diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS new file mode 100644 index 000000000..953ff7845 --- /dev/null +++ b/.github/CODEOWNERS @@ -0,0 +1,4 @@ + +# These owners will be the default owners for everything in the repo. +* @0xPolygon/dev-tools +* @praetoriansentry \ No newline at end of file diff --git a/.github/workflows/security-build.yml b/.github/workflows/security-build.yml new file mode 100644 index 000000000..f498bfe59 --- /dev/null +++ b/.github/workflows/security-build.yml @@ -0,0 +1,23 @@ +--- +name: Security Build +on: + push: + branches: + - main + workflow_dispatch: {} + pull_request: + types: [opened, synchronize, reopened] + +jobs: + sonarcloud: + name: SonarCloud + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + with: + fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis + - name: SonarCloud Scan + uses: SonarSource/sonarcloud-github-action@master + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 000000000..d8e87e74e --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,17 @@ +# Polygon Technology Security Information + +## Link to vulnerability disclosure details (Bug Bounty). +- Websites and Applications: https://hackerone.com/polygon-technology +- Smart Contracts: https://immunefi.com/bounty/polygon + +## Languages that our team speaks and understands. +Preferred-Languages: en + +## Security-related job openings at Polygon. +https://polygon.technology/careers + +## Polygon security contact details. +security@polygon.technology + +## The URL for accessing the security.txt file. +Canonical: https://polygon.technology/security.txt diff --git a/sonar-project.properties b/sonar-project.properties new file mode 100644 index 000000000..ea98aef63 --- /dev/null +++ b/sonar-project.properties @@ -0,0 +1,2 @@ +sonar.projectKey=kurtosis-cdk +sonar.organization=0xPolygon \ No newline at end of file