chore: added main readme and contributing guidelines

.github/workflows/deploy_github_pages.yml

@@ -39,8 +39,11 @@ jobs:
     steps:
       - uses: cycodelabs/cimon-action@v0
         with:
+          prevent: true
           client-id: ${{ secrets.CIMON_CLIENT_ID }}
           secret: ${{ secrets.CIMON_SECRET }}
+          allowed-hosts: |
+            registry.npmjs.org
 
       - name: Checkout
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683

CONTRIBUTING.md

@@ -0,0 +1,32 @@
+# Contributing
+
+We encourage contributions from the community to help improve our tooling and research. We manage contributions primarily through GitHub Issues and Pull Requests.
+
+If you have a feature request, bug report, or any improvement suggestions, please create an issue to discuss it. To contribute code changes, fork our repository, make your modifications, and then submit a pull request.
+
+## Development
+
+To prepare a development environment, follow these instructions:
+
+**Step 1**: Clone the project
+
+```bash
+git clone https://github.com/CycodeLabs/GitOpsSecurityChampion.git
+cd GitOpsSecurityChampion
+```
+
+**Step 2**: Install all required dependencies
+
+```bash
+npm install
+```
+
+**Step 3**: Make code modifications
+
+**Step 4**: Run the project locally
+
+```bash
+npm start run
+```
+
+Feel free to reach out to the development team through research@cycode.com. We appreciate your collaboration and look forward to your valuable contributions!

README.md

@@ -1 +1,32 @@
-# GitOpsSecurityChampion
+# GitOps Security Champion
+
+## Overview
+
+The **GitOps Security Champion** repository is a collection of best practices, guidelines, and tools to help security engineers and DevOps teams implement secure GitOps workflows. With the increasing adoption of GitOps to manage infrastructure and application deployments, it’s crucial to ensure these processes are resilient to security threats. This repository provides foundational security practices to safeguard GitOps environments, from access control to verification of software provenance.
+
+## Why We Started This Project
+
+As GitOps becomes more widely adopted, the need for a comprehensive, security-focused guide has become apparent. While GitOps simplifies operations and enhances scalability, it also introduces new attack vectors if not properly secured. This project aims to fill the gap by offering structured, prioritized best practices that security engineers and DevOps professionals can follow to strengthen their GitOps workflows.
+
+The best practices in this repository are organized by priority level — **Bronze**, **Silver**, and **Gold** — to help teams identify and implement security measures based on their needs and available resources.
+
+## Contributing
+
+We welcome contributions to help make this repository as comprehensive and practical as possible. You can contribute in the following ways:
+
+1. **Adding Resources:** If you have experience with GitOps security and have insights into best practices, feel free to submit a pull request with your suggestions.
+2. **Improving Documentation:** Clear and detailed documentation is essential. If you see areas where instructions could be clarified or expanded, your input is appreciated.
+3. **Creating Examples and Resources:** Real-world examples, scripts, or tools to implement these best practices will greatly benefit users of this repository.
+4. **Reporting Issues:** If you identify any issues or inaccuracies, please submit an issue describing the problem.
+
+### Contribution Guidelines
+
+- **Fork the Repository**: Start by forking this repository to your GitHub account.
+- **Create a New Branch**: Create a branch for your contribution (e.g., `feature/best-practice-x`).
+- **Submit a Pull Request**: When your changes are ready, submit a pull request with a detailed description of your contributions.
+
+Please refer to our [CONTRIBUTING.md](CONTRIBUTING.md) file for more detailed guidelines.
+
+## Project Structure
+
+Each best practice is organized into folders, with a main README providing an overview of all recommendations and individual READMEs for detailed guidance on each best practice. This structure allows users to explore specific areas as needed.

docs/README.md

@@ -2,7 +2,6 @@
 
 GitOpsSecurityChampion aims to provide security guidelines along with best practices and resources to secure GitOps workflows. GitOps is a modern approach to managing infrastructure and applications through version-controlled configuration files stored in a Git repository. By following security best practices, organizations can ensure the integrity, confidentiality, and availability of their GitOps environments.
 
-
 ## Best Practices
 
 | Best Practice       | Priority | Description                                                                                      | Link                               |
@@ -44,5 +43,10 @@ In a GitOps workflow, repositories that store configuration files such as Kubern
 Branch protection rules are essential for safeguarding critical configuration repositories used in GitOps workflows. These rules ensure that code changes cannot be pushed directly to important branches like `main` or `production` without passing through a controlled process, such as code reviews and automated testing. By enforcing these rules, you ensure that only authorized changes are deployed to your infrastructure.
 
 
+### Use Password Management Tool
+
+Sensitive data such as passwords, API keys, and other secrets should never be kept in plain text in Git repositories. Instead, use a password management tool to securely store and manage these secrets. This practice ensures that sensitive information is protected from unauthorized access and reduces the risk of accidental exposure.
+
 ### SLSA Provenance Verification
+
 Users should always verify the SLSA Provenance produced by the GitOps supplier. For example, ArgoCD publishes a signed SLSA Provenance that should be verified by end users to ensure GitOps integrity.

docusaurus.config.js

@@ -15,7 +15,7 @@ const config = {
   url: 'https://cycodelabs.github.io/',
   // Set the /<baseUrl>/ pathname under which your site is served
   // For GitHub pages deployment, it is often '/<projectName>/'
-  baseUrl: '/',
+  baseUrl: '/GitOpsSecurityChampion',
 
   // GitHub pages deployment config.
   // If you aren't using GitHub pages, you don't need these.
@@ -139,7 +139,7 @@ const config = {
         logo: {
           alt: 'AppSec Security Powered by Cycode',
           src: 'img/cycode.svg',
-          href: 'htttps://cycode.com',
+          href: 'https://cycode.com',
         },
         copyright: `Copyright © ${new Date().getFullYear()} Cycode Ltd. All Rights Reserved. Built with Docusaurus.`,
       },