Thanks for your interest in contributing! 🎉
- Fork and clone the repo
- Create a branch:
git checkout -b feature/your-feature - Make your changes and test them
- Commit:
git commit -m "Add feature: description" - Push and open a PR
Run tests before submitting:
cd tests
./test-security.sh
./test-exploits.shCode:
- Follow existing patterns
- Use clear variable names
- Add comments for complex logic
Commits:
- ✅ "Add timeout parameter"
- ✅ "Fix: Prevent secret leakage"
- ❌ "WIP" or "Update stuff"
PRs:
- Describe what and why
- Include test evidence
- Update docs if needed
- Be responsive to feedback
This repo uses the docker-agent AI reviewer on pull requests. How a review is triggered depends on who opened the PR:
- Org members: request a review from
docker-agentin the PR sidebar (Reviewers → adddocker-agent). The review starts automatically once requested. - External / fork contributors: the same request step applies, but GitHub gates Actions on these PRs, so an org member must also approve the workflow run first:
- Approve the workflow run. GitHub holds workflows on PRs from first-time and external contributors until a maintainer clicks Approve and run workflows.
- Request the review. In the PR sidebar, under Reviewers, add
docker-agent. The review starts and appears as a check run.
No special commands or workflow inputs are needed, and an external contributor cannot trigger a review of their own PR. The deprecated /review comment still works, but requesting docker-agent as a reviewer is the supported path. See the PR Review documentation for the full flow.
Do not open public issues for vulnerabilities. Contact maintainers privately first.
- Security enhancements
- Documentation improvements
- Bug fixes
- New features (discuss first!)
Look for good first issue labels to get started.
By contributing, you agree your contributions will be licensed under the Apache License 2.0.