🤝 Contributing to SecureChain
We welcome contributions from the community! Whether you’re fixing bugs, improving documentation, or developing new features, your help is appreciated.
📦 Repositories
This guide applies to all repositories under the securechaindev organization, including:
Depex – Dependency explorer & vulnerability detector
VEXGen – Automated VEX document generator
✅ Before You Start
Read the README.md of the repository you’re contributing to.
Check open issues or create one if you’re proposing something new.
Fork the repository and clone it locally.
Make sure you have the prerequisites installed.
🛠️ Development Setup
Example for Depex:
git clone https://github.com/your-username/depex.git cd depex python -m venv depex-venv source depex-venv/bin/activate pip install -r requirements.txt docker compose up –build
🚀 How to Contribute
-
Fork & Clone Click the Fork button on GitHub and clone your copy: git clone https://github.com/your-username/depex.git
-
Create a Branch Use a descriptive name: git checkout -b fix/missing-dependency-warning
-
Make Changes Focus on clarity and modularity.
-
Lint The repos support using ruff
-
Commit Changes Follow conventional commits when possible: git commit -m “fix: Warn on missing indirect imports”
-
Push & Open Pull Request git push origin fix/missing-dependency-warning Then go to GitHub and open a pull request from your branch.
🗂️ Code Style
Python: follow PEP8
Use the linter ruff.
💬 Communication
Ask questions via GitHub Discussions or issues.
Tag a maintainer when needed.
Be kind, constructive, and respectful to all contributors.
📜 License
By contributing, you agree that your contributions will be licensed under the same license as the project (typically GNU GPL).
🙌 Thank You!
Your contributions help improve the security of the global software supply chain. We’re glad to have you with us.