update: contributing guideline

Author: cyberchen1995

CONTRIBUTING-zh_CN.md

@@ -1,41 +1,83 @@
-# OpenSCA-cli 贡献指南
-
 [中文](./CONTRIBUTING-zh_CN.md) | [English](./CONTRIBUTING.md)
 
-我们非常欢迎任何人对 OpenSCA-cli 提出改进建议，提交 bug 报告，或者提交新功能的 pull request。本指南将会帮助您了解如何为 OpenSCA-cli 做出贡献。
+# 贡献指南（中文版）
+
+## OpenSCA项目贡献指南 v1.0
+
+OpenSCA项目是由悬镜安全团队首发的开源的软件成分分析工具。身处紧锣密鼓的研发节奏及开源代码和软件广泛应用的大环境中，面对日益严峻的软件供应链安全问题，我们的愿景是用开源的方式做开源风险治理。欢迎朋友们成为OpenSCA社区的一份子，与我们共同建设OpenSCA项目的未来，探索充满无限可能的开源解决方案。
+
+我们珍视一切形式的贡献，包括但不限于：
+
+- 对已有代码的检查
+- 说明文档及部署案例
+- 通过社群渠道及Issue板块参与社区讨论
+- 提升OpenSCA项目功能的切实努力
+- 有益项目长远发展的经验分享、使用指导、专题交流等
+
+为了帮助大家更有效地参与到各个方面的贡献中来，我们拟定了一份贡献指南，并会参照项目的发展情况定期更新完善。这份指南包括以下几个部分：
+
+- 社区行为守则及贡献体系
+- 如何提出BUG
+- BUG类型划分
+- 贡献代码
+- 代码规范
+
+### 社区行为守则及贡献体系
+
+OpenSCA社区旨在营造贡献者友好的氛围，开放、包容、尊重他人的环境需要大家共同努力去创造和维持。不恰当的行为将会受到警告甚至惩罚。
+
+#### **行为守则**
+
+OpenSCA社区关心每位社区成员的体验；为了共同营造良好的社区氛围，请您提前阅读我们的[行为守则](https://www.contributor-covenant.org/zh-cn/version/2/0/code_of_conduct/)，并在参与时多多留意。
+
+#### 社区贡献体系
+
+OpenSCA社区尚处于起步阶段，由悬镜安全OpenSCA项目团队管理。随着社区的发展，我们欢迎并期待更多的朋友们为社区做出贡献，成为项目团队的一员，和我们一起维护社区系统的运转。
+
+暂行的贡献体系初步分代码和积分两个部分；**代码方面**，通过PR向我们提交代码并被采纳后即可成为我们的Contributor，将可作为OpenSCA项目的成员参与到进一步的项目功能规划和落实、BUG判定、PR审核和Contributor认证中来。
+
+**积分方面**，除贡献代码之外，积极参与社区的BUG报告、技术讨论、使用分享也可获得积分，积攒的积分可以定期兑换奖品。积分评定和奖品兑换的详细规则可能会随不同的活动时段发生变化。目前的详细规则请参考“播种计划”第一期的设置。
+
+### 如何提出BUG
+
+如果您在部署或使用OpenSCA时发现了BUG，可以在Issue板块提出；如果您对我们已经上传的公开文档中的内容有疑惑，可以直接发送邮件到 [Opensca@anpro-tech.com](mailto:Opensca@anpro-tech.com)，也可通过OpenSCA社区微信公众号、微信群、QQ群等渠道联系我们。
+
+在提出BUG之前，您需要先确认您部署的是OpenSCA的最新版本，然后浏览Issue板块，确认该BUG没有被其他人提出过。以上步骤确认无误后，您可以在Issue板块提出您发现的BUG，等待项目成员或其他社区成员参与讨论或进行处理；也可以提一个PR对它进行修复，然后等待项目成员的审核。
+
+*漏洞问题不适合公开提出或进行讨论，如果您发现了OpenSCA的安全漏洞，请发送相关信息到[Opensca@anpro-tech.com](mailto:Opensca@anpro-tech.com)与我们取得联系。
+
+### BUG类型划分
+
+不同的BUG对用户使用OpenSCA的影响是不同的。根据这种差别，我们暂时把BUG分为以下三类：
+
+**主要BUG**：影响主要功能（Java、PHP等语言的组件解析、漏洞识别）
+
+**一般BUG**：不影响功能，只影响使用体验
+
+**伪BUG**：由于操作或使用非最新版本导致的使用问题
+
+主要BUG需要优先修复，项目成员会积极跟进；如果您有修复方案，也欢迎您提出PR，等待项目成员审核确认。项目成员会通过对某些部分的代码进行微调来处理一般BUG，对于伪BUG，我们也会及时进行回复，帮助您找出您操作中的疏漏，以便您更好地使用OpenSCA。
 
-## 报告问题
+### 贡献代码
 
-如果您在使用 OpenSCA-cli 时遇到问题，请在 GitHub 的 Issues 页面提交问题报告。在提交问题报告时，请尽可能详细地描述问题，包括：
+OpenSCA项目需要通过您的代码贡献实现维护、完善和功能拓展；贡献代码的主要形式是提交PR。
 
-- 您在做什么时遇到了问题
-- 您期望看到的结果是什么
-- 实际发生了什么
-- 错误信息（如果有的话）
-- 您使用的操作系统和版本
-- 您使用的 OpenSCA-cli 版本
-- 请尽量提供复现问题的步骤，这将有助于我们更快地理解和解决问题。
+您可以为BUG修复和功能提升提出PR，项目成员会对您的PR进行审核。为了提高审核的效率，我们希望您参照项目的代码规范来组织您的PR，每个PR专注一个问题，并尽量提升您代码的可读性，如果能附上一些说明更佳。
 
-## 提交改进建议
+**如果是关于BUG修复的PR**，在满足规范的基础上，审核标准将主要关注代码质量；
 
-如果您有任何改进 OpenSCA-cli 的建议，也欢迎您在 Issues 页面提交。在您提交改进建议时，请详细说明您的建议，以及为什么这样做可以改善 OpenSCA-cli。
+**如果是关于功能提升的PR**，在满足规范的基础上，审核标准将围绕代码质量、功能创新性、功能实现度和算法潜力这几个方面。
 
-## 提交 Pull Request
+项目成员审核完毕并决定采纳您的代码之后，我们会与您取得联系，并邀请您签署贡献者许可协议（CLA），将您的代码所有权授予OpenSCA项目。
 
-如果您想为 OpenSCA-cli 添加新功能或修复 bug，您可以 fork 项目，然后在您的分支上进行修改，最后提交 pull request。
+协议签署完毕后，您的代码贡献会成为OpenSCA项目的一部分，您也会成为我们的Contributor，将可以作为项目成员参与进一步的项目功能规划和落实、BUG判定、PR审核和Contributor认证等过程。
 
-在提交 pull request 之前，请确保您的代码满足以下要求：
 
-- 符合项目的代码风格
-- 有充分的测试
-- 更新了相关文档（如果有的话）
-- 无合并冲突
-- 在提交 pull request 时，请详细说明您所做的修改，以及为什么要做这些修改。如果您的 pull request 是为了解决一个 issue，请在 pull request 中引用该 issue。
+---
 
-我们的维护者将会尽快查看您的 pull request，如果一切都符合要求，我们会合并您的代码，并且您将会在项目的贡献者名单中看到自己的名字。
 
-## 贡献者行为准则
+我们感激每位贡献者对OpenSCA做出的贡献。
 
-我们希望 OpenSCA 的社区是一个开放和包容的环境。因此，我们要求所有的贡献者遵守我们的行为准则。请在参与项目之前阅读并理解这些准则。
+再次感谢您对OpenSCA的关注和对我们理念的认可。
 
-请记住，您的贡献是对 OpenSCA 社区的价值和影响力的直接体现，我们对您的贡献表示深深的感谢。
+贡献指南的英文版本请见 [Contributing Guideline-en v.1.0](./Contributing_Guideline-v1.0.md)。

CONTRIBUTING.md

@@ -1,42 +1,83 @@
-# Contributing Guide for OpenSCA-cli
-
 [中文](./CONTRIBUTING-zh_CN.md) | [English](./CONTRIBUTING.md)
 
-We warmly welcome anyone who wants to provide improvement suggestions, submit bug reports, or submit new feature pull requests for OpenSCA-cli. This guide will help you understand how to make contributions to OpenSCA-cli.
+# Contributing Guideline-en
+
+## Contribution Guideline on OpenSCA Project v1.0
+
+OpenSCA project is an open-source tool of software composition analysis originally developed by X-mirror. Situated in the fast-paced rhythm of development and an environment where open-source code and software are widely applied, the security problem of the software supply chain is glaring. To rise to the challenges, our solution is to manage the open-source risks through our open-source project. Everyone is warmly welcomed to be part of our community, constructing the future of OpenSCA project and fulfilling the potential of the open-source solution.
+
+We value all forms of contributions, including but not limited to:
+
+- Reviewing of the existing code
+- Documents and examples of deployment
+- Participating in the discussion through “Issue” on Github, our Wechat official account, Wechat group as well as QQ group 
+- Improving the functionality of the project practically 
+- Sharing the experience, offering using tips, and communicating on relevant topics to assist the further development of the project.
+
+To help the one gets interested in contributing to multiple aspects more effectively, we drafted this contribution guideline. It will be updated in accordance with the development of the project. The main parts of this guideline are as follows:
+
+- Code of Conduct and Contributing System
+- Report a BUG
+- Types of BUG
+- Contributing Code
+- Code Standard
+
+### Code of Conduct and Contributing System
+
+OpenSCA community aims to create a contributor-friendly atmosphere, where the open and inclusive environment of mutual respect requires our joint effort to build and maintain. The inappropriate behavior would face warnings or even punishments.
+
+#### Code of Conduct
+
+The community cares about the feelings of every member. For the promotion of a favorable atmosphere, please check our [Code of Conduct](https://github.com/XmirrorSecurity/OpenSCA-cli/blob/master/docs/CODE_OF_CONDUCT.md) in advance, and keep it in mind during your participation.
+
+#### Contributing System
+
+The emerging community is now run by OpenSCA project team. As the development of the community, we are expecting more people to make contributions and join our team, maintaining the operation of our community together.
+
+The current contributing system can be roughly divided into two parts: one about code and the other about points. For the code branch, you will become a contributor after contributing code through **Pull Request**s and getting accepted by the team. Then you'll be able to participate in the further plan and implementation for the project, judgment for the BUG, review the PR and verify new contributors.
+
+For the points branch, apart from gaining them through contributing code, it also works to actively get involved in reporting BUG, discussing relevant technology and sharing your experience of using OpenSCA. The points could exchange for gifts. The detailed rules of gaining and exchanging points could differ according to time or diverse activities. Please feel free to throw an email to Opensca@anpro-tech.com for the latest rules. 
+
+### Report a BUG
+
+If you find a BUG while deploying or using OpenSCA, you can report it on "Issue". Should there be any problems with our docs, you can contact us through the aforementioned mailbox.
+
+Before reporting a BUG, it is advised to make sure that the latest version has been deployed. What's more, the BUG might have been reported on "Issue" by the others. If it indeed is a fresh one related to the latest version, you can either report it on "Issue" and wait for other members to deal with it, or make a PR to offer your solution and wait for verification.
+
+*Vulnerabilities are not suitable for open discussion. If you find any security vulnerabilities of OpenSCA, please contact us through the aforementioned mailbox. 
+
+### Types of BUG
+
+Different types of BUG make different influences on the users who use OpenSCA. According to these differences, We classify the BUG into three types:
+
+**Major BUG**: the ones that affect major functionality (the analysis of the components and the identification of vulnerabilities in Java、PHP and other languages )
+
+**Minor BUG**: the ones only cause inconvenience while using without affecting any functionality
+
+**Fake BUG**: the ones which caused by improper operation or using the old version
 
-## Reporting Issues
+The major ones call for the top priority and our members will actively follow-up. But you can submit a PR for fixing it if you have any solution. It will be checked by our members. 
 
-If you encounter issues while using OpenSCA-cli, please submit a bug report on the GitHub Issues page. When submitting a bug report, please describe the issue in as much detail as possible, including:
+We will deal with the minor ones by tweaking parts of the existing code. As for the fake ones, we will reply in "Issue" to help you find the problem so that you can use OpenSCA smoothly.
 
-- What you were doing when the issue occurred
-- What you expected to see
-- What actually happened
-- Error messages (if any)
-- Your operating system and version 
-- Your version of OpenSCA-cli 
+### Contributing Code
 
-Please provide the steps to reproduce the issue, if possible. This will help us understand and solve the problem more quickly.
+Code contributions are indispensable to the maintaining, improving and extension of OpenSCA. It can be done by submitting PR on Github.
 
-## Submitting Improvement Suggestions
+Our team will review your PR, where both fixing a BUG or improving the functionality is welcome. In order to make it more effective, we hope that you can have a look at our code standard before organizing your PR. We advise that make ONE PR for ONE task at once. The readability also matters, so extra pieces of comments will be appreciated.
 
-If you have any suggestions for improving OpenSCA-cli, you are also welcome to submit them on the Issues page. When you submit a suggestion, please explain your suggestion in detail and why it would improve OpenSCA-cli.
+If your PR is about **fixing a BUG**, based on the code standard, we will mainly focus on the quality of your code while verifying your contribution.
 
-## Submitting Pull Requests
+If your PR is about **improving the functionality**, based on the code standard, we will review the code quality, creativity, functionality and algorithm.
 
-If you want to add new features to OpenSCA-cli or fix bugs, you can fork the project, make changes on your branch, and then submit a pull request.
+We will reach out and invite you to sign our CLA (Contributor License Agreement) after we decide to approve your code. As long as CLA get signed, your code contribution will become part of OpenSCA project, and you will be one of our contributors. Contributors can take part in the further plan and implementation of the project, judgment for the BUG, review the PR and verify new contributors.
 
-Before submitting your pull request, please make sure your code meets the following requirements:
 
-- Complies with the project's coding style
-- Has sufficient tests
-- Updates relevant documentation (if any)
-- Has no merge conflicts
-- When submitting your pull request, please explain in detail the changes you made and why you made them. If your pull request is to solve an issue, please refer to the issue in your pull request.
+---
 
-Our maintainers will review your pull request as soon as possible. If everything meets the requirements, we will merge your code, and you will see your name in the list of project contributors.
 
-## Contributor Code of Conduct
+We appreciate all the contributions to OpenSCA.
 
-We hope that the OpenSCA community is an open and welcoming environment. Therefore, we require all contributors to adhere to our code of conduct. Please read and understand these guidelines before participating in the project.
+Thanks again for your interest in OpenSCA and your support for our solution to open source vulnerabilities.
 
-Please remember, your contribution directly reflects the value and influence of the OpenSCA-cli community, and we deeply appreciate your contributions.
+For the Chinese version of our contributing guideline, please check [贡献指南（中文版）v1.0](./Contributing_Guideline-v1.0-zh_CN.md)。

README.md

@@ -314,4 +314,4 @@ QQ技术交流群：832039395
 
 **OpenSCA** 是一款开源的软件成分分析工具，项目成员期待您的贡献。
 
-如果您对此有兴趣，请参考我们的[贡献指南](./docs/贡献指南（中文版）v1.0.md)。
+如果您对此有兴趣，请参考我们的[贡献指南](./docs/Contributing_Guideline-v1.0-zh_CN.md)。