Thank you for your interest in contributing! We strive to make the process straightforward and rewarding.
- Submit or enhance security rules in Rego format
- Report security gaps or issues
- Improve documentation
- Provide feedback on rule effectiveness
- Fork the Repository on GitHub.
- Clone Your Fork to your local machine.
- Create a Branch from
main(e.g.,feature/short-description). - Make Changes adhering to coding standards.
- Commit Your Changes with a descriptive message.
- Sync with Upstream to keep your fork updated.
- Push to Your Fork the new branch.
- Submit a Pull Request with a clear description.
- Address Feedback from code reviewers.
- Unique ID (e.g., AWS_001)
- Clear title and description
- Severity level
- Applicable cloud service
- Compliance mappings if any (CIS, NIST, etc.)
- Test cases for valid/invalid scenarios
- Feature:
feature/short-description - Task:
task/short-description - Bug Fix:
bugfix/short-description - Issue-Based:
issue-123-short-description
- Update Branches: Regularly sync with
main. - Descriptive Commits: Clearly describe changes.
- Test Changes: Ensure all tests pass.
- Code Reviews: Be open to feedback.
- Documentation: Update as needed.
- Pull Requests: Provide clear descriptions and link issues.
Use GitHub Issues to report bugs or suggest improvements. Include:
- Rule ID (if applicable)
- Expected vs actual behavior
- Infrastructure code sample
- Relevant error messages
- Include test cases for all rules
- Test compliant and non-compliant scenarios
- Include edge cases
- Verify performance impact
Join our Discord community for questions and discussions.