Merge pull request #281 from kevinbackhouse/Contributing

xcorail · web-flow · commit 59bd6967a442 · 2021-03-01T09:16:49.000-08:00
Add Contributing section
diff --git a/README.md b/README.md
@@ -9,6 +9,8 @@ We use it for these main purposes:
 
 ## CodeQL Resources
 
+**This section is yours!** Do you want to share a cool CodeQL query with the community? Or an awesome tutorial or video, or some helpful tooling? Your contributions are welcome. Please open a pull request. See [Contributing](#Contributing) below.
+
 ### Official resources
 
 * [CodeQL documentation](https://codeql.github.com/docs/)
@@ -48,3 +50,15 @@ We use it for these main purposes:
 * Editor plugins
   * [Visual Studio Code](https://marketplace.visualstudio.com/items?itemName=GitHub.vscode-codeql) (Official)
   * [Neovim](https://github.com/pwntester/codeql.nvim)
+
+## Contributing
+
+We welcome contributions to the [CodeQL_Queries](CodeQL_Queries) sub-directory and to the [CodeQL Resources](#codeql-resources) section of this README.
+
+If you have written a cool CodeQL query that you would like to share with the community, then please open a pull request to add it to the [CodeQL_Queries](CodeQL_Queries) sub-directory. Put your query in its own new sub-directory. For example: `CodeQL_Queries/cpp/mynewsubdir/mycoolquery.ql`. Of course, if you think your query might be eligible for a [bounty](https://securitylab.github.com/bounties), then you should open a pull request to the [codeql](https://github.com/github/codeql) repo instead, as we do not offer bounties for queries submitted to this repo. The queries in this repo are usually highly specialized queries that only make sense for a specific codebase, such as queries that specifically target [Chrome](CodeQL_Queries/cpp/Chrome) or [Apache Struts](CodeQL_Queries/java/Apache_Struts_CVE-2018-11776), or utility queries that help you explore your code without necessarily finding a vulnerability. Such queries are inappropriate for the [codeql](https://github.com/github/codeql) repo, which is for general purpose queries only.
+
+If you would like to add a link to the [CodeQL Resources](#codeql-resources) section of this README, to share a nice video or an awesome tool, then just add another bullet point in the appropriate section.
+* Each bullet point should consist of a hyperlinked title and a short description. The short description is optional if the title is already self-explanatory.
+* Please add new bullet points at the bottom of the list. In the future, we may choose some other ordering such as alphabetical but for now it is just a sequential list.
+
+Please see [CONTRIBUTING.md](CONTRIBUTING.md), [CODE_OF_CONDUCT.md](CODE_OF_CONDUCT.md), and [LICENSE.md](LICENSE.md) for further information on our contributing guidelines and license.
