Added Code of Conduct and Security guidance

CODE_OF_CONDUCT.md

@@ -0,0 +1,60 @@
+# Community Code of Conduct
+
+
+## Our Pledge
+
+In the interest of fostering an open and welcoming environment, we as contributors and maintainers pledge to make
+participation in our project and our community a harassment-free experience for everyone, regardless of age, body size,
+disability, ethnicity, sex characteristics, gender identity and expression, level of experience, education,
+socio-economic status, nationality, personal appearance, race, religion, or sexual identity and orientation.
+
+
+## Our Standards
+
+* Being open. Members of the community are open to collaboration.
+* Focusing on what is best for the community. We're respectful of the processes set forth in the community, and we work
+  within them.
+* Acknowledging time and effort. We're respectful of the volunteer efforts that permeate the community. We're thoughtful
+  when addressing the efforts of others, keeping in mind that often times the labour was completed simply for the good
+  of the community.
+* Being respectful of differing viewpoints and experiences. We're receptive to constructive comments and criticism, as
+  the experiences and skill sets of other members contribute to the whole of our efforts.
+* Being considerate towards other community members. We're attentive in our communications and we're tactful when
+  approaching differing views.
+* Using welcoming and inclusive language. We're accepting of all who wish to take part in our activities, fostering an
+  environment where anyone can participate and everyone can make a difference.
+* Take responsibility for our words and our actions. We can all make mistakes; when we do, we take responsibility for
+  them. If someone has been harmed or offended, we listen carefully and respectfully, and work to right the wrong.
+* Step down considerately. When somebody leaves or disengages from the project, we ask that they do so in a way that
+  minimises disruption to the project.
+* Ask for help when unsure. Nobody is expected to be perfect in this community. Asking questions early avoids many
+  problems later, so questions are encouraged, though they may be directed to the appropriate forum. Those who are asked
+  should be responsive and helpful.
+* Value decisiveness, clarity and consensus. Disagreements, social and technical, are normal, but we do not allow them
+  to persist and fester leaving others uncertain of the agreed direction. We expect participants in the project to
+  resolve disagreements constructively. When they cannot, we escalate the matter to structures with designated leaders
+  to arbitrate and provide clarity and direction.
+
+
+## Our Responsibilities
+
+Project maintainers are responsible for clarifying the standards of acceptable behaviour and are expected to take
+appropriate and fair corrective action in response to any instances of unacceptable behaviour. Project maintainers have
+the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other
+contributions that are not aligned to this Code of Conduct, or to ban temporarily or permanently any contributor for
+other behaviour that they deem inappropriate, threatening, offensive, or harmful.
+
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behaviour may be reported to the community leaders
+responsible for enforcement at [[email protected]](mailto:[email protected]). All complaints will be reviewed and
+investigated promptly and fairly, and will result in a response that is deemed necessary and appropriate to the
+circumstances. The community leaders responsible for enforcement are obligated to maintain confidentiality with regard
+to the reporter of an incident. Further details of specific enforcement policies may be posted separately.
+
+
+## Attribution
+
+This Code of Conduct has been adapted with modifications from the Contributor Covenant (version 1.4), the Python Code of
+conduct and the Ubuntu Code of Conduct (version 2.0).

CONTRIBUTING.md

@@ -1,11 +1,13 @@
 # Contributing to Concourse Tools
 
-If you find any issues/bugs in the software, please [file an issue](https://github.com/gchq/ConcourseTools/issues). Please provide full details of your issue, and ideally code to reproduce it.
+If you find any issues/bugs in the software, please [file an issue](https://github.com/gchq/ConcourseTools/issues).
+Please provide full details of your issue, and ideally code to reproduce it.
 
 
 ## Pull Requests
 
-Prior to us accepting any work, you must sign the [GCHQ CLA Agreement](https://cla-assistant.io/gchq/ConcourseTools). We follow a branching strategy for handling contributions:
+Prior to us accepting any work, you must sign the [GCHQ CLA Agreement](https://cla-assistant.io/gchq/ConcourseTools).
+We follow a branching strategy for handling contributions:
 
 1. Fork the Project
 2. Create your Feature Branch (`git checkout -b feature/new_thing`)
@@ -15,7 +17,8 @@ Prior to us accepting any work, you must sign the [GCHQ CLA Agreement](https://c
 
 ### Pre-commit
 
-Please make use of the [pre-commit checks](https://pre-commit.com/), which should be installed before any new code is committed:
+Please make use of the [pre-commit checks](https://pre-commit.com/), which should be installed before any new code is
+committed:
 
 ```shell
 $ python3 -m pip install pre-commit
@@ -36,7 +39,8 @@ Before opening a pull request, please ensure that the tests pass. To do this, ru
 $ python3 -m unittest discover .
 ```
 
-Tests are written with `unittest` and - with the exception of the [example tests](tests/test_examples.py) - do not require any additional dependencies. To run the example tests you should install the additional dependencies:
+Tests are written with `unittest` and - with the exception of the [example tests](tests/test_examples.py) - do not
+require any additional dependencies. To run the example tests you should install the additional dependencies:
 
 ```shell
 $ python3 -m pip install -r requirements-tests.txt --no-deps
@@ -53,7 +57,9 @@ $ python3 -m mypy concoursetools
 
 ### Documentation
 
-The documentation for Concourse Tools use [Sphinx](https://www.sphinx-doc.org/en/master/index.html). Please ensure that new features are appropriately documented before opening your pull request. To build the documentation locally, first install the dependencies:
+The documentation for Concourse Tools use [Sphinx](https://www.sphinx-doc.org/en/master/index.html). Please ensure that
+new features are appropriately documented before opening your pull request. To build the documentation locally, first
+install the dependencies:
 
 ```shell
 $ python3 -m pip install -r docs/requirements.txt
@@ -74,43 +80,11 @@ $ python3 -m sphinx -b linkcheck docs/source docs/build  # check that all links
 
 ## Coding Standards and Conventions
 
-Concourse Tools is a fully-typed library, so please ensure all functions, methods and classes are fully typed. Although we tend to make use of future annotations (`from __future__ import annotations`) please continue using the `typing` module for all types to ensure compatibility with our documentation.
+Concourse Tools is a fully-typed library, so please ensure all functions, methods and classes are fully typed. Although
+we tend to make use of future annotations (`from __future__ import annotations`) please continue using the `typing`
+module for all types to ensure compatibility with our documentation.
 
 Concourse Tools uses [Sphinx-style docstrings](https://sphinx-rtd-tutorial.readthedocs.io/en/latest/docstrings.html).
 
-This project aims to depend only on the standard library, so contributions which add additional dependencies outside of the standard library are likely to be rejected unless absolutely necessary.
-
-
-## Code of Conduct
-
-### Our Pledge
-
-In the interest of fostering an open and welcoming environment, we as contributors and maintainers pledge to making participation in our project, and our community a harassment-free experience for everyone.
-
-### Our Standards
-
-Examples of behaviour that contributes to creating a positive environment include:
-
-* Using welcoming and inclusive language
-* Being respectful of differing viewpoints and experiences
-* Gracefully accepting constructive criticism
-* Focusing on what is best for the community
-* Showing empathy towards other community members
-
-Examples of unacceptable behaviour by participants include:
-
-* The use of sexualized language or imagery and unwelcome sexual attention or advances
-* Trolling, insulting/derogatory comments, and personal or political attacks
-* Public or private harassment
-* Publishing others' private information, such as a physical or electronic address, without explicit permission
-* Other conduct which could reasonably be considered inappropriate in a professional setting
-
-### Our Responsibilities
-
-Project maintainers are responsible for clarifying the standards of acceptable behaviour and are expected to take appropriate and fair corrective action in response to any instances of unacceptable behaviour.
-
-Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, or to ban temporarily or permanently any contributor for other behaviors that they deem inappropriate, threatening, offensive, or harmful.
-
-### Attribution
-
-This Code of Conduct is adapted from version 1.4 of the [Contributor Covenant](http://contributor-covenant.org/version/1/4/).
+This project aims to depend only on the standard library, so contributions which add additional dependencies outside of
+the standard library are likely to be rejected unless absolutely necessary.

README.md

@@ -15,7 +15,11 @@ A Python package for easily implementing Concourse [resource types](https://conc
 
 ## About
 
-[Concourse CI](https://concourse-ci.org/) is an "open-source continuous thing-doer" designed to enable general automation with intuitive and re-usable components. Resources represent all external inputs and outputs to and from the pipeline, and many of these have been implemented in open source. In order to best leverage the Python ecosystem of open-source packages, Concourse Tools abstracts away the implementation details of Concourse resource types to allow users to focus on writing the code they want to run.
+[Concourse CI](https://concourse-ci.org/) is an "open-source continuous thing-doer" designed to enable general
+automation with intuitive and re-usable components. Resources represent all external inputs and outputs to and from the
+pipeline, and many of these have been implemented in open source. In order to best leverage the Python ecosystem of
+open-source packages, Concourse Tools abstracts away the implementation details of Concourse resource types to allow
+users to focus on writing the code they want to run.
 
 
 ## Installation
@@ -30,7 +34,8 @@ $ pip install concoursetools
 
 Creating a Concourse resource type with Concourse Tools couldn't be simpler:
 
-1. Create subclasses of `concoursetools.version.Version` and `concoursetools.resource.ConcourseResource`, taking care to implement any required functions.
+1. Create subclasses of `concoursetools.version.Version` and `concoursetools.resource.ConcourseResource`, taking care to
+  implement any required functions.
 2. Create a Dockerfile containing your requirements and calling your resource.
 3. Upload the Docker image to a registry, and use it in your pipelines!
 
@@ -39,4 +44,6 @@ For more information, see the [documentation](https://concoursetools.readthedocs
 
 ## Bugs and Contributions
 
-Concourse Tools is in beta, and still under somewhat-active development.  Contributions, fixes, suggestions and bug reports are all welcome: Please familiarise yourself with our [contribution guidelines](https://github.com/gchq/ConcourseTools/blob/main/CONTRIBUTING.md).
+Concourse Tools is in beta, and still under somewhat-active development.  Contributions, fixes, suggestions and bug
+reports are all welcome: Please familiarise yourself with our
+[contribution guidelines](https://github.com/gchq/ConcourseTools/blob/main/CONTRIBUTING.md).

SECURITY.md

@@ -0,0 +1,21 @@
+# Security Policy
+
+
+## Supported Versions
+
+Concourse Tools is supported on a best endeavours basis. Patches will be applied to the latest version rather than
+retroactively to older versions. To ensure you are using the most secure version of Concoursetools, please make sure you
+have installed the [latest version](https://pypi.org/project/concoursetools/).
+
+
+## Reporting a Vulnerability
+
+Disclosures of vulnerabilities in Concourse Tools are always welcome. Whilst we aim to write clean and secure code free
+from bugs, we recognise that this is an open source project, relying on other of open source libraries that are modified
+and updated on a regular basis. We hope that the community will continue to support us as we endeavour to maintain and
+develop this tool together.
+
+If you believe that you have identified a potential vulnerability in the code base, please report this promptly to
+[[email protected]](mailto:[email protected]). Please describe the problem in as much detail as possible, ideally with
+examples. Each report will be dealt with on a case-by-case basis. You will receive regular communication on the
+resolution and progress of your report.