First off, thank you for considering contributing to Vulcan! It's people like you that make Vulcan such a great tool for the security community.
By participating in this project, you are expected to uphold our Code of Conduct:
- Use welcoming and inclusive language
- Be respectful of differing viewpoints and experiences
- Gracefully accept constructive criticism
- Focus on what is best for the community
- Show empathy towards other community members
Before creating bug reports, please check existing issues as you might find out that you don't need to create one. When you are creating a bug report, please include as many details as possible:
- Use a clear and descriptive title
- Describe the exact steps to reproduce the problem
- Provide specific examples to demonstrate the steps
- Describe the behavior you observed and why it's a problem
- Explain which behavior you expected instead
- Include screenshots and logs if possible
- Include your environment details (OS, Ruby version, Rails version, etc.)
Enhancement suggestions are tracked as GitHub issues. When creating an enhancement suggestion, please include:
- Use a clear and descriptive title
- Provide a detailed description of the suggested enhancement
- Provide specific examples to demonstrate the enhancement
- Describe the current behavior and how your suggestion improves it
- List any alternatives you've considered
Please do not report security vulnerabilities through public GitHub issues.
Instead, please report them to our security team at saf-security@mitre.org. You should receive a response within 48 hours. If for some reason you do not, please follow up via email to ensure we received your original message.
Please include:
- Type of issue (e.g., buffer overflow, SQL injection, cross-site scripting, etc.)
- Full paths of source file(s) related to the issue
- Location of affected source code (tag/branch/commit or direct URL)
- Any special configuration required to reproduce the issue
- Step-by-step instructions to reproduce the issue
- Proof-of-concept or exploit code (if possible)
- Impact of the issue
- Fork the repository on GitHub
- Clone your fork locally:
git clone git@github.com:your-username/vulcan.git cd vulcan - Add the upstream repository:
git remote add upstream git@github.com:mitre/vulcan.git
- Create a feature branch:
git checkout -b feature/your-feature-name
-
Install dependencies:
bundle install yarn install
-
Setup database:
bin/setup rails db:seed
-
Start development server:
foreman start -f Procfile.dev
-
Follow the coding standards:
- Ruby: Follow RuboCop rules (run
bundle exec rubocop) - JavaScript: Follow ESLint rules (run
yarn lint) - Vue: Follow Vue style guide
- Write clear, self-documenting code
- Add comments for complex logic
- Ruby: Follow RuboCop rules (run
-
Write tests:
- Add RSpec tests for Ruby code
- Ensure all tests pass:
rake spec:parallel - Maintain or improve code coverage
-
Update documentation:
- Update README.md if needed
- Update ENVIRONMENT_VARIABLES.md for new config options
- Add inline documentation for public methods
- Update CHANGELOG.md
-
Commit your changes:
git add <specific-files> git commit -m "feat: add amazing feature - Detailed description of what changed - Why this change was needed - Any breaking changes or migrations required"
Follow conventional commits:
feat:New featurefix:Bug fixdocs:Documentation changesstyle:Code style changes (formatting, etc.)refactor:Code refactoringtest:Test additions or correctionschore:Maintenance tasks
-
Push to your fork:
git push origin feature/your-feature-name
-
Create a Pull Request:
- Go to your fork on GitHub
- Click "New pull request"
- Select your feature branch
- Fill in the PR template with:
- Description of changes
- Related issue numbers
- Testing performed
- Screenshots (if UI changes)
-
PR Review Process:
- A maintainer will review your PR
- Address any requested changes
- Once approved, a maintainer will merge your PR
# Run all tests
rake spec:parallel
# Run specific test file
rake spec:parallel spec/models/user_spec.rb
# Run tests with coverage
COVERAGE=true rake spec:parallel- Write tests first (TDD) when possible
- Test both happy path and edge cases
- Keep tests focused and isolated
- Use factories instead of fixtures
- Mock external services
- Ensure tests are deterministic
We use RuboCop to enforce Ruby style:
# Check for violations
bundle exec rubocop
# Auto-fix violations
bundle exec rubocop --autocorrect-allKey conventions:
- 2 spaces for indentation
- No trailing whitespace
- Meaningful variable and method names
- Prefer single quotes for strings without interpolation
We use ESLint and Prettier:
# Check and fix JavaScript
yarn lint
# Lint code
yarn lintKey conventions:
- 2 spaces for indentation
- Use modern ES6+ syntax
- Follow Vue.js style guide
- Meaningful component and variable names
When making database changes:
-
Create a migration:
rails generate migration AddFieldToModel field:type
-
Write reversible migrations when possible
-
Test migrations:
rails db:migrate rails db:rollback rails db:migrate
-
Update seeds if needed:
db/seeds.rb
- Code Comments: Add comments for complex logic
- Method Documentation: Use YARD format for Ruby
- API Documentation: Update if endpoints change
- User Documentation: Update wiki for user-facing changes
Maintainers handle releases, but you can help by:
- Keeping CHANGELOG.md updated
- Following semantic versioning in PRs
- Highlighting breaking changes
- Testing release candidates
Feel free to:
- Open a GitHub Discussion
- Email us at saf@mitre.org
- Check our Wiki
Contributors are recognized in:
- GitHub's contributor graph
- Release notes
- Our annual contributor report
Thank you for contributing to Vulcan and helping make security automation better for everyone!
Part of the MITRE Security Automation Framework