Code scanning with CodeQL

.github/ISSUE_TEMPLATE/task.md

@@ -0,0 +1,11 @@
+---
+name: Task
+about: Tasks are small units of work that can be completed within one day of work
+title: "[Task]"
+labels: 'task'
+assignees: ''
+---
+Story: XX
+
+**Description**
+A clear and concise description of what the this task is about.

.github/ISSUE_TEMPLATE/user_story.md

@@ -2,7 +2,7 @@
 name: User story
 about: User story with acceptance criteria
 title: ''
-labels: ''
+labels: 'story'
 assignees: ''
 
 ---

.github/workflows/codeql-analysis.yml

@@ -0,0 +1,65 @@
+# For most projects, this workflow file will not need changing; you simply need
+# to commit it to your repository.
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+#
+# ******** NOTE ********
+# We have attempted to detect the languages in your repository. Please check
+# the `language` matrix defined below to confirm you have the correct set of
+# supported CodeQL languages.
+#
+name: "CodeQL"
+
+on:
+  push:
+    branches: [ main, develop ]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ main ]
+  schedule:
+    - cron: '39 16 * * 2'
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'python' ]
+        # Learn more:
+        # https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v2
+
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v1
+      with:
+        languages: ${{ matrix.language }}
+        # If you wish to specify custom queries, you can do so here or in a config file.
+        # By default, queries listed here will override any specified in a config file.
+        # Prefix the list here with "+" to use these queries and those in the config file.
+        # queries: ./path/to/local/query, your-org/your-repo/queries@main
+
+    # ℹ️ Command-line programs to run using the OS shell.
+    # 📚 https://git.io/JvXDl
+
+    # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
+    #    and modify them (or add more) to build your code if your project
+    #    uses a compiled language
+
+    #- run: |
+    #   make bootstrap
+    #   make release
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v1

CONTRIBUTING.md

@@ -0,0 +1,24 @@
+# How to contribute to Azure TRE
+
+First of all thank you. Azure TRE is a collective effort to make it easier to create and manage trusted research environment.
+
+## **Did you find a bug?**
+
+* **Ensure the bug was not already reported** by searching on GitHub under [Issues](https://github.com/microsoft/AzureTRE/issues).
+* If you're unable to find an open issue addressing the problem, [open a new one](https://github.com/microsoft/AzureTRE/issues/new?assignees=&labels=bug&template=bug_report.md&title=%5BBUG%5D). Be sure to include a **title and clear description**, as much relevant information as possible, and a **code sample** or an **executable test case** demonstrating the expected behavior that is not occurring.
+
+## **Did you write a patch that fixes a bug?**
+
+* Open a new GitHub pull request with the patch.
+* Ensure the PR description clearly describes the problem and solution. Include the relevant issue number if applicable.
+* Before submitting, please double check on the current coding conventions used.
+
+## **Do you intend to add a new feature or change an existing one?**
+
+* Open a [new feature issue](https://github.com/microsoft/AzureTRE/issues/new?assignees=&labels=feature&template=feature_request.md&title=) so we can first discuss the changes there. After the discussion you may send a PR with relevant changes. Do not send a PR without discussion on an issue.
+
+## **Do you want to contribute to Azure TRE?**
+
+* Great, please create an issue were the community can discuss the change. Then fork the repository, make your change and then create a PR. Make sure the solution is tested and provide steps on how to test the change in the PR.
+
+Thanks! :heart: :heart: :heart:

README.md

@@ -1,14 +1,18 @@
-# Project Status
+# Azure Trusted Research Environment
 
-**This project is currently under development.**
+## Project Status
+
+**This project is currently under active development, and not yet ready for production deployments.**
+
+Development is being carried out in the [develop](https://github.com/microsoft/AzureTRE/tree/develop/) branch.
 
 The aim is to bring together learnings from past customer engagements where TREs have been built into a single reference solution.  This is a solution accelerator aiming to be a great starting point for a customized TRE solution. You're encouraged to download and customize the solution to meet your requirements
 
 This project does not have a dedicated team of maintainers but relies on you and the community to maintain and enhance the solution. Microsoft will on project-to-project basis continue to extend the solution in collaboration with customers and partners. No guarantees can be offered as to response times on issues, feature requests, or to the long term road map for the project.
 
 It is important before deployment of the solution that the [Support Policy](SUPPORT.md) is read and understood.
 
-## Azure Trusted Research Environment
+## Background
 
 Across the health industry, be it a pharmaceutical company interrogating clinical trial results, or a public health provider analyzing electronic health records, there is the need to enable researchers, analysts, and developers to work with sensitive data sets.
 
@@ -18,11 +22,11 @@ Workspaces can be configured with a variety of tools to enable tasks such as the
 
 A successful Trusted Research Environments enables users to be as productive, if not more productive than they would be working in environments without strict information governance controls.
 
-### Support
+## Support
 
 For details of support expectations, please review our [Support Policy](./SUPPORT.md).
 
-### Contributing
+## Contributing
 
 This project welcomes contributions and suggestions.  Most contributions require you to agree to a
 Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us
@@ -36,7 +40,7 @@ This project has adopted the [Microsoft Open Source Code of Conduct](https://ope
 For more information see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) or
 contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with any additional questions or comments.
 
-### Trademarks
+## Trademarks
 
 This project may contain trademarks or logos for projects, products, or services. Authorized use of Microsoft trademarks or logos is subject to and must follow [Microsoft's Trademark & Brand Guidelines](https://www.microsoft.com/en-us/legal/intellectualproperty/trademarks/usage/general).
 Use of Microsoft trademarks or logos in modified versions of this project must not cause confusion or imply Microsoft sponsorship.

docs/concepts.md

@@ -2,11 +2,11 @@
 
 Trusted Research Environments enforce a secure boundary around distinct workspaces to enable information governance controls to be enforced. Each workspace is accessible by a set of authorized users, prevents the exfiltration of sensitive data, and has access to one or more datasets provided by the data platform.
 
-One or more workspace services are deployed into a workspace to provide resources accessible by the workspace users.
+One or more workspace services are deployed into a workspace to provide resources accessible by the [workspace users](./user-roles.md).
 
-The workspaces and the services can be deployed and managed via the Management API.
+The workspaces and the services can be deployed and managed via the API of the Composition Service.
 
-![Concepts](./assets/concepts.png)
+![Concepts](./assets/treconcepts.png)
 
 ## Workspace
 
@@ -18,11 +18,11 @@ Multiple workspaces can be created within a single Trusted Research Environment
 
 ## Service
 
-A service provide one or more capabilities to you as a user of the TRE or to the TRE itself.  Depending on the type of the service it is scoped to the environment and shared across all workspaces or scoped to a specific workspace.
+A service provide one or more capabilities to you as a user of the TRE or to the TRE itself.  Depending on the type of the service it is scoped to the environment and shared across all workspaces (Shared service) or scoped to a specific workspace (Workspace service).
 
-The types of services required for a research project varies greatly why extensibility is a key aspect of the Azure TRE solution so new services can be developed by you and your organization to fit your needs.
+The types of services required for a research project varies greatly why extensibility is a key aspect of the Azure TRE solution. New services can be developed by you and your organization to fit your needs.
 
-Some workspace services are accessible from outside the protected network, such as a Virtual Desktop. But no data will be permitted to be transferred outside the protected network. Others such as Azure Machine Learning might need access restricting to via a Virtual Desktop.
+Some workspace services are accessible from outside the protected network, such as a Virtual Desktop. But no data will be permitted to be transferred outside the protected network. Other services such as Azure Machine Learning might need access restricting to via a Virtual Desktop.
 
 Below are examples of services that are available in the Azure TRE solution.
 
@@ -31,18 +31,16 @@ Below are examples of services that are available in the Azure TRE solution.
 These are services and resource shared by all workspaces.
 
 - Firewall
-- Python Package Mirror
+- Application Package Mirror
 - Git Mirror
 
 ### Workspace services
 
 - Virtual Desktop
 - Azure Machine Learning
 
-## Workspace Service Resources
+## Composition Service
 
-Some workspace services allow users to create their own instances of the resources provided by the service in the current workspace. For example, the Virtual Desktop service allow each user to deploy their own virtual machines with remote access and storage.
-
-## Management API
-
-The Management API is an HTTP API surface that allows you to provision and manage workspaces and services within the TRE. By using the Management API you can integrate the TRE services lifecycle into your workflows and provide access to the services from your custom applications.
+The composition service offers an abstraction over the lower-level Azure resources to allow for TRE users to provision resources in terms of workspaces and workspace services.
+The composition service exposes resources – based on above concepts – as an HTTP API where users and applications can model the desired representation of the TRE, i.e., define which workspaces should contain which workspace services.
+The composition service reconciles the desired state with the actual state by invoking Azure resource deployments.