all: add license headers and CONTRIBUTING.md

Change-Id: Icb46b1d9d8f3f1db6066b729e511cbd0ff94f113 Reviewed-on: https://team-review.git.corp.google.com/c/golang/vulndb/+/1054184 Reviewed-by: Filippo Valsorda <valsorda@google.com>
2021-04-13 22:58:27 +02:00 · 2021-04-13 22:58:27 +02:00 · 087c0613c0
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@ -0,0 +1,28 @@
+# Contributing to the Go Vulnerability Database
+
+Go is an open source project.
+
+It is the work of hundreds of contributors. We appreciate your help!
+
+## Reporting a vulnerability
+
+To report a new *public* vulnerability,
+[open an issue](https://github.com/golang/vulndb/issues/new),
+send a GitHub PR, or mail a Gerrit CL.
+
+Please read the
+[Contribution Guidelines](https://golang.org/doc/contribute.html)
+before sending patches.
+
+## Contributor License Agreement
+
+Contributions to this project must be accompanied by a Contributor License
+Agreement (CLA). You (or your employer) retain the copyright to your
+contribution; this simply gives us permission to use and redistribute your
+contributions as part of the project. Head over to
+<https://cla.developers.google.com/> to see your current agreements on file or
+to sign a new one.
+
+You generally only need to submit a CLA once, so if you've already submitted one
+(even if it was for a different project), you probably don't need to do it
+again.
--- a/README.md
+++ b/README.md
@ -25,12 +25,7 @@ on in a more segmented fashion.
 * `cmd/linter` provides a tool for linting individual reports
 * `cmd/report2cve` provides a tool for converting TOML reports into JSON CVEs

-## Contributing
-
-To report a new *public* vulnerability, [open an
-issue](https://github.com/golang/vulndb/issues/new) or send a PR. Please read
-the [Contribution Guidelines](https://golang.org/doc/contribute.html) before
-sending patches.
+## License

 Unless otherwise noted, the Go source files are distributed under
 the BSD-style license found in the LICENSE file.
--- a/client/cache.go
+++ b/client/cache.go
@ -1,3 +1,7 @@
+// Copyright 2021 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
 package client

 import (
--- a/client/cache_test.go
+++ b/client/cache_test.go
@ -1,3 +1,7 @@
+// Copyright 2021 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
 package client

 import (
--- a/client/client.go
+++ b/client/client.go
@ -1,3 +1,7 @@
+// Copyright 2021 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
 package client

 import (
--- a/client/client_test.go
+++ b/client/client_test.go
@ -1,3 +1,7 @@
+// Copyright 2021 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
 package client

 import (
--- a/cmd/gendb/main.go
+++ b/cmd/gendb/main.go
@ -1,3 +1,7 @@
+// Copyright 2021 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
 package main

 import (
@ -21,7 +25,7 @@ func fail(why string) {
 }

 // TODO: obviously not for the real world
-const dbURL = "https://team.git.corp.google.com/golang/vulndb/+/refs/heads/main/reports/"
+const dbURL = "https://go.googlesource.com/vulndb/+/refs/heads/main/reports/"

 func matchesCurrent(path string, new []osv.Entry) bool {
 	var current []osv.Entry
--- a/cmd/gendb/main_test.go
+++ b/cmd/gendb/main_test.go
@ -1 +0,0 @@
-package main
--- a/cmd/genhtml/main.go
+++ b/cmd/genhtml/main.go
@ -1,3 +1,7 @@
+// Copyright 2021 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
 package main

 import (
--- a/cmd/linter/main.go
+++ b/cmd/linter/main.go
@ -1,3 +1,7 @@
+// Copyright 2021 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
 package main

 import (
--- a/cmd/report2cve/main.go
+++ b/cmd/report2cve/main.go
@ -1,3 +1,7 @@
+// Copyright 2021 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
 package main

 import (
--- a/new-vuln.sh
+++ b/new-vuln.sh
@ -1,4 +1,8 @@
-#!/bin/bash
+#!/usr/bin/env bash
+# Copyright 2021 The Go Authors. All rights reserved.
+# Use of this source code is governed by a BSD-style
+# license that can be found in the LICENSE file.
+
 prev=$(find reports/GO-* | tail -n 1 | sed -n 's/reports\/GO-[0-9]*-\([0-9]*\).toml/\1/p')
 new=$(printf "%04d" $(expr $prev + 1))
 year=$(date +"%Y")
--- a/osv/json.go
+++ b/osv/json.go
@ -1,3 +1,7 @@
+// Copyright 2021 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
 package osv

 import (
--- a/osv/json_test.go
+++ b/osv/json_test.go
@ -1,3 +1,7 @@
+// Copyright 2021 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
 package osv

 import (
--- a/report/lint.go
+++ b/report/lint.go
@ -1,3 +1,7 @@
+// Copyright 2021 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
 package report

 import (
--- a/report/report.go
+++ b/report/report.go
@ -1,3 +1,7 @@
+// Copyright 2021 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
 package report

 import "time"