all: add license headers and CONTRIBUTING.md

FiloSottile · FiloSottile · commit 087c0613c018 · 2021-04-13T21:05:53.000Z
Change-Id: Icb46b1d9d8f3f1db6066b729e511cbd0ff94f113 Reviewed-on: https://team-review.git.corp.google.com/c/golang/vulndb/+/1054184 Reviewed-by: Filippo Valsorda <valsorda@google.com>
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -0,0 +1,28 @@
+# Contributing to the Go Vulnerability Database
+
+Go is an open source project.
+
+It is the work of hundreds of contributors. We appreciate your help!
+
+## Reporting a vulnerability
+
+To report a new *public* vulnerability,
+[open an issue](https://github.com/golang/vulndb/issues/new),
+send a GitHub PR, or mail a Gerrit CL.
+
+Please read the
+[Contribution Guidelines](https://golang.org/doc/contribute.html)
+before sending patches.
+
+## Contributor License Agreement
+
+Contributions to this project must be accompanied by a Contributor License
+Agreement (CLA). You (or your employer) retain the copyright to your
+contribution; this simply gives us permission to use and redistribute your
+contributions as part of the project. Head over to
+<https://cla.developers.google.com/> to see your current agreements on file or
+to sign a new one.
+
+You generally only need to submit a CLA once, so if you've already submitted one
+(even if it was for a different project), you probably don't need to do it
+again.
diff --git a/README.md b/README.md
@@ -25,12 +25,7 @@ on in a more segmented fashion.
 * `cmd/linter` provides a tool for linting individual reports
 * `cmd/report2cve` provides a tool for converting TOML reports into JSON CVEs
 
-## Contributing
-
-To report a new *public* vulnerability, [open an
-issue](https://github.com/golang/vulndb/issues/new) or send a PR. Please read
-the [Contribution Guidelines](https://golang.org/doc/contribute.html) before
-sending patches.
+## License
 
 Unless otherwise noted, the Go source files are distributed under
 the BSD-style license found in the LICENSE file.
diff --git a/client/cache.go b/client/cache.go
@@ -1,3 +1,7 @@
+// Copyright 2021 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
 package client
 
 import (
diff --git a/client/cache_test.go b/client/cache_test.go
@@ -1,3 +1,7 @@
+// Copyright 2021 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
 package client
 
 import (
diff --git a/client/client.go b/client/client.go
@@ -1,3 +1,7 @@
+// Copyright 2021 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
 package client
 
 import (
diff --git a/client/client_test.go b/client/client_test.go
@@ -1,3 +1,7 @@
+// Copyright 2021 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
 package client
 
 import (
diff --git a/cmd/gendb/main.go b/cmd/gendb/main.go
@@ -1,3 +1,7 @@
+// Copyright 2021 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
 package main
 
 import (
@@ -21,7 +25,7 @@ func fail(why string) {
 }
 
 // TODO: obviously not for the real world
-const dbURL = "https://team.git.corp.google.com/golang/vulndb/+/refs/heads/main/reports/"
+const dbURL = "https://go.googlesource.com/vulndb/+/refs/heads/main/reports/"
 
 func matchesCurrent(path string, new []osv.Entry) bool {
 	var current []osv.Entry
diff --git a/cmd/gendb/main_test.go b/cmd/gendb/main_test.go
diff --git a/cmd/genhtml/main.go b/cmd/genhtml/main.go
@@ -1,3 +1,7 @@
+// Copyright 2021 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
 package main
 
 import (
diff --git a/cmd/linter/main.go b/cmd/linter/main.go
@@ -1,3 +1,7 @@
+// Copyright 2021 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
 package main
 
 import (
diff --git a/cmd/report2cve/main.go b/cmd/report2cve/main.go
@@ -1,3 +1,7 @@
+// Copyright 2021 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
 package main
 
 import (
diff --git a/new-vuln.sh b/new-vuln.sh
@@ -1,4 +1,8 @@
-#!/bin/bash
+#!/usr/bin/env bash
+# Copyright 2021 The Go Authors. All rights reserved.
+# Use of this source code is governed by a BSD-style
+# license that can be found in the LICENSE file.
+
 prev=$(find reports/GO-* | tail -n 1 | sed -n 's/reports\/GO-[0-9]*-\([0-9]*\).toml/\1/p')
 new=$(printf "%04d" $(expr $prev + 1))
 year=$(date +"%Y")
diff --git a/osv/json.go b/osv/json.go
@@ -1,3 +1,7 @@
+// Copyright 2021 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
 package osv
 
 import (
diff --git a/osv/json_test.go b/osv/json_test.go
@@ -1,3 +1,7 @@
+// Copyright 2021 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
 package osv
 
 import (
diff --git a/report/lint.go b/report/lint.go
@@ -1,3 +1,7 @@
+// Copyright 2021 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
 package report
 
 import (
diff --git a/report/report.go b/report/report.go
@@ -1,3 +1,7 @@
+// Copyright 2021 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
 package report
 
 import "time"
