Contributing to a Project

1: Discussing Ideas
2: Reporting Issues or Bugs
3: Submitting a Contribution

We thank you in advance for contributing to our Open Source Community!

Contributions come is all shapes and sizes - and we welcome them all. We ask that for the benefit of the wider community the following guidelines are followed depending on the contribution you wish to make.

💡Want to discuss an idea?
Read our guide on discussions and ideas here.
🪲 Want to report a bug or issue?
Read our guide on issue reporting here.
🧑‍💻 Want to contribute a change?
Read our guide on sumitting contributions here.

If you believe you have discovered a Security Issue please disclose it responsibly by following our Responsible Disclosure Process for active projects.

1 - Discussing Ideas

Ideas are great! 💡 We welcome input from any project users.

If you want to raise one, or join the discussion, we recommend all projects use GitHub Discussions.

Please make sure you follow our Code of Conduct at all times.

2 - Reporting Issues or Bugs

While many of these open source efforts are supported by contributors from Sonatype, these Open Source Projects are not officially supported through Sonatype’s commercial support channels.

Please review the latest pull requests, issues, and commits to understand a projects readiness for contribution and use.

DO file suggestions and requests on the project in question using GitHub Issues, so that the community can pitch in and maintainers can easily find your input.

DO use or contribute to a Sonatype Open Source Project according to your organization’s policies and your own risk tolerance.

DON’T file Sonatype support tickets related to a Sonatype Open Source Project — it won’t reach the right people that way.

Last but not least of all: Have fun!

Important!

If you believe you have discovered a Security Issue in an active project, please disclose it responsibly by following our Responsible Disclosure Process.

3 - Submitting a Contribution

We welcome contributions via Pull Requests to our Community Projects.

Please ensure they meet these guidelines:

Has a clear and singular purpose
It is backed by one or more GitHub Issues in the project
Has appropriate test coverage for the Pull Requests purpose (if you add or modify functionality, make sure you add tests for this!)
Meet the Projects Code Style Convention and Contribution Guidelines (see CONTRIBUTING.md in the specific Project)

If you haven’t yet, please review the requirements for contributors.

Contributions that don’t meet the above requirements unfortunately cannot be accepted.

Contribution Requirements

Signed Commits

In order to help verify the authenticity of contributed code, we ask that your commits be signed. All commits must be signed off to show that you agree to publish your changes under the current terms and licenses of the project.

Here are some notes we found helpful in configuring a local environment to automatically sign git commits: - GPG commit signature verification - Telling Git about your GPG key