Bugcrowd welcomes community feedback and direct contributions to the Bugcrowd VRT Ruby Wrapper. We accept comments for public discussion via GitHub Issues.
Please open your feedback as an Issue and label it as either a bug or an enhancement. Large or systemic changes should first be discussed in an Issue rather than be submitted as a pull request directly.
Prior to opening a pull request please ensure your suggested changes pass specs. The repository uses rspec for spec running, run it with bundle install && bundle exec rspec.
When a new version of the VRT is released, we follow these steps:
- Add new submodule of the new version tag
git submodule add [email protected]:bugcrowd/vulnerability-rating-taxonomy.git lib/data/X.Xcd lib/data/X.Xgit checkout vX.X
- Release a new version of the gem (see below)
- Update dependent applications
bundle update vrt
- Merge all PRs targeted for inclusion in the release (without touching
version.rb) - Bump the version in
version.rb - Update CHANGELOG with new version
- Commit the version bump
git commit -m [tag name](wheretag nameis something likev0.8.0) - Tag the commit
git tag [tag name](wheretag nameis something likev0.8.0) - Push the tag and the commit
git push origin master --tag - Run
rake release
If you need access to push the gem, create an account on rubygems (if you don't have one already) and then ask one of the existing owners to run gem owner vrt --add <your-rubygems-email>