Docs: New VDP policy and repometrics directory

repometrics/cookiecutter.json → .github/repometrics/cookiecutter.json

@@ -1,18 +1,16 @@
 {
-    "project_type" : ["Package", "Website", "Standards", "Libraries", "Data", "Apps", "Tools", "APIs"],
+    "project_type" : ["Package", "Website", "Standards", "Libraries", "Data", "Apps", "Tools", "APIs", "Docs"],
     "user_input": ["Yes", "No"],
-    "project_fisma_level": ["Low", "Moderate", "High"],
+    "fisma_level": ["Low", "Moderate", "High"],
     "group": "CMS/OA/DSAC",
     "subset_in_healthcare": "Policy, Operational",
     "user_type": "Providers, Patients, Government",
     "repository_host": ["Github.com", "GitHub ENT", "GitHub Cloud", "GitLab.com", "GitLab ENT", "GitLab ENT CCSQ"],
-    "maturity_model_tier": ["1", "2", "3", "4"],
     "__prompts__": {
         "group": "Which group is the project part of?",
         "subset_in_healthcare": "Which subset of healthcare does the project belong to?",
         "user_type": "Who are the intended users?",
-        "user_input": "Does the project accept user input? (e.g. allows user to query a database, allows login by users, etc.)",
-        "repository_host": "Where is the repository hosted?",
-        "maturity_model_tier": "What maturity model tier is your project classified as?"
+        "user_input": "Does the project accept user input? (e.g. allows user to query a database, allows login by users, upload files, etc.)",
+        "repository_host": "Where is the repository hosted?"
     }
 }

repometrics/hooks/post_gen_project.sh → .github/repometrics/hooks/post_gen_project.sh

@@ -14,11 +14,11 @@ fi
 project_type="{{cookiecutter.project_type}}"
 sub_project_dir="${project_type}"
 repometrics_file="code.json"
-parent_dir="./"
+project_root_dir="../"
 
 if [ -f "${sub_project_dir}/${repometrics_file}" ]; then  
   # Move code.json file to parent directory
-  mv "${sub_project_dir}/${repometrics_file}" "${parent_dir}"
+  mv "${sub_project_dir}/${repometrics_file}" "${project_root_dir}"
 
   # Check if the move was successful
   if [ $? -eq 0 ]; then    

.github/repometrics/{{cookiecutter.project_type}}/code.json

@@ -0,0 +1,10 @@
+{
+    "projectType": "{{ cookiecutter.project_type }}",
+    "userInput": "{{ cookiecutter.user_input }}",
+    "fismaLevel": "{{ cookiecutter.fisma_level }}",
+    "group": "{{ cookiecutter.group }}",
+    "subsetInHealthcare": "{{ cookiecutter.subset_in_healthcare }}",
+    "userType": "{{ cookiecutter.user_type }}",
+    "repositoryHost": "{{ cookiecutter.repository_host }}",
+    "maturityModelTier": "3"
+}

CONTRIBUTING.md

@@ -174,11 +174,7 @@ questions, just [shoot us an email](mailto:opensource@cms.hhs.gov).
 
 ### Security and Responsible Disclosure Policy
 
-*Submit a vulnerability:* Unfortunately, we cannot accept secure submissions via
-email or via GitHub Issues. Please use our website to submit vulnerabilities at
-[https://hhs.responsibledisclosure.com](https://hhs.responsibledisclosure.com).
-HHS maintains an acknowledgements page to recognize your efforts on behalf of
-the American public, but you are also welcome to submit anonymously.
+*Submit a vulnerability:* Vulnerability reports can be submitted through [Bugcrowd](https://bugcrowd.com/cms-vdp). Reports may be submitted anonymously. If you share contact information, we will acknowledge receipt of your report within 3 business days.
 
 For more information about our Security, Vulnerability, and Responsible Disclosure Policies, see [SECURITY.md](SECURITY.md).
 

README.md

@@ -117,11 +117,7 @@ questions, just [shoot us an email](mailto:opensource@cms.hhs.gov).
 
 ### Security and Responsible Disclosure Policy
 
-*Submit a vulnerability:* Unfortunately, we cannot accept secure submissions via
-email or via GitHub Issues. Please use our website to submit vulnerabilities at
-[https://hhs.responsibledisclosure.com](https://hhs.responsibledisclosure.com).
-HHS maintains an acknowledgements page to recognize your efforts on behalf of
-the American public, but you are also welcome to submit anonymously.
+*Submit a vulnerability:* Vulnerability reports can be submitted through [Bugcrowd](https://bugcrowd.com/cms-vdp). Reports may be submitted anonymously. If you share contact information, we will acknowledge receipt of your report within 3 business days.
 
 For more information about our Security, Vulnerability, and Responsible Disclosure Policies, see [SECURITY.md](SECURITY.md).