From 319653741f999a75916858783ec2af6c31805e6d Mon Sep 17 00:00:00 2001 From: Seongho Bae Date: Mon, 29 Jun 2026 23:31:42 +0900 Subject: [PATCH 1/8] chore: add OSS license metadata --- LICENSE | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 LICENSE diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..26dd435 --- /dev/null +++ b/LICENSE @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2026 ContextualWisdomLab + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. \ No newline at end of file From 26f910787f9d3b2bf99b46d17532f827c36704fe Mon Sep 17 00:00:00 2001 From: Seongho Bae Date: Mon, 29 Jun 2026 23:31:44 +0900 Subject: [PATCH 2/8] chore: add security policy --- SECURITY.md | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..ff93ab0 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,28 @@ +# Security Policy + +## Reporting a Vulnerability + +Please do not report unpatched vulnerabilities through public GitHub issues. + +Preferred: use GitHub private vulnerability reporting for this repository: + +- https://github.com/ContextualWisdomLab/ContextualWisdomLab.github.io/security/advisories/new + +If private reporting is unavailable, open a public issue that only asks for a secure disclosure channel. Do not include exploit details, secrets, personal data, or unreleased vulnerability information in a public issue. + +When reporting, include: + +- affected branch, tag, or commit +- reproduction steps +- impact assessment +- proof-of-concept input or sanitized logs when needed for safe reproduction + +## Response Expectations + +- acknowledgement target: within 7 days +- triage or status update target: within 30 days when a fix is feasible +- coordinated disclosure preferred after a fix or mitigation is available + +## Safe Handling + +Do not send production credentials, private keys, customer data, or copyrighted third-party source documents in reports. Use synthetic fixtures and sanitized evidence whenever possible. \ No newline at end of file From 904da3adf12dca51f0c53e86e8374cfdf25edb6c Mon Sep 17 00:00:00 2001 From: Seongho Bae Date: Mon, 29 Jun 2026 23:31:47 +0900 Subject: [PATCH 3/8] chore: add dependabot configuration --- .github/dependabot.yml | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..d0e1df2 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,8 @@ +version: 2 +updates: + - package-ecosystem: "github-actions" + directory: "/" + target-branch: "main" + schedule: + interval: "weekly" + open-pull-requests-limit: 5 \ No newline at end of file From 0bec9d48ad560e46a8152b79ab0b9fbe2caf5e0f Mon Sep 17 00:00:00 2001 From: Seongho Bae Date: Mon, 29 Jun 2026 23:31:49 +0900 Subject: [PATCH 4/8] ci: add OpenSSF Scorecard workflow --- .github/workflows/scorecard-analysis.yml | 38 ++++++++++++++++++++++++ 1 file changed, 38 insertions(+) create mode 100644 .github/workflows/scorecard-analysis.yml diff --git a/.github/workflows/scorecard-analysis.yml b/.github/workflows/scorecard-analysis.yml new file mode 100644 index 0000000..e55734a --- /dev/null +++ b/.github/workflows/scorecard-analysis.yml @@ -0,0 +1,38 @@ +name: Scorecard analysis + +on: + push: + branches: ["main"] + schedule: + - cron: "30 1 * * 6" + +permissions: read-all + +jobs: + analysis: + name: Scorecard analysis + runs-on: ubuntu-latest + permissions: + security-events: write + id-token: write + contents: read + issues: read + pull-requests: read + checks: read + steps: + - name: Checkout code + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + persist-credentials: false + + - name: Run analysis + uses: ossf/scorecard-action@4eaacf0543bb3f2c246792bd56e8cdeffafb205a # v2.4.3 + with: + results_file: results.sarif + results_format: sarif + publish_results: true + + - name: Upload to code scanning + uses: github/codeql-action/upload-sarif@e46ed2cbd01164d986452f91f178727624ae40d7 # v4.35.3 + with: + sarif_file: results.sarif \ No newline at end of file From c9308da3897a95178bf4693f624a04dfd8e7dce1 Mon Sep 17 00:00:00 2001 From: Seongho Bae Date: Mon, 29 Jun 2026 23:36:36 +0900 Subject: [PATCH 5/8] chore: normalize metadata newlines --- LICENSE | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/LICENSE b/LICENSE index 26dd435..591bbf1 100644 --- a/LICENSE +++ b/LICENSE @@ -18,4 +18,4 @@ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -SOFTWARE. \ No newline at end of file +SOFTWARE. From da9a96399c0a8b75221f8a734df6054da4ec6059 Mon Sep 17 00:00:00 2001 From: Seongho Bae Date: Mon, 29 Jun 2026 23:36:38 +0900 Subject: [PATCH 6/8] chore: normalize metadata newlines --- SECURITY.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/SECURITY.md b/SECURITY.md index ff93ab0..fec9136 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -25,4 +25,4 @@ When reporting, include: ## Safe Handling -Do not send production credentials, private keys, customer data, or copyrighted third-party source documents in reports. Use synthetic fixtures and sanitized evidence whenever possible. \ No newline at end of file +Do not send production credentials, private keys, customer data, or copyrighted third-party source documents in reports. Use synthetic fixtures and sanitized evidence whenever possible. From 206ab793125c724790788ca537b95e0828235ece Mon Sep 17 00:00:00 2001 From: Seongho Bae Date: Mon, 29 Jun 2026 23:36:40 +0900 Subject: [PATCH 7/8] chore: normalize metadata newlines --- .github/dependabot.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index d0e1df2..ab28393 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -5,4 +5,4 @@ updates: target-branch: "main" schedule: interval: "weekly" - open-pull-requests-limit: 5 \ No newline at end of file + open-pull-requests-limit: 5 From 427e6e05eb083ac2e3a00b2e1164b60f04b01f80 Mon Sep 17 00:00:00 2001 From: Seongho Bae Date: Mon, 29 Jun 2026 23:36:42 +0900 Subject: [PATCH 8/8] chore: normalize metadata newlines --- .github/workflows/scorecard-analysis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard-analysis.yml b/.github/workflows/scorecard-analysis.yml index e55734a..026f975 100644 --- a/.github/workflows/scorecard-analysis.yml +++ b/.github/workflows/scorecard-analysis.yml @@ -35,4 +35,4 @@ jobs: - name: Upload to code scanning uses: github/codeql-action/upload-sarif@e46ed2cbd01164d986452f91f178727624ae40d7 # v4.35.3 with: - sarif_file: results.sarif \ No newline at end of file + sarif_file: results.sarif