Merge pull request #4 from aj-stein-gsa/chore-add-misc-files

Add SECURITY, USERS, and GitHub support files

.github/CODEOWNERS

@@ -0,0 +1,11 @@
+# This file lists the contributors responsible for the
+# repository content. They will also be automatically
+# asked to review any pull request made in this repository.
+
+# Each line is a file pattern followed by one or more owners.
+# The sequence matters: later patterns take precedence.
+
+# FILES  OWNERS
+*                     @david-waltermire @repo-managers-oscal-server
+/.github              @repo-managers
+/.github/workflows    @workflow-managers

.github/CONTENTS.md

@@ -0,0 +1,8 @@
+# Metaschema Framework's Supporting Files for GitHub
+
+This directory contains supporting files for Metaschema GitHub repository use. The structure and contents of the directory are as follows:
+
+- [ISSUE_TEMPLATE](ISSUE_TEMPLATE): This directory contains several templates for creating new issues in GitHub.
+- [issue_template.md](issue_template.md): This file contains a template for creating a new issue in GitHub containing a user story.
+- [PULL_REQUEST_TEMPLATE.md](issue_template.md): This file contains a template to be filled out for each GitHub pull request by the person submitting it.
+- [dependabot.yml](dependabot.yml): GitHub Dependabot [configuration](https://docs.github.com/en/code-security/dependabot/dependabot-version-updates).

.github/ISSUE_TEMPLATE/1-feature_request.yml

@@ -0,0 +1,43 @@
+
+
+name: Feature Request
+description: Suggest an idea for this project
+labels: ['User Story', 'enhancement']
+body:
+  - type: textarea
+    id: story
+    attributes:
+      label: User Story
+      description: Describe the feature from the user's perspective.
+      placeholder: |
+        As a {stakeholder}, I {provide a clear and concise description of what the problem is. Ex. I need to be able to ...}
+    validations:
+      required: true
+  - type: textarea
+    id: goals
+    attributes:
+      label: Goals
+      description: Describe what you want to happen. This should be outcome focused. Include descriptions of any alternative solutions or features you've considered. Feel free to include any screenshots or examples.
+    validations:
+      required: true
+  - type: textarea
+    id: dependencies
+    attributes:
+      label: Dependencies
+      description: Describe any previous issues or related work that must be completed to start or complete this issue.
+  - type: textarea
+    id: acceptance_criteria
+    attributes:
+      label: Acceptance Criteria
+      description: The items below are general acceptance criteria for all User Stories. Please describe anything else that must be completed for this issue to be considered resolved.
+      value: |
+        - [ ] All website and readme documentation affected by the changes in this issue have been updated.
+        - [ ] A Pull Request (PR) is submitted that fully addresses the goals of this User Story. This issue is referenced in the PR.
+        - [ ] The CI-CD build process runs without any reported errors on the PR. This can be confirmed by reviewing that all checks have passed in the PR.
+    validations:
+      required: true
+  - type: textarea
+    id: revisions
+    attributes:
+      label: Revisions
+      description: If you are creating the issue, this field is not required. When working on the issue, this field is for assigned developers to flag any important changes made to the description, goals, or acceptance criteria needed to complete the work.

.github/ISSUE_TEMPLATE/2-bug_report.yml

@@ -0,0 +1,44 @@
+name: Bug report
+description: Create a report to help us improve
+labels: ['bug']
+body:
+  - type: textarea
+    id: bug-description
+    attributes:
+      label: Describe the bug
+      description: A clear and concise description of what the bug is
+    validations:
+      required: true
+  - type: textarea
+    id: bug-affecting-who
+    attributes:
+      label: Who is the bug affecting
+      description: Describe the stakeholders affected by this bug
+    validations:
+      required: true
+  - type: textarea
+    id: bug-replication
+    attributes:
+      label: How do we replicate this issue
+      description: What are the steps to reproduce this behavior (use screenshots if applicable)
+      placeholder: |
+        1. Do this...
+        2. Then this...
+        3. See error...
+    validations:
+      required: true
+  - type: textarea
+    id: bug-solution
+    attributes:
+      label: Expected behavior (i.e. solution)
+      description: A clear and concise description of what you expected to happen
+    validations:
+      required: true
+  - type: textarea
+    id: bug-comments
+    attributes:
+      label: Other comments
+      description: |
+        Add any other context about the problem here.
+    validations:
+      required: false

.github/ISSUE_TEMPLATE/README.md

@@ -0,0 +1,6 @@
+# GitHub Issue Template Files
+
+This directory contains templates for creating new project issues in GitHub. The structure and contents of the directory are as follows:
+
+* [bug_report.md](bug_report.md): This file contains a template for creating a new issue in GitHub to report a bug.
+* [feature_request.md](feature_request.md): This file contains a template for creating a new issue in GitHub containing a user story.

.github/ISSUE_TEMPLATE/config.yml

@@ -0,0 +1 @@
+blank_issues_enabled: false

.github/dependabot.yml

@@ -0,0 +1,15 @@
+version: 2
+updates:
+  # Maintain dependencies for GitHub Actions
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      # Check for updates to GitHub Actions every weekday
+      interval: "daily"
+    target-branch: "develop"
+  # Maintain dependencies for Maven
+  - package-ecosystem: "maven"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    target-branch: "develop"

SECURITY.md

@@ -0,0 +1,18 @@
+# Reporting Security Issues
+
+The Metaschema Framework team and community take security bugs in our software seriously. We appreciate your efforts to responsibly disclose your findings, and will make every effort to acknowledge your contributions.
+
+To report a security issue, please use the GitHub Security Advisory ["Report a Vulnerability"](https://github.com/metaschema-framework/metaschema-java/security/advisories/new) tab.
+
+The Metaschema Framework  team will send a response indicating the next steps in handling your report. After the initial reply to your report, the security team will keep you informed of the progress towards a fix and full announcement, and may ask for additional information or guidance.
+
+Report security bugs in third-party modules to the person or team maintaining the module.
+
+## Supported Versions
+
+The following versions of the code in this repository are supported.
+
+| Version   | Supported          |
+| --------- | ------------------ |
+| `1.x.x`   | :white_check_mark: |
+| < `1.0.0` | :x:                |

USERS.md

@@ -0,0 +1,7 @@
+# Documentation for users of OSCAL tools and content
+
+The following types of users are most likely to benefit from consuming OSCAL tools and content when they are available:
+ * *Operations personnel*, who will be able to rapidly verify that systems comply with organizational security requirements
+ * *Security and privacy personnel*, who will be able to automatically identify problems and address them quickly before loss or damage occur; for example, a profile could be used to identify incorrect parameter values that are weakening security
+ * *Auditors/assessors*, who will be able to perform audits/assessments on demand with minimal effort
+ * *Policy personnel*, who will be able to better identify systemic problems that necessitate changes to organization security policy