Add issue templates for bug reports, feature requests, security incidents, security requirements, and threat models

Author: scubaninja

.github/ISSUE_TEMPLATE/bug.yml

@@ -0,0 +1,63 @@
+name: Bug Report
+description: File a bug report
+title: "[Bug]: "
+labels: ["bug", "triage"]
+projects: ["clever-org-name/2"]
+
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Thanks for taking the time to fill out this bug report!
+  - type: input
+    id: contact
+    attributes:
+      label: Contact Details
+      description: How can we get in touch with you if we need more info?
+      placeholder: ex. email@example.com
+    validations:
+      required: false
+  - type: textarea
+    id: what-happened
+    attributes:
+      label: What happened?
+      description: Also tell us, what did you expect to happen?
+      placeholder: Tell us what you see!
+      value: "A bug happened!"
+    validations:
+      required: true
+  - type: dropdown
+    id: version
+    attributes:
+      label: Version
+      description: What version of our software are you running?
+      options:
+        - 1.0.2 (Default)
+        - 1.0.3 (Edge)
+      default: 0
+    validations:
+      required: true
+  - type: dropdown
+    id: browsers
+    attributes:
+      label: What browsers are you seeing the problem on?
+      multiple: true
+      options:
+        - Firefox
+        - Chrome
+        - Safari
+        - Microsoft Edge
+  - type: textarea
+    id: logs
+    attributes:
+      label: Relevant log output
+      description: Please copy and paste any relevant log output. This will be automatically formatted into code, so no need for backticks.
+      render: shell
+  - type: checkboxes
+    id: terms
+    attributes:
+      label: Code of Conduct
+      description: By submitting this issue, you agree to follow our [Code of Conduct](#)
+      options:
+        - label: I agree to follow this project's Code of Conduct
+          required: true

.github/ISSUE_TEMPLATE/config.yml

@@ -0,0 +1,8 @@
+blank_issues_enabled: true
+contact_links:
+  - name: GitHub Community Support
+    url: https://github.com/orgs/community/discussions
+    about: Please ask and answer questions here.
+  - name: GitHub Security Bug Bounty
+    url: https://bounty.github.com/
+    about: Please report security vulnerabilities here.

.github/ISSUE_TEMPLATE/feature.yml

@@ -0,0 +1,76 @@
+name: Feature Request
+description: Suggest an awesome new feature
+title: "[Feature]: "
+labels: ["enhancement", "✨ feature", "needs-triage"]
+projects: ["clever-org-name/2"]
+assignees:
+  - collinmcneese
+  - scubaninja
+
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Thanks for taking the time to suggest a new feature! We appreciate your creativity! 🚀
+  - type: input
+    id: contact
+    attributes:
+      label: Contact Details
+      description: How can we get in touch with you if we need more info?
+      placeholder: ex. email@example.com
+    validations:
+      required: false
+  - type: textarea
+    id: feature-description
+    attributes:
+      label: Feature Description
+      description: What feature would you like to see added?
+      placeholder: Describe the feature you'd like to see!
+      value: "I have an awesome idea!"
+    validations:
+      required: true
+  - type: textarea
+    id: use-case
+    attributes:
+      label: Use Case
+      description: How would this feature be used? What problem does it solve?
+      placeholder: Tell us how this feature would help you!
+    validations:
+      required: true
+  - type: textarea
+    id: alternatives
+    attributes:
+      label: Alternatives Considered
+      description: Have you considered any alternative solutions or features?
+      placeholder: What other approaches have you thought about?
+    validations:
+      required: false
+  - type: dropdown
+    id: priority
+    attributes:
+      label: Priority
+      description: How important is this feature to you?
+      options:
+        - Nice to have
+        - Would be helpful
+        - Really want this
+        - Critical for my use case
+      default: 0
+    validations:
+      required: true
+  - type: checkboxes
+    id: willing-to-contribute
+    attributes:
+      label: Contribution
+      description: Are you willing to help implement this feature?
+      options:
+        - label: I'd be willing to contribute to this feature
+          required: false
+  - type: checkboxes
+    id: terms
+    attributes:
+      label: Code of Conduct
+      description: By submitting this issue, you agree to follow our [Code of Conduct](#)
+      options:
+        - label: I agree to follow this project's Code of Conduct
+          required: true

.github/ISSUE_TEMPLATE/security-incident.yml

@@ -0,0 +1,170 @@
+name: Security Incident
+description: Capture a security incident from runtime telemetry and drive remediation through PRs, pipeline validation, and governance gates.
+title: "[Security Incident]: "
+labels: ["security", "incident", "triage"]
+assignees: []
+
+body:
+  - type: markdown
+    attributes:
+      value: |
+        ## Security Incident
+        Use this template for runtime security events or suspicious behavior detected by telemetry, API protection, or cloud workload security.
+
+        The goal is to link detection → triage → remediation → validation → deployment, with auditability.
+
+  - type: input
+    id: incident_summary
+    attributes:
+      label: Incident Summary
+      description: Short summary of the incident.
+      placeholder: Example: Suspicious API traffic spike detected on /payments endpoint
+    validations:
+      required: true
+
+  - type: dropdown
+    id: severity
+    attributes:
+      label: Severity
+      options:
+        - Sev 0 (Critical)
+        - Sev 1 (High)
+        - Sev 2 (Medium)
+        - Sev 3 (Low)
+    validations:
+      required: true
+
+  - type: dropdown
+    id: status
+    attributes:
+      label: Status
+      options:
+        - Detected
+        - Triaging
+        - Contained
+        - Remediating
+        - Validating
+        - Resolved
+    validations:
+      required: true
+
+  - type: textarea
+    id: detection_source
+    attributes:
+      label: Detection Source
+      description: Where did the incident originate?
+      placeholder: |
+        Example:
+        - Microsoft Defender for APIs alert
+        - Microsoft Defender for Cloud alert
+        - Azure Application Insights anomaly
+        - WAF / API gateway alert
+    validations:
+      required: true
+
+  - type: input
+    id: telemetry_link
+    attributes:
+      label: Telemetry / Alert Link
+      description: Link to the alert, incident, dashboard, or log query.
+      placeholder: https://portal.azure.com/...
+    validations:
+      required: true
+
+  - type: textarea
+    id: impact_assessment
+    attributes:
+      label: Impact Assessment
+      description: What systems, data, or users are affected?
+      placeholder: |
+        Example:
+        - Potential data exposure: none confirmed
+        - Affected service: Payment API
+        - Customer impact: elevated errors for 2% of requests
+    validations:
+      required: true
+
+  - type: textarea
+    id: containment_actions
+    attributes:
+      label: Containment Actions
+      description: What immediate containment steps were taken?
+      placeholder: |
+        Example:
+        - Disabled feature flag
+        - Blocked IP ranges
+        - Rolled back deployment
+        - Reduced endpoint exposure
+    validations:
+      required: true
+
+  - type: input
+    id: related_release
+    attributes:
+      label: Related Deployment / Release
+      description: Link to the deployment or workflow run correlated to this incident.
+      placeholder: https://github.com/org/repo/actions/runs/123
+    validations:
+      required: false
+
+  - type: input
+    id: remediation_pr
+    attributes:
+      label: Remediation Pull Request
+      description: Link to the PR that resolves root cause.
+      placeholder: https://github.com/org/repo/pull/456
+
+  - type: input
+    id: validation_evidence
+    attributes:
+      label: Validation Evidence (Tests / Scans / Gates)
+      description: Link to workflow run(s), scan results, or gate approvals confirming remediation.
+      placeholder: https://github.com/org/repo/actions/runs/789
+
+  - type: input
+    id: azure_boards_item
+    attributes:
+      label: Azure Boards Work Item
+      description: Link to Azure Boards item to track incident remediation work.
+      placeholder: https://dev.azure.com/org/project/_workitems/edit/98765
+
+  - type: textarea
+    id: root_cause
+    attributes:
+      label: Root Cause
+      description: What caused the incident?
+      placeholder: |
+        Example:
+        - Missing authorization check introduced in recent release
+        - Misconfigured API policy allowing excessive payload size
+        - Vulnerable dependency exploited
+    validations:
+      required: false
+
+  - type: textarea
+    id: corrective_preventative_actions
+    attributes:
+      label: Corrective and Preventative Actions
+      description: How will recurrence be prevented?
+      placeholder: |
+        Example:
+        - Add unit tests for authorization edge cases
+        - Add API schema validation gate
+        - Add DAST policy for endpoint class
+        - Add runtime detection rule
+    validations:
+      required: false
+
+  - type: checkboxes
+    id: incident_checks
+    attributes:
+      label: Incident Governance Checklist
+      options:
+        - label: Incident linked to telemetry evidence
+          required: true
+        - label: Containment action documented
+          required: true
+        - label: Remediation linked to PR and validation evidence
+          required: false
+        - label: Post-incident follow-ups captured (tests, controls, policies)
+          required: false