-
-
Notifications
You must be signed in to change notification settings - Fork 593
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add contribtuing.md file. #548
Labels
enhancement
New feature or request
Milestone
Comments
Do you want to work on this @Glyphack ? |
@lukehinds Yes, indeed I would have worked on this if I knew more about the project structure. I start working on it. |
Merged
Glyphack
pushed a commit
to Glyphack/bandit
that referenced
this issue
Feb 27, 2020
Resolves PyCQA#548 Add code of conduct. Add links to contributing.md file. Fix typo. Fix docs for B610,B611,B703 (PyCQA#555) * Fix docs for B610,B611,B703 * Address flake8 notice by adding blank line * Fix long lines Use SPDX license identifier instead of bulky headers (PyCQA#530) * Use SPDX license identifier instead of bulky headers There exists a nice, consistent way to denote licenses in source files. It's called SPDX and further information is here [1]. This commit migrates the bulky apache-2 license headers with the SPDX short identifier equivalent. [1] https://spdx.org/ids-how Signed-off-by: Eric Brown <browne@vmware.com> * Update test-requirements.txt Add a section explaining "nosec" (PyCQA#554) * Add a section explaining "nosec" References PyCQA#553 * Remove duplicated "in your code" replace 'then' with 'than' Signed-off-by: Pablo Woolvett <pablo.wooveltt@iconstruye.onmicrosoft.com> Add sha1 to the list of insecure hashes The hashlib.new test plugin was only checking for MD4 and MD5. This patch extends the list of insecure hashes to include SHA1, which has known exploits. Fixes PyCQA#560 Signed-off-by: Eric Brown <browne@vmware.com> Use GitHub Actions to run CI (PyCQA#565) * Use GitHub Actions to run CI This change utilizes GitHub Actions to run the CI for our unit tests instead of the current Travis-CI. * Delete .travis.yml Ignore common directories by default This fix follows the example of flake8 in that it sets a default list of common directories and filename patterns to exclude. Fixes PyCQA#543 Signed-off-by: Eric Brown <browne@vmware.com> Add push and pull request to GH Action trigger It appears that Actions are not triggered for all pull requests. I suspect the Actions need to register for event push and pull_request in order to run CI on commits. Signed-off-by: Eric Brown <browne@vmware.com> Fix grammar issues and typos. Fix more grammar issues Added @lukehinds text about commit messages and squash commits from https://gist.githubusercontent.com/lukehinds/3337941149fc25ed91567037a0ebf026/raw/c1db6186c7e14ff316db2fe61fa046ab07251275/gistfile1.txt Remove extra parentheses
Glyphack
pushed a commit
to Glyphack/bandit
that referenced
this issue
Feb 27, 2020
Resolves PyCQA#548 Add code of conduct. Add links to contributing.md file. Fix typo. Fix docs for B610,B611,B703 (PyCQA#555) * Fix docs for B610,B611,B703 * Address flake8 notice by adding blank line * Fix long lines Use SPDX license identifier instead of bulky headers (PyCQA#530) * Use SPDX license identifier instead of bulky headers There exists a nice, consistent way to denote licenses in source files. It's called SPDX and further information is here [1]. This commit migrates the bulky apache-2 license headers with the SPDX short identifier equivalent. [1] https://spdx.org/ids-how Signed-off-by: Eric Brown <browne@vmware.com> * Update test-requirements.txt Add a section explaining "nosec" (PyCQA#554) * Add a section explaining "nosec" References PyCQA#553 * Remove duplicated "in your code" replace 'then' with 'than' Signed-off-by: Pablo Woolvett <pablo.wooveltt@iconstruye.onmicrosoft.com> Add sha1 to the list of insecure hashes The hashlib.new test plugin was only checking for MD4 and MD5. This patch extends the list of insecure hashes to include SHA1, which has known exploits. Fixes PyCQA#560 Signed-off-by: Eric Brown <browne@vmware.com> Use GitHub Actions to run CI (PyCQA#565) * Use GitHub Actions to run CI This change utilizes GitHub Actions to run the CI for our unit tests instead of the current Travis-CI. * Delete .travis.yml Ignore common directories by default This fix follows the example of flake8 in that it sets a default list of common directories and filename patterns to exclude. Fixes PyCQA#543 Signed-off-by: Eric Brown <browne@vmware.com> Add push and pull request to GH Action trigger It appears that Actions are not triggered for all pull requests. I suspect the Actions need to register for event push and pull_request in order to run CI on commits. Signed-off-by: Eric Brown <browne@vmware.com> Fix grammar issues and typos. Fix more grammar issues Added @lukehinds text about commit messages and squash commits from https://gist.githubusercontent.com/lukehinds/3337941149fc25ed91567037a0ebf026/raw/c1db6186c7e14ff316db2fe61fa046ab07251275/gistfile1.txt Remove extra parentheses
mikespallino
pushed a commit
to mikespallino/bandit
that referenced
this issue
Aug 25, 2021
Resolves PyCQA#548 Add code of conduct. Add links to contributing.md file. Fix typo. Fix docs for B610,B611,B703 (PyCQA#555) * Fix docs for B610,B611,B703 * Address flake8 notice by adding blank line * Fix long lines Use SPDX license identifier instead of bulky headers (PyCQA#530) * Use SPDX license identifier instead of bulky headers There exists a nice, consistent way to denote licenses in source files. It's called SPDX and further information is here [1]. This commit migrates the bulky apache-2 license headers with the SPDX short identifier equivalent. [1] https://spdx.org/ids-how Signed-off-by: Eric Brown <browne@vmware.com> * Update test-requirements.txt Add a section explaining "nosec" (PyCQA#554) * Add a section explaining "nosec" References PyCQA#553 * Remove duplicated "in your code" replace 'then' with 'than' Signed-off-by: Pablo Woolvett <pablo.wooveltt@iconstruye.onmicrosoft.com> Add sha1 to the list of insecure hashes The hashlib.new test plugin was only checking for MD4 and MD5. This patch extends the list of insecure hashes to include SHA1, which has known exploits. Fixes PyCQA#560 Signed-off-by: Eric Brown <browne@vmware.com> Use GitHub Actions to run CI (PyCQA#565) * Use GitHub Actions to run CI This change utilizes GitHub Actions to run the CI for our unit tests instead of the current Travis-CI. * Delete .travis.yml Ignore common directories by default This fix follows the example of flake8 in that it sets a default list of common directories and filename patterns to exclude. Fixes PyCQA#543 Signed-off-by: Eric Brown <browne@vmware.com> Add push and pull request to GH Action trigger It appears that Actions are not triggered for all pull requests. I suspect the Actions need to register for event push and pull_request in order to run CI on commits. Signed-off-by: Eric Brown <browne@vmware.com> Fix grammar issues and typos. Fix more grammar issues Added @lukehinds text about commit messages and squash commits from https://gist.githubusercontent.com/lukehinds/3337941149fc25ed91567037a0ebf026/raw/c1db6186c7e14ff316db2fe61fa046ab07251275/gistfile1.txt Remove extra parentheses
mikespallino
pushed a commit
to mikespallino/bandit
that referenced
this issue
Jan 7, 2022
Resolves PyCQA#548 Add code of conduct. Add links to contributing.md file. Fix typo. Fix docs for B610,B611,B703 (PyCQA#555) * Fix docs for B610,B611,B703 * Address flake8 notice by adding blank line * Fix long lines Use SPDX license identifier instead of bulky headers (PyCQA#530) * Use SPDX license identifier instead of bulky headers There exists a nice, consistent way to denote licenses in source files. It's called SPDX and further information is here [1]. This commit migrates the bulky apache-2 license headers with the SPDX short identifier equivalent. [1] https://spdx.org/ids-how Signed-off-by: Eric Brown <browne@vmware.com> * Update test-requirements.txt Add a section explaining "nosec" (PyCQA#554) * Add a section explaining "nosec" References PyCQA#553 * Remove duplicated "in your code" replace 'then' with 'than' Signed-off-by: Pablo Woolvett <pablo.wooveltt@iconstruye.onmicrosoft.com> Add sha1 to the list of insecure hashes The hashlib.new test plugin was only checking for MD4 and MD5. This patch extends the list of insecure hashes to include SHA1, which has known exploits. Fixes PyCQA#560 Signed-off-by: Eric Brown <browne@vmware.com> Use GitHub Actions to run CI (PyCQA#565) * Use GitHub Actions to run CI This change utilizes GitHub Actions to run the CI for our unit tests instead of the current Travis-CI. * Delete .travis.yml Ignore common directories by default This fix follows the example of flake8 in that it sets a default list of common directories and filename patterns to exclude. Fixes PyCQA#543 Signed-off-by: Eric Brown <browne@vmware.com> Add push and pull request to GH Action trigger It appears that Actions are not triggered for all pull requests. I suspect the Actions need to register for event push and pull_request in order to run CI on commits. Signed-off-by: Eric Brown <browne@vmware.com> Fix grammar issues and typos. Fix more grammar issues Added @lukehinds text about commit messages and squash commits from https://gist.githubusercontent.com/lukehinds/3337941149fc25ed91567037a0ebf026/raw/c1db6186c7e14ff316db2fe61fa046ab07251275/gistfile1.txt Remove extra parentheses
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your feature request related to a problem? Please describe.
For new comers it can be hard to find out what should be done in order to add a new test or plugin.There should be CONTRIBUTING.md file including the pull request process.
Describe the solution you'd like
Adding a CONTRIBUTING.md
Additional context
CONTRIBUING.md file must contain steps of adding a new feature or fixing a bug,
for example when you add a new plugin what files you need to edit?readme, tests, examples etc.
This could help new comers to know exactly how to create a valid pull request :).
The text was updated successfully, but these errors were encountered: