ci: enforce gitflow with dev branch and update contributing docs

.github/dependabot.yml

@@ -2,6 +2,7 @@ version: 2
 updates:
   - package-ecosystem: "gomod"
     directory: "/"
+    target-branch: "dev"
     schedule:
       interval: "weekly"
     commit-message:
@@ -10,6 +11,7 @@ updates:
 
   - package-ecosystem: "github-actions"
     directory: "/"
+    target-branch: "dev"
     schedule:
       interval: "weekly"
     commit-message:

.github/workflows/ci.yaml

@@ -0,0 +1,64 @@
+name: CI
+
+on:
+  push:
+    branches:
+      - main
+      - dev
+  pull_request:
+    branches:
+      - dev
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  lint:
+    name: "Lint"
+    if: ${{ !endsWith(github.actor, '[bot]') }}
+    runs-on: ubuntu-24.04-arm
+    steps:
+      - uses: actions/checkout@v6
+        with:
+          fetch-depth: 0
+
+      - uses: actions/setup-go@v6
+        with:
+          go-version: "1.25"
+          cache: true
+
+      - uses: golangci/golangci-lint-action@v9
+        with:
+          version: latest
+          args: --config=.golangci.yaml
+
+      - uses: ibiqlik/action-yamllint@v3
+        with:
+          file_or_dir: .
+          config_file: .yamllint.yaml
+
+      - name: Run go vet
+        run: go vet ./...
+
+      - name: Run trufflehog
+        uses: trufflesecurity/trufflehog@main
+        with:
+          path: ./
+          base: "${{ github.event.pull_request.base.sha || github.event.before }}"
+          head: "${{ github.event.pull_request.head.sha || github.sha }}"
+          extra_args: --debug --only-verified
+
+      - name: Install gosec
+        run: |
+          go install github.com/securego/gosec/v2/cmd/gosec@latest
+          echo "$(go env GOPATH)/bin" >> $GITHUB_PATH
+      - name: Run gosec
+        run: gosec ./...
+
+      - name: Run typos
+        uses: crate-ci/typos@v1

.github/workflows/dependency-guard.yaml

@@ -4,7 +4,7 @@ on:
   pull_request:
     types: [opened, synchronize]
     branches:
-      - main
+      - dev
 
 jobs:
   compat-checks:
@@ -13,7 +13,7 @@ jobs:
     permissions:
       contents: write
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
         with:
           ref: ${{ github.head_ref }}
           token: ${{ secrets.GITHUB_TOKEN }}
@@ -23,7 +23,7 @@ jobs:
           git config user.name "github-actions[bot]"
           git config user.email "github-actions[bot]@users.noreply.github.com"
 
-      - uses: actions/setup-go@v5
+      - uses: actions/setup-go@v6
         with:
           go-version-file: go.mod
 

.github/workflows/tests.yaml → .github/workflows/release.yaml

@@ -1,16 +1,9 @@
----
+name: Release
 
-name: 🔨 Tests
 on:
   push:
-    branches: ["dev", "main"]
     tags:
       - "v*"
-  pull_request:
-    paths:
-      - "**.go"
-      - "**.mod"
-  workflow_dispatch:
 
 permissions:
   contents: write
@@ -20,55 +13,8 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
-  lint:
-    name: "Lint"
-    if: ${{ !endsWith(github.actor, '[bot]') }}
-    runs-on: ubuntu-24.04-arm
-    steps:
-      - uses: actions/checkout@v6
-        with:
-          fetch-depth: 0
-
-      - uses: actions/setup-go@v6
-        with:
-          go-version: "1.25"
-          cache: true
-
-      - uses: golangci/golangci-lint-action@v9
-        with:
-          version: latest
-          args: --config=.golangci.yaml
-
-      - uses: ibiqlik/action-yamllint@v3
-        with:
-          file_or_dir: .
-          config_file: .yamllint.yaml
-
-      - name: Run go vet
-        run: go vet ./...
-
-      - name: Run trufflehog
-        uses: trufflesecurity/trufflehog@main
-        with:
-          path: ./
-          base: "${{ github.event.pull_request.base.sha || github.event.before }}"
-          head: "${{ github.event.pull_request.head.sha || github.sha }}"
-          extra_args: --debug --only-verified
-
-      - name: Install gosec
-        run: |
-          go install github.com/securego/gosec/v2/cmd/gosec@latest
-          echo "$(go env GOPATH)/bin" >> $GITHUB_PATH
-      - name: Run gosec
-        run: gosec ./...
-
-      - name: Run typos
-        uses: crate-ci/typos@v1
-
   create-release:
     name: "📦 Create Release"
-    needs: lint
-    if: startsWith(github.ref, 'refs/tags/v')
     runs-on: ubuntu-24.04-arm
     steps:
       - name: Checkout
@@ -85,7 +31,6 @@ jobs:
   release-linux:
     name: "🐧 Release Linux"
     needs: create-release
-    if: startsWith(github.ref, 'refs/tags/v')
     runs-on: ubuntu-24.04-arm
     steps:
       - name: Checkout
@@ -121,7 +66,6 @@ jobs:
   release-windows:
     name: "🪟 Release Windows"
     needs: create-release
-    if: startsWith(github.ref, 'refs/tags/v')
     runs-on: ubuntu-24.04-arm
     steps:
       - name: Checkout
@@ -157,7 +101,6 @@ jobs:
   release-darwin:
     name: "🍎 Release macOS"
     needs: create-release
-    if: startsWith(github.ref, 'refs/tags/v')
     runs-on: macos-latest
     steps:
       - name: Checkout

.github/workflows/update-contributors.yaml

@@ -3,7 +3,7 @@ name: Update Contributors
 on:
   push:
     branches:
-      - main
+      - dev
 
 jobs:
   contrib-readme-job:
@@ -18,6 +18,6 @@ jobs:
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:
-            auto_detect_branch_protection: true
-            commit_message: "docs(contributor): contrib-readme-action has updated readme"
-            pr_title_on_protected: "docs(contributor): contributors readme action update"
+          auto_detect_branch_protection: true
+          commit_message: "docs(contributor): contrib-readme-action has updated readme"
+          pr_title_on_protected: "docs(contributor): contributors readme action update"

CONTRIBUTING.md

@@ -7,12 +7,14 @@ We welcome contributions from everyone! Here's how you can contribute:
     Start by forking our [vulnerable-target repository](https://github.com/HappyHackingSpace/vulnerable-target).
 
 2. **Create a New Branch**
+    - Always base your work from the `dev` branch, which is the development branch with the latest code.
     - Make your changes
     - If you want to add a new vulnerable target template, please contribute to our separate templates repository: [vt-templates](https://github.com/HappyHackingSpace/vt-templates). You can check the [example template](https://github.com/HappyHackingSpace/vt-templates/blob/main/cves/vt-2024-53995/index.yaml).
     - Test your changes locally before submitting
 
 3. **Submit a Pull Request**
-    - Open a pull request with your changes
+    - Open a pull request targeting the **`dev`** branch
+    - CI will automatically run linting, security scans, and tests on your PR
     - Include a clear description of what your contribution adds
     - Reference any related issues
 

README.md

@@ -25,6 +25,8 @@ Spin up vulnerable targets from your terminal 🎯
 - [Templates](#templates)
 - [What can you do with vt?](#what-can-you-do-with-vt)
 - [Documentation](#documentation)
+- [Star History](#star-history)
+- [Contributors](#contributors)
 - [Community](#community)
 - [License](#license)
 
@@ -91,10 +93,8 @@ vt start --id vt-dvwa
 | `vt template --list --filter <tag>` | Filter templates by tag |
 | `vt template --update` | Update templates from remote repository |
 | `vt start --id <template-id>` | Start a vulnerable environment |
-| `vt start --tags <tag1,tag2>` | Start all templates matching tags |
 | `vt ps` | List running environments |
 | `vt stop --id <template-id>` | Stop an environment |
-| `vt stop --tags <tag1,tag2>` | Stop all templates matching tags |
 | `vt -v debug <command>` | Run with debug verbosity |
 
 </details>
@@ -108,9 +108,6 @@ vt template --list --filter sqli
 # Start DVWA (Damn Vulnerable Web App)
 vt start --id vt-dvwa
 
-# Start all XSS-related labs
-vt start --tags xss
-
 # Check running environments
 vt ps
 
@@ -174,6 +171,63 @@ Templates are automatically cloned to `~/vt-templates` on first run.
 ## Contributors
 
 <!-- readme: collaborators,contributors -start -->
+<table>
+	<tbody>
+		<tr>
+            <td align="center">
+                <a href="https://github.com/recepgunes1">
+                    <img src="https://avatars.githubusercontent.com/u/28866347?v=4" width="100;" alt="recepgunes1"/>
+                    <br />
+                    <sub><b>Recep Gunes</b></sub>
+                </a>
+            </td>
+            <td align="center">
+                <a href="https://github.com/dogancanbakir">
+                    <img src="https://avatars.githubusercontent.com/u/65292895?v=4" width="100;" alt="dogancanbakir"/>
+                    <br />
+                    <sub><b>Dogan Can Bakir</b></sub>
+                </a>
+            </td>
+            <td align="center">
+                <a href="https://github.com/omarkurt">
+                    <img src="https://avatars.githubusercontent.com/u/1712468?v=4" width="100;" alt="omarkurt"/>
+                    <br />
+                    <sub><b>Omar Kurt</b></sub>
+                </a>
+            </td>
+            <td align="center">
+                <a href="https://github.com/ahsentekd">
+                    <img src="https://avatars.githubusercontent.com/u/23294573?v=4" width="100;" alt="ahsentekd"/>
+                    <br />
+                    <sub><b>Ahsen</b></sub>
+                </a>
+            </td>
+            <td align="center">
+                <a href="https://github.com/atiilla">
+                    <img src="https://avatars.githubusercontent.com/u/9992685?v=4" width="100;" alt="atiilla"/>
+                    <br />
+                    <sub><b>Atilla</b></sub>
+                </a>
+            </td>
+            <td align="center">
+                <a href="https://github.com/mirackayikci">
+                    <img src="https://avatars.githubusercontent.com/u/134744464?v=4" width="100;" alt="mirackayikci"/>
+                    <br />
+                    <sub><b>mirackayikci</b></sub>
+                </a>
+            </td>
+		</tr>
+		<tr>
+            <td align="center">
+                <a href="https://github.com/numanturle">
+                    <img src="https://avatars.githubusercontent.com/u/7007951?v=4" width="100;" alt="numanturle"/>
+                    <br />
+                    <sub><b>numan</b></sub>
+                </a>
+            </td>
+		</tr>
+	<tbody>
+</table>
 <!-- readme: collaborators,contributors -end -->
 
 ---
@@ -188,7 +242,7 @@ Templates are automatically cloned to `~/vt-templates` on first run.
 
 ## License
 
-This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.
+This project is licensed under the MIT License - see the [LICENSE.md](./LICENSE.md) file for details.
 
 ---