md exists at the repository root -- [ ] #2 Based on a recognised standard (e.g. Contributor Covenant v2.1) -- [ ] #3 Contact address for enforcement is set to an appropriate maintainer email - diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS new file mode 100644 index 00000000..b6fd996d --- /dev/null +++ b/.github/CODEOWNERS @@ -0,0 +1 @@ +* @piotrzajac diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md new file mode 100644 index 00000000..04e33614 --- /dev/null +++ b/CODE_OF_CONDUCT.md @@ -0,0 +1,52 @@ +# Contributor Covenant Code of Conduct + +## Our Pledge + +We as contributors and maintainers pledge to make participation in this project and community +a welcoming, respectful, and harassment-free experience for everyone, regardless of age, body +size, disability, ethnicity, gender identity and expression, level of experience, nationality, +personal appearance, race, religion, or sexual identity and orientation. + +We pledge to act and interact in ways that contribute to an open, welcoming, diverse, inclusive, +and healthy community. + +## Our Standards + +Examples of behavior that contributes to a positive environment: + +- Using welcoming and inclusive language +- Being respectful of differing viewpoints and experiences +- Gracefully accepting constructive criticism +- Focusing on what is best for the community +- Showing empathy towards other community members + +Examples of behavior that is not acceptable: + +- Personal attacks, insults, or derogatory comments +- Public or private harassment of any kind +- Publishing others' private information without explicit permission +- Any conduct that could reasonably be considered inappropriate in a professional setting + +## Enforcement Responsibilities + +The project maintainer is responsible for clarifying and enforcing these standards and will take +appropriate corrective action in response to any behavior that is deemed inappropriate, threatening, +or harmful. + +## Scope + +This Code of Conduct applies in all project spaces and in public spaces when an individual is +representing the project or its community. + +## Enforcement + +Instances of unacceptable behavior may be reported by contacting Piotr Zajac +([@piotrzajac](https://github.com/piotrzajac), the project maintainer) via GitHub. +All reports will be reviewed and investigated promptly and fairly. +The maintainer is obligated to maintain confidentiality with regard to the reporter of an incident. + +## Attribution + +This Code of Conduct is adapted from the +[Contributor Covenant](https://www.contributor-covenant.org), version 2.1, +available at https://www.contributor-covenant.org/version/2/1/code_of_conduct.html. diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 00000000..727eec1c --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,29 @@ +# Security Policy + +## Supported Versions + +Only the latest stable release receives security fixes. + +| Version | Supported | +| ------- |:---------:| +| Latest | ✅ | +| Older | ❌ | + +## Reporting a Vulnerability + +**Please do not report security vulnerabilities through public GitHub issues.** + +Use GitHub's private vulnerability reporting instead: + +1. Go to the [Security tab](https://github.com/Accenture/AutoFixture.XUnit2.AutoMock/security) of this repository. +2. Click **"Report a vulnerability"**. +3. Fill in the details of the issue. + +This creates a private draft advisory visible only to the maintainer, keeping sensitive details out of the public issue tracker. + +## Response Timeline + +- **Acknowledgement**: within 14 days of the report +- **Fix**: within 90 days of acknowledgement (coordinated disclosure) + +If a fix requires more time, the maintainer will communicate a revised timeline privately through the advisory thread.