jiazhizhong/higress
1
0
Fork 0
mirror of https://github.com/alibaba/higress.git synced 2026-05-21 11:17:28 +08:00
Code Issues Packages Projects Releases Wiki Activity

docs: update SECURITY.md, CONTRIBUTING docs, and remove OpenSSF badge placeholder

Browse Source 
- SECURITY.md: formalize vulnerability reporting process with GitHub Private
  Security Advisory and email channels, add response SLA (3-day ack, 14-day
  triage, 90-day disclosure), add security response team and disclosure policy
- CONTRIBUTING_EN/CN/JP.md: add test requirements for new functionality
  (30% plugin coverage gate, 50% patch coverage), link security reporting
  to SECURITY.md
- README/README_ZH/README_JP: remove OpenSSF Best Practices badge placeholder
  until passing badge is achieved

Change-Id: Ice19b163c48dab73c903a0b9f4c33ddeff892ebb
Co-developed-by: Kiro <noreply@kiro.dev>
Signed-off-by: EndlessSeeker <1766508902@qq.com>
This commit is contained in:
EndlessSeeker
2026-04-28 15:45:33 +08:00
parent 018003fb41
commit 3e84ff3537
7 changed files with 111 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
CONTRIBUTING_EN.md
View File

@@ -23,7 +23,7 @@ Your interest in contributing to Higress is warmly welcomed. First, we encourage
## Reporting security issues
Security issues are always treated seriously. As our usual principle, we discourage anyone to spread security issues. If you find a security issue of Higress, please do not discuss it in public and even do not open a public issue. Instead we encourage you to send us a private email to [higress@googlegroups.com](mailto:higress@googlegroups.com) to report this.
Security issues are always treated seriously. As our usual principle, we discourage anyone to spread security issues. If you find a security issue of Higress, please do not discuss it in public and even do not open a public issue. Instead please follow the process described in [`SECURITY.md`](./SECURITY.md) to report vulnerabilities privately.
## Reporting general issues
@@ -204,9 +204,18 @@ make prebuild && go mod tidy
Any test case would be welcomed. Currently, Higress function test cases are high priority.
* For unit test, you need to create a test file named `xxxTest.go` in the test directory of the same module.
* For integration test, you can put the integration test in the test directory.
//TBD
### Test requirements for new functionality
- **New Wasm plugins**: MUST include unit tests with at least 30% code coverage (enforced by CI).
- **New core features**: SHOULD include unit tests and, where applicable, E2E conformance test cases.
- **Bug fixes**: SHOULD include a regression test that reproduces the bug.
- **Patch coverage**: New or changed code must meet a 50% coverage target for the patch (enforced by Codecov via `codecov.yml`).
### How to write tests
* For unit tests, create a test file named `xxxTest.go` in the test directory of the same module.
* For integration tests, you can put the integration test in the test directory.
* For Wasm plugin E2E tests, add test cases in `test/e2e/conformance/tests/`. See [test/README.md](./test/README.md) for details.
## Engage to help anything
We choose GitHub as the primary place for Higress to collaborate. So the latest updates of Higress are always here. Although contributions via PR is an explicit way to help, we still call for any other ways.