Merge branch 'main' into chore/scorecard

.github/workflows/f5-cla.yml

@@ -0,0 +1,51 @@
+name: F5 CLA
+
+on:
+  issue_comment:
+    types:
+      - created
+  pull_request_target:
+    types:
+      - opened
+      - synchronize
+      - reopened
+
+concurrency:
+  group: ${{ github.ref_name }}-cla
+
+permissions:
+  contents: read
+
+jobs:
+  f5-cla:
+    name: F5 CLA
+    runs-on: ubuntu-22.04
+    permissions:
+      actions: write
+      contents: read
+      pull-requests: write
+      statuses: write
+    steps:
+      - name: Run F5 Contributor License Agreement (CLA) assistant
+        if: (github.event.comment.body == 'recheck' || github.event.comment.body == 'I have hereby read the F5 CLA and agree to its terms') || github.event_name == 'pull_request_target'
+        uses: contributor-assistant/github-action@f41946747f85d28e9a738f4f38dbcc74b69c7e0e # v2.5.1
+        with:
+          # Any pull request targeting the following branch will trigger a CLA check.
+          branch: "main"
+          # Path to the CLA document.
+          path-to-document: "https://github.com/f5/.github/blob/main/CLA/cla-markdown.md"
+          # Custom CLA messages.
+          custom-notsigned-prcomment: "🎉 Thank you for your contribution! It appears you have not yet signed the F5 Contributor License Agreement (CLA), which is required for your changes to be incorporated into an F5 Open Source Software (OSS) project. Please kindly read the [F5 CLA](https://github.com/f5/.github/blob/main/CLA/cla-markdown.md) and reply on a new comment with the following text to agree:"
+          custom-pr-sign-comment: "I have hereby read the F5 CLA and agree to its terms"
+          custom-allsigned-prcomment: "✅ All required contributors have signed the F5 CLA for this PR. Thank you!"
+          # Remote repository storing CLA signatures.
+          remote-organization-name: "f5"
+          remote-repository-name: "f5-cla-data"
+          path-to-signatures: "signatures/beta/signatures.json"
+          # Comma separated list of usernames for maintainers or any other individuals who should not be prompted for a CLA.
+          allowlist: bot*
+          # Do not lock PRs after a merge.
+          lock-pullrequest-aftermerge: false
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          PERSONAL_ACCESS_TOKEN: ${{ secrets.F5_CLA_TOKEN }}

.markdownlint-cli2.yaml

@@ -0,0 +1,18 @@
+# Rule configuration.
+# For rule descriptions and how to fix: https://github.com/DavidAnson/markdownlint/tree/main#rules--aliases
+config:
+  ul-style:
+    style: dash
+  no-duplicate-heading:
+    siblings_only: true
+  line-length:
+    line_length: 120
+    code_blocks: false
+    tables: false
+
+# Define glob expressions to ignore
+ignores:
+  - ".github/"
+
+# Fix any fixable errors
+fix: true

.pre-commit-config.yaml

@@ -18,3 +18,27 @@ repos:
         args: [--autofix, --no-sort-keys, --no-ensure-ascii]
       - id: mixed-line-ending
         args: [--fix=lf]
+
+  - repo: https://github.com/gitleaks/gitleaks
+    rev: v8.18.4
+    hooks:
+      - id: gitleaks
+
+  - repo: https://github.com/DavidAnson/markdownlint-cli2
+    rev: v0.14.0
+    hooks:
+      - id: markdownlint-cli2
+
+  - repo: https://github.com/adrienverge/yamllint.git
+    rev: v1.35.1
+    hooks:
+      - id: yamllint
+
+  - repo: https://github.com/thlorenz/doctoc
+    rev: v2.2.0
+    hooks:
+      - id: doctoc
+        args: [--update-only, --title, "## Table of Contents"]
+
+ci:
+  autoupdate_schedule: quarterly # We use renovate for more frequent updates and there's no way to disable autoupdate

.yamllint.yaml

@@ -0,0 +1,17 @@
+---
+ignore-from-file: .gitignore
+
+extends: default
+
+rules:
+  comments:
+    min-spaces-from-content: 1
+  comments-indentation: enable
+  document-start: disable
+  empty-values: enable
+  line-length:
+    max: 120
+    ignore: |
+      .github/
+  truthy:
+    check-keys: false

README.md

@@ -4,7 +4,6 @@
 
 # Publish Docker images to AWS Marketplace
 
-
 This is a simple GitHub Action to publish new versions of Docker images to AWS Marketplace.
 At the moment, it only supports adding a new version of an existing product. Contributions are welcome!
 

SECURITY.md

@@ -1,9 +1,17 @@
 # Security Policy
 
+## Latest Versions
+
+We advise users to run or update to the most recent release of this project.
+Older versions of this project may not have all enhancements and/or bug fixes applied to them.
+
 ## Reporting a Vulnerability
 
-The F5 Security Incident Response Team (F5 SIRT) has an email alias that makes it easy to report potential security vulnerabilities.
+The F5 Security Incident Response Team (F5 SIRT) has an email alias that makes it easy to report potential security
+vulnerabilities.
 
-Please report any potential or current instances of security vulnerabilities with any F5 product to the F5 Security Incident Response Team at [email protected]
+- If you’re an F5 customer with an active support contract, please contact [F5 Technical Support](https://www.f5.com/services/support).
+- If you aren’t an F5 customer, please report any potential or current instances of security vulnerabilities with any F5
+  product to the F5 Security Incident Response Team at <[email protected]>
 
-For more information visit https://www.f5.com/services/support/report-a-vulnerability
+For more information visit <https://www.f5.com/services/support/report-a-vulnerability>