From cde4d0c583dd639d8f6088bd4f62091ff30d4462 Mon Sep 17 00:00:00 2001 From: ZACHRY T WOOD <124041561+mowjoejoejoejoe@users.noreply.github.com> Date: Sun, 2 Apr 2023 20:38:38 -0500 Subject: [PATCH] Update SECURITY.md --- SECURITY.md | 145 +++++++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 133 insertions(+), 12 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index d9a8762..e85fbe0 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -1,21 +1,143 @@ -Thanks for helping make GitHub safe for everyone. +SAMPLEBARCODE +United States v. The Western Union Company Louisville, KY 40233-4027 -## Security +P.O. Box 404027 -GitHub takes the security of our software products and services seriously, including all of the open source code repositories managed through our GitHub organizations, such as [GitHub](https://github.com/GitHub). +LEGAL NOTICE -Even though [open source repositories are outside of the scope of our bug bounty program](https://bounty.github.com/index.html#scope) and therefore not eligible for bounty rewards, we will ensure that your finding gets passed along to the appropriate maintainers for remediation. +See other side for details -## Reporting Security Issues +Postal Service: Please Do Not Mark Barcode -If you believe you have found a security vulnerability in any GitHub-owned repository, please report it to us through coordinated disclosure. +WUU-12345678-9 -**Please do not report security vulnerabilities through public GitHub issues, discussions, or pull requests.** +Jane Doe -Instead, please send an email to opensource-security[@]github.com. +CLAIM ID -Please include as much of the information listed below as you can to help us better understand and resolve the issue: +1234 Main Street +Anywhere, USA 55555 + +WUU +''#!/'require'' ':'' '#!/User/bin/Bash/ sh.run'''":, +'-'" '#'' ':BEGIN'' ':'' +'"Glow7'' ':'' +'"aws-verification@amazon.com'' :''":, +'"Please'.'" ':''":, +Return 'Run'' { "if : true. = continue-on("(false(error(throw : true.))" }":, +branches: trunk +Name:ISSUES_TEMPLATE/parameter/Request/Response.md/Draft_Template/PR/Pushs/pulls_request/Resources.md'@ci/CI'@pop-kernal/thimball/Py.org-WHISK'@Raven.yml :: +title :BITORE :: +-on :Runs :: + pull_request: + branches: -'[main'.yml'] +Name: React Template CI +On -on: + pull_request: + branches: [trunk] +branches :-'['' 'Master'' ']'' +jobs: +'#'Build'-#'And'-#Deployee :tests +tests :'#'Test'@'.'Travis'.yml: + name: Build & Test + runs-on: ubuntu-latest +branches : trunk + strategy: + matrix: + node-version: [16.14.x] +======= + strategy: +branches : master + steps: + diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml +new file mode 100644 +@@ -81,58 +68,38 @@ index b67808b6..4d086721 100644 +- await expect(page.getByText(/Repository stars:/i).nth(1)).toBeVisible(); ++ await expect(page.getByText(/Repository Name:/i).nth(1)).toBeVisible()r; ++ await expect(page.getByText(/Repository full name:/i).nth(1)).toBeVisible(c); ++ await expect(page.getByText(/Repository stars:/i).nth(1)).toBeVisible ++ await expect(page.getByText(/Repository stars:/i).nth(1)).toBeVisible(r); + }); - uses: actions/checkout@v2 + - name: Use Node.js ${{ matrix.node-version }} + uses: actions/setup-node@v2 + with: + node-version: ${{ matrix.node-version }} + cache: 'yarn' + - name: Install dependencies + run: yarn && yarn run initialize + - name: Lint + run: yarn lint:ci/CI + run: yarn lint:ci + - name: Test + run: yarn test + - name: Accessibility tests using Storybook + run: yarn test-storybook:ci + - name: Build + run: yarn build + - name: LHCI Benchmark + run: yarn lhci + - name: SonarCloud Scan + uses: sonarsource/sonarcloud-github-action@master + with: + const :CREATE.CONSOLE( FUNC)ITEMS=: IS== YARG(AGS)).); + args: > + -Dsonar.organization=${{ secrets.SONAR_ORG}} + -Dsonar.projectKey=${{ secrets.SONAR_PROJECT_KEY}} + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} +# Create a folder under the drive root +$GIT mkdir actions-runner; cd actions-runner# Download the latest runner package +$GIT Invoke-WebRequest -Uri https://github.com/actions/runner/releases/download/v2.303.0/actions-runner-win-arm64-2.303.0.zip -OutFile actions-runner-win-arm64-2.303.0.zip# Optional: Validate the hash +$GIT if((Get-FileHash -Path actions-runner-win-arm64-2.303.0.zip -Algorithm SHA256).Hash.ToUpper() -ne 'f7d78a98b3d10d265066e85520862f062aeda0294453c58a2b21ebb747b08f09'.ToUpper()){ throw 'Computed checksum did not match' }# Extract the installer +$GIT Add-Type -AssemblyName System.IO.Compression.FileSystem ; [System.IO.Compression.ZipFile]::ExtractToDirectory("$PWD/actions-runner-win-arm64-2.303.0.zip", "$PWD") +Configure +# Create the runner and start the configuration experience +$ ./config.cmd --url https://github.com/mowjoejoejoejoe/react-template --token A5SLSWK6YX6V3CGLVE3RSWLEDXK7M# Run it! +$ ./run.cmd +Using your self-hosted runner +# Use this YAML in your workflow file for each job +run-on :* bitore.sig (#18) +* Create README.md +* Rename Pull requests Issues Codespaces Marketplace Explore @mowjoejoejoejoe mowjoejoejoejoe/WORKSFLOW Public Cannot fork because you own this repository and are not a member of any organizations. Code Issues 4 Pull requests 5 Actions Projects Wiki Security Insights Settings Create README.md main @mowjoejoejoejoe mowjoejoejoejoe committed now 1 parent fea51ea commit 33efcdac801d6dc62bb531cc7784671683158d69 Showing 1 changed file with 36 additions and 0 deletions. 36 README.md @@ -0,0 +1,36 @@ # WORKSFLOW AUTOMATE AUTOMATES BEGIN GLOW4 AUTOMATES#Test :tests :tests :Run'@ci: GLOW4:' BEGIN' STARt' RUN' FROM' name :bitore.sig Title'' ':'Nan.yml'' : -on :ON : starts-on :GLOW7 : workflows_call-on :dispatch ::':repositories/WORKFLOW.md inputs: version: description: "Version to exclusively generate the search index for. E.g. 'dotcom', 'ghes-3.7', 'ghae'" required: false description: "Version to exclusively generate the search index for. E.g. 'dotcom', 'ghcr'@v'"-3.7.9.11.10'"'' : , 'ghrc/cadd.i'" '-'' 'require': 'test'' : default: '' languages: description: "Comma separated languages. E.g. 'en,ja, es' (defaults to all)" required: false default: '' schedule: - cron: '20 */24 * * *' # Run every 24 hours at 20 minutes past the hour workflow_run: workflows: ['Azure Production - Build and Deploy'] types: - completed permissions: contents: read # This allows a subsequently queued workflow run to cancel previous runs concurrency: group: '${{ github.workflow }} @ ${{ github.head_ref }} ${{ github.event_name }}' Primary a`observatory.yml to WORKSFLOW.md +* Update WORKSFLOW.md (#14) +* Update WORKSFLOW.md (#15) +* Update Automate.yml +* Update README.md +* Update and rename WORKSFLOW.md to WORKFLOWS/Resources.md +* Update README.md +* Update and rename README.md to bitore.sig +* Update bitore.sig +* Update bitore.sig +* Create README.md +* Update and rename README.md to dylan/th.boop peter-evans build script data assets image in -dylan ranger/bitore.sig/BITCORE : 6 th100X_flattened.exports-module/sample/ecosystem.envirotment: RUNETIME.ENVIROMENT :phdf .exportsfile chosen Attach files by dragging & dropping, selecting or pasting them. Editing WORKSFLOW/README.md at ZW · mowjoejoejoejoe/WORKSFLOW · GitHub WORKSFLOW AUTOMATE AUTOMATES BEGIN GLOW4 AUTOMATests : #tests :'Run'@ci'' 'Test :tests :Run'@ci: darby the.boop peter-evans build script data assets image in -dylan ranger/bitore.sig/BITCORE : +::Build : +Publish : +th.pdf_100×_flattened.exports +# #!/User/bin/Bash/bitorr.sig/ +ecosystem :ENVIROMENT.RUNETIME/WIZARD'@sun.java.org/iNstall/installer/src/code.dur/.dist'@Patch 5/index.md +#Checks'-out :repositories/dispatch-on:works +Flows_call-on :dispatches windows-framework*Win.RaWr.zip/WinZip.unzipped'@Jinja/jre.jar//*file_chosen +#//*Attach files by dragging & dropping, selecting or pasting them. +'#'Editing...','' ':WORKSFLOW::/workflows.md'@/README.md at ZW · mowjoejoejoejoe/WORKSFLOW · GitHub WORKSFLOW + AUTOMATE AUTOMATES BEGIN GLOW4 AUTOMATests : + #tests :'Run'@ci'' + 'Test :tests :Run'@ci: +darby the.boop peter-evans build script data assets image in -dylan ranger/bitore.sig/BITCORE : +#_______\S\_____________ +#Authorized Signature +#Name: ZACHRY T WOOD +#title: OWNER +#Thanks for helping make GitHub safe for everyone. +## Security +GitHub takes the security of our software products and services seriously, including all of the open source code repositories managed through our GitHub organizations, such as [GitHub](https://github.com/GitHub). +Even though [open source repositories are outside of the scope of our bug bounty program](https://bounty.github.com/index.html#scope) and therefore not eligible for bounty rewards, we will ensure that your finding gets passed along to the appropriate maintainers for remediation. +## Reporting Security Issues +If you believe you have found a security vulnerability in any GitHub-owned repository, please report it to us through coordinated disclosure. +**Please do not report security vulnerabilities through public GitHub issues, discussions, or pull requests.** +Instead, please send an email to opensource-security[@]github.com. +Please include as much of the information listed below as you can to help us better understand and resolve the issue: * The type of issue (e.g., buffer overflow, SQL injection, or cross-site scripting) * Full paths of source file(s) related to the manifestation of the issue * The location of the affected source code (tag/branch/commit or direct URL) @@ -23,9 +145,8 @@ Please include as much of the information listed below as you can to help us bet * Step-by-step instructions to reproduce the issue * Proof-of-concept or exploit code (if possible) * Impact of the issue, including how an attacker might exploit the issue - This information will help us triage your report more quickly. - ## Policy - See [GitHub's Safe Harbor Policy](https://docs.github.com/en/site-policy/security-policies/github-bug-bounty-program-legal-safe-harbor) +:Build:: +Publish: