We welcome contributions to the protobom project! By participating in this project, you agree to abide by the Code of Conduct.
To contribute to the protobom repository, follow these steps:
- Fork the repository.
- Create a new branch for your contribution:
git checkout -b feature/new-feature - Make your desired changes to the codebase.
- Commit your changes with a descriptive commit message.
- Push your branch to your forked repository:
git push origin feature/new-feature - Open a pull request against the
mainbranch of the protobom repository.
For detailed information on setting up your development environment and contributing to the protobom repository, please refer to the Development Guide.
We strive to maintain a consistent code style throughout the project. When contributing to the Go library, please ensure your code follows the following guidelines:
- Use meaningful variable and function names following the camel case convention (
myVariable,myFunction). - Write clear and concise comments to describe your code's purpose and functionality.
- Adhere to Go formatting guidelines by running using gofumpt and can be ran using
golangci-lint runor by using recommit hooks. - Follow the best practices and idiomatic style described in Effective Go.
We highly encourage writing tests for new features and bug fixes. This ensures the stability and reliability of the codebase. There is unit/integration testing and conformance testing.
The purpose of conformance testing is to ensure that the system or software meets the requirements set forth by the relevant standards or specifications. Reference README.md for more details about conformance testing.
we strive to keep our test coverage high so please add tests to any functions you introduce by your contributions.
If you encounter any issues or have suggestions for improvements, please open an issue on the issue tracker.
- #protobom on OpenSSF Slack
- OpenSSF Security Tooling Working Group Meeting - Every other Friday at 8am Pacific
- SBOM Tooling Working Meeting - Every Monday, 2pm Pacific
When contributing to the protobom project, it is important to understand and agree to the licensing terms. All contributions to the project will be licensed under the Apache 2.0 License. By submitting a pull request, you are agreeing to these terms.
To ensure a clear licensing history and proper attribution, code commits in the project require a signoff. The signoff indicates that you have read and agree to the Developer Certificate of Origin (DCO), which states that you have the right to contribute the code and that it does not infringe on any copyright or intellectual property rights. The DCO signoff helps protect the project and its contributors.
Thank you for contributing to protobom! We appreciate your help in making our project better.