Several "community health" requirements: (#105)

* Several "community health" requirements:

 - CODE_OF_CONDUCT.md - taken from https://www.contributor-covenant.org
 - CONTRIBUTING.md
 - .github/pull_request_template.md - boilerplate template

Minor updates to README.md and SECURITY.md

Author: ogarrett

.github/pull_request_template.md

@@ -0,0 +1,8 @@
+Fixes # .
+
+Changes proposed in this pull request:
+-
+-
+-
+
+@deepfence/engineering

CODE_OF_CONDUCT.md

@@ -0,0 +1,134 @@
+
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+We as members, contributors, and leaders pledge to make participation in our
+community a harassment-free experience for everyone, regardless of age, body
+size, visible or invisible disability, ethnicity, sex characteristics, gender
+identity and expression, level of experience, education, socio-economic status,
+nationality, personal appearance, race, caste, color, religion, or sexual
+identity and orientation.
+
+We pledge to act and interact in ways that contribute to an open, welcoming,
+diverse, inclusive, and healthy community.
+
+## Our Standards
+
+Examples of behavior that contributes to a positive environment for our
+community include:
+
+* Demonstrating empathy and kindness toward other people
+* Being respectful of differing opinions, viewpoints, and experiences
+* Giving and gracefully accepting constructive feedback
+* Accepting responsibility and apologizing to those affected by our mistakes,
+  and learning from the experience
+* Focusing on what is best not just for us as individuals, but for the overall
+  community
+
+Examples of unacceptable behavior include:
+
+* The use of sexualized language or imagery, and sexual attention or advances of
+  any kind
+* Trolling, insulting or derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or email address,
+  without their explicit permission
+* Other conduct which could reasonably be considered inappropriate in a
+  professional setting
+
+## Enforcement Responsibilities
+
+Community leaders are responsible for clarifying and enforcing our standards of
+acceptable behavior and will take appropriate and fair corrective action in
+response to any behavior that they deem inappropriate, threatening, offensive,
+or harmful.
+
+Community leaders have the right and responsibility to remove, edit, or reject
+comments, commits, code, wiki edits, issues, and other contributions that are
+not aligned to this Code of Conduct, and will communicate reasons for moderation
+decisions when appropriate.
+
+## Scope
+
+This Code of Conduct applies within all community spaces, and also applies when
+an individual is officially representing the community in public spaces.
+Examples of representing our community include using an official e-mail address,
+posting via an official social media account, or acting as an appointed
+representative at an online or offline event.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported to the community leaders responsible for enforcement at
+**community *at* deepfence *dot* io**.
+All complaints will be reviewed and investigated promptly and fairly.
+
+All community leaders are obligated to respect the privacy and security of the
+reporter of any incident.
+
+## Enforcement Guidelines
+
+Community leaders will follow these Community Impact Guidelines in determining
+the consequences for any action they deem in violation of this Code of Conduct:
+
+### 1. Correction
+
+**Community Impact**: Use of inappropriate language or other behavior deemed
+unprofessional or unwelcome in the community.
+
+**Consequence**: A private, written warning from community leaders, providing
+clarity around the nature of the violation and an explanation of why the
+behavior was inappropriate. A public apology may be requested.
+
+### 2. Warning
+
+**Community Impact**: A violation through a single incident or series of
+actions.
+
+**Consequence**: A warning with consequences for continued behavior. No
+interaction with the people involved, including unsolicited interaction with
+those enforcing the Code of Conduct, for a specified period of time. This
+includes avoiding interactions in community spaces as well as external channels
+like social media. Violating these terms may lead to a temporary or permanent
+ban.
+
+### 3. Temporary Ban
+
+**Community Impact**: A serious violation of community standards, including
+sustained inappropriate behavior.
+
+**Consequence**: A temporary ban from any sort of interaction or public
+communication with the community for a specified period of time. No public or
+private interaction with the people involved, including unsolicited interaction
+with those enforcing the Code of Conduct, is allowed during this period.
+Violating these terms may lead to a permanent ban.
+
+### 4. Permanent Ban
+
+**Community Impact**: Demonstrating a pattern of violation of community
+standards, including sustained inappropriate behavior, harassment of an
+individual, or aggression toward or disparagement of classes of individuals.
+
+**Consequence**: A permanent ban from any sort of public interaction within the
+community.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage],
+version 2.1, available at
+[https://www.contributor-covenant.org/version/2/1/code_of_conduct.html][v2.1].
+
+Community Impact Guidelines were inspired by
+[Mozilla's code of conduct enforcement ladder][Mozilla CoC].
+
+For answers to common questions about this code of conduct, see the FAQ at
+[https://www.contributor-covenant.org/faq][FAQ]. Translations are available at
+[https://www.contributor-covenant.org/translations][translations].
+
+[homepage]: https://www.contributor-covenant.org
+[v2.1]: https://www.contributor-covenant.org/version/2/1/code_of_conduct.html
+[Mozilla CoC]: https://github.com/mozilla/diversity
+[FAQ]: https://www.contributor-covenant.org/faq
+[translations]: https://www.contributor-covenant.org/translations
+

CONTRIBUTING.md

@@ -0,0 +1,42 @@
+# Contributing to ThreatMapper
+
+First off, thank you for taking the time to contribute!
+
+Here are some important resources:
+ 
+  * [Security Policy](SECURITY.md): If you need to share a security vulnerability, please refer to our Security Policy.
+  * [Slack Discussions](https://join.slack.com/t/deepfence-community/shared_invite/zt-podmzle9-5X~qYx8wMaLt9bGWwkSdgQ): Any questions - join us on Slack
+  * [Documentation](https://github.com/deepfence/ThreatMapper/wiki): Find and contribute to ThreatMapper documentation on the wiki.
+  * [ThreatMapper License](LICENSE): ThreatMapper is 100% open source, using the Apache 2.0 license.
+  * [Contributor License](https://docs.github.com/en/github/site-policy/github-terms-of-service#6-contributions-under-repository-license): The Apache 2.0 license applies to all contributions offered to the ThreatMapper project.
+  * [Code of Conduct](CODE_OF_CONDUCT.md): The ThreatMapper community strives to be open and welcoming to all.
+
+## How can I contribute?
+
+### I'm having difficulty installing, operating or building ThreatMapper
+
+Head over to our [Community Slack](https://join.slack.com/t/deepfence-community/shared_invite/zt-podmzle9-5X~qYx8wMaLt9bGWwkSdgQ) and share what's going on.  It's generally useful to include details of your installation, as ThreatMapper is under constant development and we fix bugs fast. `docker images list` and `docker ps -a`, or the equivalent Kubernetes commands are a good start.  Logs from any containers that may be misbehaving are also useful.
+
+### I think I have found a bug in ThreatMapper
+
+If you believe you've found a security vulnerability, please refer to our [Security Policy](SECURITY.md).
+
+For all other bugs, please [first check if the issue has already been opened](https://github.com/deepfence/ThreatMapper/issues).  If so, go ahead and add details to the existing issue.
+
+If the bug appears to be new, please [open a new GitHub Bug report](https://github.com/deepfence/ThreatMapper/issues/new/choose).  The template will prompt you for the information that will help us to understand and address the issue.
+
+### I'd like to share a change to ThreatMapper
+
+Thank you.  Please send a [GitHub Pull Request to ThreatMapper](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/about-pull-requests) with a clear explanation of what you're seeking to achieve, and what you have done.
+
+Code Style: we're flexible and accomodating. Copy the style of the code adjacent to your contributions, keep it clear and easy to understand for other developers and we're all good.
+
+### I have an idea for an enhancement to ThreatMapper
+
+If it's a well-formed enhancement, please [open a new GitHub Feature request](https://github.com/deepfence/ThreatMapper/issues/new/choose).  Explain the enhancement and any supporting information - who it benefits, why it's important etc.
+
+If you'd like to discuss the idea before proposing it on GitHub, share it on our [Community Slack](https://join.slack.com/t/deepfence-community/shared_invite/zt-podmzle9-5X~qYx8wMaLt9bGWwkSdgQ) and we will work through it together.
+
+## I'd like to talk to someone directly
+
+You can reach out to the ThreatMapper community leads at **community *at* deepfence *dot* io**.

README.md

@@ -230,7 +230,7 @@ Please share any feature requests or bug reports: https://github.com/deepfence/T
 
 # Security and Support
 
-For any security-related issues in the ThreatMapper project, contact productsecurity at deepfence dot io.
+For any security-related issues in the ThreatMapper project, contact **productsecurity *at* deepfence *dot* io**.
 
 Please file Github issues as needed, and join the Deepfence Community [Slack channel](https://join.slack.com/t/deepfence-community/shared_invite/zt-podmzle9-5X~qYx8wMaLt9bGWwkSdgQ).
 

SECURITY.md

@@ -1 +1,3 @@
-Any vulnerabilities found in this source code may please be reported to productsecurity at deepfence dot io in complete confidence.
+Please report any potential security vulnerabilities to **productsecurity *at* deepfence *dot* io**. 
+
+Deepfence will endeavour to respond within 3 working days, and treats all security notifications in full confidence.