# How to contribute One of the easiest ways to contribute is to participate in discussions and discuss issues. You can also contribute by submitting pull requests with code changes. ## General feedback and discussions? Please start a discussion on the [Issue tracker](https://github.com/aspnet/AspNetSessionState/issues). ## Bugs and feature requests? For non-security related bugs please log a new issue according to the [Functional bug template](https://github.com/aspnet/AspNetSessionState/wiki/Functional-bug-template). ## Reporting security issues and bugs Security issues and bugs should be reported privately, via email, to the Microsoft Security Response Center (MSRC) secure@microsoft.com. You should receive a response within 24 hours. If for some reason you do not, please follow up via email to ensure we received your original message. Further information, including the MSRC PGP key, can be found in the [Security TechCenter](https://technet.microsoft.com/en-us/security/ff852094.aspx). ## Contributing code and content **Obtaining the source code** If you are an outside contributer, please fork the repository. See the GitHub documentation for [forking a repo](https://help.github.com/articles/fork-a-repo/) if you have any questions about this. **Submitting a pull request** You will need to sign a [Contributor License Agreement](https://cla.opensource.microsoft.com//) when submitting your pull request. To complete the Contributor License Agreement (CLA), you will need to follow the instructions provided by the CLA bot when you send the pull request. This needs to only be done once for any Microsoft OSS project. If you don't know what a pull request is read this article: https://help.github.com/articles/using-pull-requests. Make sure the respository can build and all tests pass. **Commit/Pull Request Format** ``` Summary of the changes (Less than 80 chars) - Detail 1 - Detail 2 Addresses #bugnumber (in this specific format) ``` **Tests** - Tests need to be provided for every bug/feature that is completed. - Tests only need to be present for issues that need to be verified by QA (e.g. not tasks) - If there is a scenario that is far too hard to test there does not need to be a test for it. - "Too hard" is determined by the team as a whole. **Feedback** Your pull request will now go through extensive checks by the subject matter experts on our team. Please be patient; we have hundreds of pull requests across all of our repositories. Update your pull request according to feedback until it is approved by one of the ASP.NET team members. After that, one of our team members will add the pull request to **dev**.