Thank you for even considering contributing to NuGetDefense. Every contribution can help us all to be more secure. Reading over these guidelines ensure that your contributions are able to be handled as efficiently as possible.
There are many ways to contribute to this project.
The easiest is using it in your own projects. Every use of NuGetDefense is one more scenario we can use to ensure there are no hidden edgecase bugs.
Report issues you run into in the correct format. Having the bug-report or feature request in a familiar format makes it easier to understand what the problem/request is and what can be done about it.
Pull requests are always welcome for any of the NuGetDefense repositories, but please open an issue on the the main repository first. This will help to consolidate bugs/feature requests in one place so that anyone searching for a solution to an existing issue can easily find details about it.
Unit Tests do not require an Issue on the main repository before being submitted. All PR's for unit tests must be passing. If they do not pass, an issue may need to be opened before the PR can be accepted to make sure that anyone looknig for that issue is aware of when it is fixed.
Documentation, blog posts, and word-of-mouth are great ways to get more eyes on the code as well as increase the use cases we can target in our tests.
Please, don't use the issue tracker for general support and questions. You'll probably get faster responses on Gitter, and if necesary, it will trigger a request in the issue tracker for better documentation.
- Ensure cross-platform compatibility for every change.
- Create issues for any major and enhancements that you wish to make. Discuss things transparently and get community feedback.
- Follow the conventions you see being used. If you don't know what something does, ask in our Gitter or on the issue you are working on.
- Be welcoming to newcomers and encourage diverse new contributors from all backgrounds.
- Ensure all feedback is constructive. Telling somone their contribution is messy/trash doesn't help. Explain what is wrong with their code/idea in a respectful manner and suggest ways to improve it.
- Rebase before submitting a PR. If you don't know how to do this, just ask. If you want to know more about rebaseing this is an explanation with illustrations that may make it easier to visualize.
All contributions to the main NuGetDefense repositories are to licensed using the same license as the rest of this project. This means it can be used anywhere inluding a commercial poduct. Security is important and there is no reason to limit use of NuGetDefense.
If you feel your contribution needs to be licensed differently, then it needs to go into a separate repository. Feel free to reach out and get assistance in doing this.
Now you should be ready to contribute to NuGetDefense. Feel free to ask questions and seek help. Everyone starts somewhere and we can all work together to achieve security.