From 198e488f8066b8c2406682297887a29a1a12b222 Mon Sep 17 00:00:00 2001
From: Natalia Luzuriaga <natalia.luzuriaga@cms.hhs.gov>
Date: Mon, 26 Aug 2024 13:55:51 -0400
Subject: [PATCH 1/2] Updated VDP text in README and changed location of
 repometrics to .github directory

Signed-off-by: Natalia Luzuriaga <natalia.luzuriaga@cms.hhs.gov>
---
 {repometrics => .github/repometrics}/cookiecutter.json | 10 ++++------
 .../repometrics}/hooks/post_gen_project.sh             |  4 ++--
 .../{{cookiecutter.project_type}}/code.json            | 10 ++++++++++
 README.md                                              |  6 +-----
 repometrics/{{cookiecutter.project_type}}/code.json    | 10 ----------
 5 files changed, 17 insertions(+), 23 deletions(-)
 rename {repometrics => .github/repometrics}/cookiecutter.json (63%)
 rename {repometrics => .github/repometrics}/hooks/post_gen_project.sh (88%)
 create mode 100644 .github/repometrics/{{cookiecutter.project_type}}/code.json
 delete mode 100644 repometrics/{{cookiecutter.project_type}}/code.json

diff --git a/repometrics/cookiecutter.json b/.github/repometrics/cookiecutter.json
similarity index 63%
rename from repometrics/cookiecutter.json
rename to .github/repometrics/cookiecutter.json
index 162b0a8..461520e 100644
--- a/repometrics/cookiecutter.json
+++ b/.github/repometrics/cookiecutter.json
@@ -1,18 +1,16 @@
 {
-    "project_type" : ["Package", "Website", "Standards", "Libraries", "Data", "Apps", "Tools", "APIs"],
+    "project_type" : ["Package", "Website", "Standards", "Libraries", "Data", "Apps", "Tools", "APIs", "Docs"],
     "user_input": ["Yes", "No"],
-    "project_fisma_level": ["Low", "Moderate", "High"],
+    "fisma_level": ["Low", "Moderate", "High"],
     "group": "CMS/OA/DSAC",
     "subset_in_healthcare": "Policy, Operational",
     "user_type": "Providers, Patients, Government",
     "repository_host": ["Github.com", "GitHub ENT", "GitHub Cloud", "GitLab.com", "GitLab ENT", "GitLab ENT CCSQ"],
-    "maturity_model_tier": ["1", "2", "3", "4"],
     "__prompts__": {
         "group": "Which group is the project part of?",
         "subset_in_healthcare": "Which subset of healthcare does the project belong to?",
         "user_type": "Who are the intended users?",
-        "user_input": "Does the project accept user input? (e.g. allows user to query a database, allows login by users, etc.)",
-        "repository_host": "Where is the repository hosted?",
-        "maturity_model_tier": "What maturity model tier is your project classified as?"
+        "user_input": "Does the project accept user input? (e.g. allows user to query a database, allows login by users, upload files, etc.)",
+        "repository_host": "Where is the repository hosted?"
     }
 }
\ No newline at end of file
diff --git a/repometrics/hooks/post_gen_project.sh b/.github/repometrics/hooks/post_gen_project.sh
similarity index 88%
rename from repometrics/hooks/post_gen_project.sh
rename to .github/repometrics/hooks/post_gen_project.sh
index 7946bf2..f551af9 100644
--- a/repometrics/hooks/post_gen_project.sh
+++ b/.github/repometrics/hooks/post_gen_project.sh
@@ -14,11 +14,11 @@ fi
 project_type="{{cookiecutter.project_type}}"
 sub_project_dir="${project_type}"
 repometrics_file="code.json"
-parent_dir="./"
+project_root_dir="../"
 
 if [ -f "${sub_project_dir}/${repometrics_file}" ]; then  
   # Move code.json file to parent directory
-  mv "${sub_project_dir}/${repometrics_file}" "${parent_dir}"
+  mv "${sub_project_dir}/${repometrics_file}" "${project_root_dir}"
   
   # Check if the move was successful
   if [ $? -eq 0 ]; then    
diff --git a/.github/repometrics/{{cookiecutter.project_type}}/code.json b/.github/repometrics/{{cookiecutter.project_type}}/code.json
new file mode 100644
index 0000000..67432dd
--- /dev/null
+++ b/.github/repometrics/{{cookiecutter.project_type}}/code.json
@@ -0,0 +1,10 @@
+{
+    "projectType": "{{ cookiecutter.project_type }}",
+    "userInput": "{{ cookiecutter.user_input }}",
+    "fismaLevel": "{{ cookiecutter.fisma_level }}",
+    "group": "{{ cookiecutter.group }}",
+    "subsetInHealthcare": "{{ cookiecutter.subset_in_healthcare }}",
+    "userType": "{{ cookiecutter.user_type }}",
+    "repositoryHost": "{{ cookiecutter.repository_host }}",
+    "maturityModelTier": "3"
+}
\ No newline at end of file
diff --git a/README.md b/README.md
index b8abf4a..7af2bfc 100644
--- a/README.md
+++ b/README.md
@@ -117,11 +117,7 @@ questions, just [shoot us an email](mailto:opensource@cms.hhs.gov).
 
 ### Security and Responsible Disclosure Policy
 
-*Submit a vulnerability:* Unfortunately, we cannot accept secure submissions via
-email or via GitHub Issues. Please use our website to submit vulnerabilities at
-[https://hhs.responsibledisclosure.com](https://hhs.responsibledisclosure.com).
-HHS maintains an acknowledgements page to recognize your efforts on behalf of
-the American public, but you are also welcome to submit anonymously.
+*Submit a vulnerability:* Vulnerability reports can be submitted through [Bugcrowd](https://bugcrowd.com/cms-vdp). Reports may be submitted anonymously. If you share contact information, we will acknowledge receipt of your report within 3 business days.
 
 For more information about our Security, Vulnerability, and Responsible Disclosure Policies, see [SECURITY.md](SECURITY.md).
 
diff --git a/repometrics/{{cookiecutter.project_type}}/code.json b/repometrics/{{cookiecutter.project_type}}/code.json
deleted file mode 100644
index 0841645..0000000
--- a/repometrics/{{cookiecutter.project_type}}/code.json
+++ /dev/null
@@ -1,10 +0,0 @@
-{
-    "project_type": "{{ cookiecutter.project_type }}",
-    "user_input": "{{ cookiecutter.user_input }}",
-    "project_fisma_level": "{{ cookiecutter.project_fisma_level }}",
-    "group": "{{ cookiecutter.group }}",
-    "subset_in_healthcare": "{{ cookiecutter.subset_in_healthcare }}",
-    "user_type": "{{ cookiecutter.user_type }}",
-    "repository_host": "{{ cookiecutter.repository_host }}",
-    "maturity_model_tier": "{{ cookiecutter.maturity_model_tier }}"
-}
\ No newline at end of file

From dba9939f8125b5b61fce330c93e61a38cf861b5c Mon Sep 17 00:00:00 2001
From: Natalia Luzuriaga <natalia.luzuriaga@cms.hhs.gov>
Date: Mon, 26 Aug 2024 14:00:10 -0400
Subject: [PATCH 2/2] Update VDP text in CONTRIBUTING.md

Signed-off-by: Natalia Luzuriaga <natalia.luzuriaga@cms.hhs.gov>
---
 CONTRIBUTING.md | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 49ce9b5..4a5c79f 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -174,11 +174,7 @@ questions, just [shoot us an email](mailto:opensource@cms.hhs.gov).
 
 ### Security and Responsible Disclosure Policy
 
-*Submit a vulnerability:* Unfortunately, we cannot accept secure submissions via
-email or via GitHub Issues. Please use our website to submit vulnerabilities at
-[https://hhs.responsibledisclosure.com](https://hhs.responsibledisclosure.com).
-HHS maintains an acknowledgements page to recognize your efforts on behalf of
-the American public, but you are also welcome to submit anonymously.
+*Submit a vulnerability:* Vulnerability reports can be submitted through [Bugcrowd](https://bugcrowd.com/cms-vdp). Reports may be submitted anonymously. If you share contact information, we will acknowledge receipt of your report within 3 business days.
 
 For more information about our Security, Vulnerability, and Responsible Disclosure Policies, see [SECURITY.md](SECURITY.md).