From 808668ecc1cb77261ac54ed87541ce361dfd477e Mon Sep 17 00:00:00 2001
From: Chris Llanwarne <cjllanwarne@gmail.com>
Date: Wed, 21 Aug 2024 17:47:43 -0400
Subject: [PATCH] Security impact field in templates

---
 .github/ISSUE_TEMPLATE/change-request.yml | 36 +++++++++++++++++++++++
 .github/pull_request_template.md          | 23 +++++++++++++++
 2 files changed, 59 insertions(+)
 create mode 100644 .github/ISSUE_TEMPLATE/change-request.yml
 create mode 100644 .github/pull_request_template.md

diff --git a/.github/ISSUE_TEMPLATE/change-request.yml b/.github/ISSUE_TEMPLATE/change-request.yml
new file mode 100644
index 00000000000..b30f001a607
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE/change-request.yml
@@ -0,0 +1,36 @@
+name: Change Request
+description: Tracker issues for new features, enhancements, or configuration changes.
+labels: needs-triage
+body:
+  - type: textarea
+    id: description
+    attributes:
+      label: Description
+      description: What is the change?
+    validations:
+      required: true
+  - type: dropdown
+    id: security-impact
+    attributes:
+      label: Security Impact
+      description: Level of security impact of the change
+      options:
+          - None
+          - Low
+          - Medium
+          - High
+  - type: textarea
+    id: security-impact-description
+    attributes:
+      label: Security Impact Description
+      description: If the impact is not None, please describe the security impact and necessary mitigations
+    validations:
+      required: true
+  - type: checkboxes
+    id: appsec-signoff
+    attributes:
+      label: Appsec Signoff
+      description: If the security impact is High, has the change been reviewed and approved by the Appsec team?
+      options:
+          - label: Reviewed and approved
+            required: false
diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md
new file mode 100644
index 00000000000..56e6b93a168
--- /dev/null
+++ b/.github/pull_request_template.md
@@ -0,0 +1,23 @@
+Fixes #<issue_number>.
+
+### Change Description
+
+<!-- What is the purpose of this change? What should reviewers know? -->
+
+### Security Impact
+
+<!-- Please select one of the following -->
+
+- [ ] The security impact will be assessed in this PR description
+- [ ] The security impact is assessed in the linked issue
+
+(Reviewers: please confirm the security impact before approving)
+
+<!-- If the security impact is to be assessed in the PR:
+#### Security Assessment
+- [ ] Either: the security impact will be assessed in this PR description:
+    - [ ] This change has a high security impact
+      - [ ] The impact has been assessed and approved by appsec
+    - [ ] This change has a medium security impact
+    - [ ] This change has a low security impact
+-->