First off, thanks for taking the time to contribute!!
StartLeft is an Open Source project that welcomes collaborators to extend or improve its functionality. Despite the fact that it was born as an internal IriusRisk project, there are some characteristics that make it especially suitable to grow through the contributions of the community:
- The nature of the project, whose functional scaling is based on the support of new, independent, source formats.
- The conversion into the Open Threat Model (OTM) format is based on configuration files that can also be created independently depending on the expected OTM use.
- The modularized architecture enables collaborators to contribute to each format's processor without conflicts.
The contributing strategy for StartLeft is based on standardized procedures for collaborating in GitHub Open Source projects, so these resources may be helpful for you:
- Finding ways to contribute to open source on GitHub.
- Set up Git.
- GitHub flow.
- Collaborating with pull requests.
All you need to know about StartLeft is on its documentation page. Once you get familiarized with the project, you can check out the Quickstart Guide for Developers, which will guide you through the process of setting up the development environment as well as providing you with all the basics to start coding.
If you spot a problem with StartLeft, search if an issue already exists. If a related issue does not exist, you can open a new issue.
To propose improvements or changes that are not properly bugs or problems you can also use the issues section. In this case, please try to be as clear as you can and include in your issue:
- The context of the issue. Does it apply to the CLI? To the API? Is it an improvement for a specific SLP?
- The motivation of the proposal. How will the proposed change improve StartLeft?
- The goal of the issue. What is exactly the change that should be implemented?
In order to use the best approach for integration with external developers (also applicable to any contributor), the GitHub guide for contributing to projects will be used. Summarizing, the steps that an external developer must follow to contribute are:
- Fork the StartLeft repository.
- Implement your changes in your forked repository.
- Create a Pull Request (PR) from the forked branch to the StartLeft
devbranch in the main repository describing the changes done and their motivations. - The PR will be reviewed by the owners' team using the GitHub strategy. for async communication.
- Once approved, the PR will be merged in the
devbranch of the StartLeft repository and delivered in the next release.
Disclaimer: Any PR which contains changes in otm_schema.json file will be discarded. If you want to propose any change in the schema should be made through https://github.com/iriusrisk/OpenThreatModel
There are no specific code conventions for the StartLeft project. At this point, the generic Style Guide for Python Code is followed. So, please take a look at it before starting coding, paying special attention to the naming conventions. Anyway, if some doubt arises in a PR, it can be discussed to get aligned.