From 5650f954304e1af500ccbff0f7ef1b6da68c4ef2 Mon Sep 17 00:00:00 2001
From: Isaac Milarsky <imilarsky@gmail.com>
Date: Fri, 6 Dec 2024 12:49:08 -0600
Subject: [PATCH] changes based on repolinter output

---
 CONTRIBUTING.md | 74 +++++++++++++++++++++++++++++++++++++++++++++++++
 README.md       | 24 ++++++++++++++++
 2 files changed, 98 insertions(+)
 create mode 100644 CONTRIBUTING.md

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
new file mode 100644
index 0000000..c2f77d6
--- /dev/null
+++ b/CONTRIBUTING.md
@@ -0,0 +1,74 @@
+# How to Contribute 
+ <!-- Basic instructions about where to send patches, check out source code, and get development support.--> 
+ We're so thankful you're considering contributing to an [open source project of the U.S. government](https://code.gov/)! If you're unsure about anything, just ask -- or submit the issue or pull request anyway. The worst that can happen is you'll be politely asked to change something. We appreciate all friendly contributions. 
+ We encourage you to read this project's CONTRIBUTING policy (you are here), its [LICENSE](LICENSE.md), and its [README](README.md). 
+ 
+ # How to Contribute
+ <!-- Basic instructions about where to send patches, check out source code, and get development support.-->
+We're so thankful you're considering contributing to an [open source project of the U.S. government](https://code.gov/)! If you're unsure about anything, just ask -- or submit the issue or pull request anyway. The worst that can happen is you'll be politely asked to change something. We appreciate all friendly contributions.
+ 
+ We encourage you to read this project's CONTRIBUTING policy (you are here), its [LICENSE](LICENSE.md), and its [README](README.md). 
+ 
+ ## Getting Started
+ <!--- TODO: If you have 'good-first-issue' or 'easy' labels for newcomers, mention them here.--> 
+ 
+ ### Building Dependencies
+ <!--- TODO: This step is often skipped, so don't forget to include the steps needed to install on your platform. If you project can be multi-platform, this is an excellent place for first time contributors to send patches!--> 
+ 
+ ### Building the Project
+ <!--- TODO: Be sure to include build scripts and instructions, not just the source code itself! -->
+ 
+ ### Workflow and Branching
+ <!--- TODO: Workflow Example
+We follow the [GitHub Flow Workflow](https://guides.github.com/introduction/flow/)
+1.  Fork the project
+2.  Check out the `main` branch
+3.  Create a feature branch
+4.  Write code and tests for your change
+5.  From your branch, make a pull request against `{{ cookiecutter.project_org }}/{{ cookiecutter.project_repo_name }}/main`
+6.  Work with repo maintainers to get your change reviewed
+7.  Wait for your change to be pulled into `{{ cookiecutter.project_org }}/{{ cookiecutter.project_repo_name }}/main`
+8.  Delete your feature branch
+-->
+ 
+ ### Testing Conventions
+ <!--- TODO: Discuss where tests can be found, how they are run, and what kind of tests/coverage strategy and goals the project has. --> 
+ 
+ ### Coding Style and Linters
+ <!--- TODO: HIGHLY ENCOURAGED. Specific tools will vary between different languages/frameworks (e.g. Black for python, eslint for JavaScript, etc...)
+1. Mention any style guides you adhere to (e.g. pep8, etc...)
+2. Mention any linters your project uses (e.g. flake8, jslint, etc...)
+3. Mention any naming conventions your project uses (e.g. Semantic Versioning, CamelCasing, etc...)
+4. Mention any other content guidelines the project adheres to (e.g. plainlanguage.gov, etc...)
+--> 
+ 
+ ### Writing Issues
+ <!--- TODO: Example Issue Guides
+ When creating an issue please try to adhere to the following format:
+ module-name: One line summary of the issue (less than 72 characters)
+ ### Expected behavior
+ As concisely as possible, describe the expected behavior.
+ ### Actual behavior
+ As concisely as possible, describe the observed behavior.
+ ### Steps to reproduce the behavior
+ List all relevant steps to reproduce the observed behavior.
+ see our .github/ISSUE_TEMPLATE.md for more examples.
+ -->
+ 
+ ## Documentation
+ <!-- TODO: Documentation Example
+ We also welcome improvements to the project documentation or to the existing docs. Please file an [issue](https://github.com/{{ cookiecutter.project_org }}/{{ cookiecutter.project_repo_name }}/issues).
+ --> 
+ 
+ ## Policies
+ 
+ ### Open Source Policy
+ We adhere to the [CMS Open Source Policy](https://github.com/CMSGov/cms-open-source-policy). If you have any questions, just [shoot us an email](mailto:opensource@cms.hhs.gov).
+ 
+ ### Security and Responsible Disclosure Policy
+ *Submit a vulnerability:* Vulnerability reports can be submitted through [Bugcrowd](https://bugcrowd.com/cms-vdp). Reports may be submitted anonymously. If you share contact information, we will acknowledge receipt of your report within 3 business days.
+ For more information about our Security, Vulnerability, and Responsible Disclosure Policies, see [SECURITY.md](SECURITY.md).
+ 
+ ## Public Domain
+ This project is in the public domain within the United States, and copyright and related rights in the work worldwide are waived through the [CC0 1.0 Universal public domain dedication](https://creativecommons.org/publicdomain/zero/1.0/) as indicated in [LICENSE](LICENSE).
+ All contributions to this project will be released under the CC0 dedication. By submitting a pull request or issue, you are agreeing to comply with this waiver of copyright interest.
diff --git a/README.md b/README.md
index cb338d2..40abd67 100644
--- a/README.md
+++ b/README.md
@@ -18,3 +18,27 @@ npm start
 ```
 
 [pat]: (https://github.com/settings/tokens)
+ 
+ ## About the Project
+ <!-- Provide a description of the project's purpose and functionality. --> 
+ 
+ ## Core Team
+ An up-to-date list of core team members can be found in [MAINTAINERS.md](MAINTAINERS.md). At this time, the project is still building the core team and defining roles and responsibilities. We are eagerly seeking individuals who would like to join the community and help us define and fill these roles. 
+ 
+ ## Policies
+ 
+ ### Open Source Policy
+ We adhere to the [CMS Open Source Policy](https://github.com/CMSGov/cms-open-source-policy). If you have any questions, just [shoot us an email](mailto:opensource@cms.hhs.gov). 
+ 
+ ### Security and Responsible Disclosure Policy
+ *Submit a vulnerability:* Vulnerability reports can be submitted through [Bugcrowd](https://bugcrowd.com/cms-vdp). Reports may be submitted anonymously. If you share contact information, we will acknowledge receipt of your report within 3 business days.
+For more information about our Security, Vulnerability, and Responsible Disclosure Policies, see [SECURITY.md](SECURITY.md). 
+ 
+ ## Public Domain
+ This project is in the public domain within the United States, and copyright and related rights in the work worldwide are waived through the [CC0 1.0 Universal public domain dedication](https://creativecommons.org/publicdomain/zero/1.0/) as indicated in [LICENSE](LICENSE).
+All contributions to this project will be released under the CC0 dedication. By submitting a pull request or issue, you are agreeing to comply with this waiver of copyright interest.
+ 
+ ### Software Bill of Materials (SBOM)
+A Software Bill of Materials (SBOM) is a formal record containing the details and supply chain relationships of various components used in building software.
+In the spirit of [Executive Order 14028 - Improving the Nation's Cyber Security](https://www.gsa.gov/technology/it-contract-vehicles-and-purchasing-programs/information-technology-category/it-security/executive-order-14028), a SBOM for this repository is provided here: https://github.com/{repo_org}/{repo_name}/network/dependencies.
+For more information and resources about SBOMs, visit: https://www.cisa.gov/sbom.
\ No newline at end of file