Updated core documentation.

.github/CONTENTS.md

@@ -2,6 +2,7 @@
 
 This directory contains supporting files for the project's GitHub repository. The structure and contents of the directory are as follows:
 
-* [ISSUE_TEMPLATE](ISSUE_TEMPLATE): This directory contains several templates for creating new issues in GitHub.
-* [issue_template.md](issue_template.md): This file contains a template for creating a new issue in GitHub containing a user story.
-* [PULL_REQUEST_TEMPLATE.md](issue_template.md): This file contains a template to be filled out for each GitHub pull request by the person submitting it.
+- [ISSUE_TEMPLATE](ISSUE_TEMPLATE): This directory contains several templates for creating new issues in GitHub.
+- [issue_template.md](issue_template.md): This file contains a template for creating a new issue in GitHub containing a user story.
+- [PULL_REQUEST_TEMPLATE.md](issue_template.md): This file contains a template to be filled out for each GitHub pull request by the person submitting it.
+- [dependabot.yml](dependabot.yml): GitHub Dependabot [configuration](https://docs.github.com/en/code-security/dependabot/dependabot-version-updates).

.github/ISSUE_TEMPLATE/1-feature_request.yml

@@ -0,0 +1,43 @@
+
+
+name: Feature Request
+description: Suggest an idea for this project
+labels: ['User Story', 'enhancement']
+body:
+  - type: textarea
+    id: story
+    attributes:
+      label: User Story
+      description: Describe the feature from the user's perspective.
+      placeholder: |
+        As a {stakeholder}, I {provide a clear and concise description of what the problem is. Ex. I need to be able to ...}
+    validations:
+      required: true
+  - type: textarea
+    id: goals
+    attributes:
+      label: Goals
+      description: Describe what you want to happen. This should be outcome focused. Include descriptions of any alternative solutions or features you've considered. Feel free to include any screenshots or examples.
+    validations:
+      required: true
+  - type: textarea
+    id: dependencies
+    attributes:
+      label: Dependencies
+      description: Describe any previous issues or related work that must be completed to start or complete this issue.
+  - type: textarea
+    id: acceptance_criteria
+    attributes:
+      label: Acceptance Criteria
+      description: The items below are general acceptance criteria for all User Stories. Please describe anything else that must be completed for this issue to be considered resolved.
+      value: |
+        - [ ] All website and readme documentation affected by the changes in this issue have been updated.
+        - [ ] A Pull Request (PR) is submitted that fully addresses the goals of this User Story. This issue is referenced in the PR.
+        - [ ] The CI-CD build process runs without any reported errors on the PR. This can be confirmed by reviewing that all checks have passed in the PR.
+    validations:
+      required: true
+  - type: textarea
+    id: revisions
+    attributes:
+      label: Revisions
+      description: If you are creating the issue, this field is not required. When working on the issue, this field is for assigned developers to flag any important changes made to the description, goals, or acceptance criteria needed to complete the work.

.github/ISSUE_TEMPLATE/2-bug_report.yml

@@ -0,0 +1,44 @@
+name: Bug report
+description: Create a report to help us improve
+labels: ['bug']
+body:
+  - type: textarea
+    id: bug-description
+    attributes:
+      label: Describe the bug
+      description: A clear and concise description of what the bug is
+    validations:
+      required: true
+  - type: textarea
+    id: bug-affecting-who
+    attributes:
+      label: Who is the bug affecting
+      description: Describe the stakeholders affected by this bug
+    validations:
+      required: true
+  - type: textarea
+    id: bug-replication
+    attributes:
+      label: How do we replicate this issue
+      description: What are the steps to reproduce this behavior (use screenshots if applicable)
+      placeholder: |
+        1. Do this...
+        2. Then this...
+        3. See error...
+    validations:
+      required: true
+  - type: textarea
+    id: bug-solution
+    attributes:
+      label: Expected behavior (i.e. solution)
+      description: A clear and concise description of what you expected to happen
+    validations:
+      required: true
+  - type: textarea
+    id: bug-comments
+    attributes:
+      label: Other comments
+      description: |
+        Add any other context about the problem here.
+    validations:
+      required: false

.github/ISSUE_TEMPLATE/README.md

@@ -1,7 +1,6 @@
-# OSCAL GitHub Issue Template Files
+# GitHub Issue Template Files
 
 This directory contains templates for creating new project issues in GitHub. The structure and contents of the directory are as follows:
 
 * [bug_report.md](bug_report.md): This file contains a template for creating a new issue in GitHub to report a bug.
-* [question.md](question.md): This file contains a template for creating a new issue in GitHub containing a general question about the project.
 * [feature_request.md](feature_request.md): This file contains a template for creating a new issue in GitHub containing a user story.

.github/ISSUE_TEMPLATE/config.yml

@@ -0,0 +1 @@
+blank_issues_enabled: false

.github/PULL_REQUEST_TEMPLATE.md

@@ -5,10 +5,12 @@
 ### All Submissions:
 
 - [ ] Have you selected the correct base branch per [Contributing](https://github.com/metaschema-framework/oscal-cli/blob/main/CONTRIBUTING.md) guidance?
-- [ ] Have you set "[Allow edits and access to secrets by maintainers](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/working-with-forks/allowing-changes-to-a-pull-request-branch-created-from-a-fork)"?
-- [ ] Have you checked to ensure there aren't other open [Pull Requests](https://github.com/metaschema-framework/oscal-cli/pulls) for the same update/change?
+- [ ] Have you followed the guidelines in our [Contributing](https://github.com/metaschema-framework/liboscal-java/blob/main/CONTRIBUTING.md) document?
+- [ ] Have you checked to ensure there aren't other open [Pull Requests](https://github.com/metaschema-framework/liboscal-java/pulls) for the same update/change?
 - [ ] Have you squashed any non-relevant commits and commit messages? \[[instructions](https://git-scm.com/book/en/v2/Git-Tools-Rewriting-History)\]
-- [ ] Do all automated CI/CD checks pass?
+- [ ] Have you set "[Allow edits and access to secrets by maintainers](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/working-with-forks/allowing-changes-to-a-pull-request-branch-created-from-a-fork)"?
+
+By submitting a pull request, you are agreeing to provide this contribution under the [CC0 1.0 Universal public domain](https://creativecommons.org/publicdomain/zero/1.0/) dedication.
 
 ### Changes to Core Features:
 

.github/workflows/build.yml

@@ -30,20 +30,25 @@ env:
   MAVEN_VERSION: 3.9.8
   JAVA_DISTRO: 'temurin'
   JAVA_VERSION_FILE: .java-version
+  # Post Maven artifacts to the artifact repo if the branch is 'develop' or 'release/*'. This avoids publishing artifacts for pull requests
+  COMMIT_MAVEN_ARTIFACTS: ${{ (github.ref == 'refs/heads/develop' || startsWith(github.ref, 'refs/heads/release/')) && github.repository_owner == 'metaschema-framework' }}
+  # Upload CodeQL results if the branch is 'develop' or 'release/*' or a pull request targeting these branches.
+  UPLOAD_CODEQL: ${{ ((github.ref == 'refs/heads/develop' || startsWith(github.ref, 'refs/heads/release/')) || (github.event_name == 'pull_request' && (github.base_ref == 'refs/heads/develop' || startsWith(github.base_ref, 'refs/heads/release/')))) && 'always' || 'never' }}
 jobs:
   build-code:
     name: Code
     runs-on: ubuntu-20.04
     permissions:
       actions: read
-      contents: write
+      contents: read
       security-events: write
     steps:
     - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
       with:
         submodules: recursive
         filter: tree:0
     - name: Checkout maven2 branch
+      if: env.COMMIT_MAVEN_ARTIFACTS == 'true'
       uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
       with:
         path: maven2
@@ -73,22 +78,23 @@ jobs:
     # Maven Build
     # -------------------------
     - name: Build and Test Code
-      run: | 
+      run: |
         mvn -B -e -Prelease -Psnapshots -DaltDeploymentRepository=repo-snapshot::file://${GITHUB_WORKSPACE}/maven2/ -DaltSnapshotDeploymentRepository=repo-snapshot::file://${GITHUB_WORKSPACE}/maven2/ -DrepositoryId=repo-snapshot deploy
     - name: Deploy Artifacts
-      if: (github.ref == 'refs/heads/develop' || startsWith(github.ref, 'refs/heads/release/')) && github.repository_owner == 'metaschema-framework'
+      if: env.COMMIT_MAVEN_ARTIFACTS == 'true'
       run: |
+        MVN_COORDS=$(echo '${project.groupId}:${project.artifactId}:${project.version}' | mvn -N -q -DforceStdout help:evaluate)
         cd maven2
-        git pull -r --autostash
+        git pull -r -s ours --autostash
         git add -A
-        git config user.name "$(git log -n 1 --pretty=format:%an)"
-        git config user.email "$(git log -n 1 --pretty=format:%ae)"
-        git commit -m "[CI SKIP] Deploying artifacts."
+        git config user.name "GitHub Action"
+        git config user.email "[email protected]"
+        git commit -m "[CI SKIP] Deploying artifacts for $MVN_COORDS."
         git push
     - name: Perform CodeQL Analysis
       uses: github/codeql-action/analyze@662472033e021d55d94146f66f6058822b0b39fd
       with:
-        upload: ${{ ((github.ref == 'refs/heads/develop' || startsWith(github.ref, 'refs/heads/release/')) || (github.event_name == 'pull_request' && (github.base_ref == 'refs/heads/develop' || startsWith(github.base_ref, 'refs/heads/release/')))) && 'always' || 'never' }}
+        upload: ${{ env.UPLOAD_CODEQL }}
   build-website:
     name: Website
     runs-on: ubuntu-20.04
@@ -111,7 +117,7 @@ jobs:
       uses: actions/setup-java@8df1039502a15bceb9433410b1a100fbe190c53b
       with:
         java-version-file: ${{ env.JAVA_VERSION_FILE }}
-        distribution:  ${{ env.JAVA_DISTRO }}
+        distribution: ${{ env.JAVA_DISTRO }}
         cache: 'maven'
     # -------------------------
     # Maven Build

.github/workflows/issue-triage.yaml

@@ -1,12 +1,10 @@
 name: Triage Board Management
-
 on:
   issues:
     types:
       - opened
       - reopened
       - transferred
-
 jobs:
   add-to-project:
     name: Add issue to project
@@ -15,4 +13,4 @@ jobs:
       - uses: actions/add-to-project@244f685bbc3b7adfa8466e08b698b5577571133e
         with:
           project-url: https://github.com/orgs/metaschema-framework/projects/1
-          github-token: ${{ secrets.COMMIT_TOKEN }}
+          github-token: ${{ secrets.ACCESS_TOKEN }}

CODE_OF_CONDUCT.md

@@ -1,5 +1,7 @@
 # Contributor Covenant Code of Conduct
 
+The following is offered as standard code of conduct to which all contributors are assumed to be committed.
+
 ## Our Pledge
 
 In the interest of fostering an open and welcoming environment, we as contributors and maintainers pledge to making participation in our project and our community a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, gender identity and expression, level of experience, nationality, personal appearance, race, religion, or sexual identity and orientation.

SECURITY.md

@@ -0,0 +1,18 @@
+# Reporting Security Issues
+
+The Metaschema Framework team and community take security bugs in our software seriously. We appreciate your efforts to responsibly disclose your findings, and will make every effort to acknowledge your contributions.
+
+To report a security issue, please use the GitHub Security Advisory ["Report a Vulnerability"](https://github.com/metaschema-framework/oscal-cli/security/advisories/new) tab.
+
+The Metaschema Framework  team will send a response indicating the next steps in handling your report. After the initial reply to your report, the security team will keep you informed of the progress towards a fix and full announcement, and may ask for additional information or guidance.
+
+Report security bugs in third-party modules to the person or team maintaining the module.
+
+## Supported Versions
+
+The following versions of the code in this repository are supported.
+
+| Version   | Supported          |
+| --------- | ------------------ |
+| `2.x.x`   | :white_check_mark: |
+| < `2.0.0` | :x:                |