# Contributing to FuzzForge ๐Ÿค Thank you for your interest in contributing to FuzzForge! We welcome contributions from the community and are excited to collaborate with you. ## ๐ŸŒŸ Ways to Contribute - ๐Ÿ› **Bug Reports** - Help us identify and fix issues - ๐Ÿ’ก **Feature Requests** - Suggest new capabilities and improvements - ๐Ÿ”ง **Code Contributions** - Submit bug fixes, features, and enhancements - ๐Ÿ“š **Documentation** - Improve guides, tutorials, and API documentation - ๐Ÿงช **Testing** - Help test new features and report issues - ๐Ÿ›ก๏ธ **Security Workflows** - Contribute new security analysis workflows ## ๐Ÿ“‹ Contribution Guidelines ### Code Style - Follow [PEP 8](https://pep8.org/) for Python code - Use type hints where applicable - Write clear, descriptive commit messages - Include docstrings for all public functions and classes - Add tests for new functionality ### Commit Message Format We use conventional commits for clear history: ``` (): [optional body] [optional footer] ``` **Types:** - `feat:` New feature - `fix:` Bug fix - `docs:` Documentation changes - `style:` Code formatting (no logic changes) - `refactor:` Code restructuring without changing functionality - `test:` Adding or updating tests - `chore:` Maintenance tasks **Examples:** ``` feat(workflows): add new static analysis workflow for Go fix(api): resolve authentication timeout issue docs(readme): update installation instructions ``` ### Pull Request Process 1. **Create a Branch** ```bash git checkout -b feature/your-feature-name # or git checkout -b fix/issue-description ``` 2. **Make Your Changes** - Write clean, well-documented code - Add tests for new functionality - Update documentation as needed 3. **Test Your Changes** ```bash # Test workflows cd test_projects/vulnerable_app/ ff workflow security_assessment . ``` 4. **Submit Pull Request** - Use a clear, descriptive title - Provide detailed description of changes - Link related issues using `Fixes #123` or `Closes #123` - Ensure all CI checks pass ## ๐Ÿ›ก๏ธ Security Workflow Development ### Creating New Workflows 1. **Workflow Structure** ``` backend/toolbox/workflows/your_workflow/ โ”œโ”€โ”€ __init__.py โ”œโ”€โ”€ workflow.py # Main Prefect flow โ”œโ”€โ”€ metadata.yaml # Workflow metadata โ””โ”€โ”€ Dockerfile # Container definition ``` 2. **Register Your Workflow** Add your workflow to `backend/toolbox/workflows/registry.py`: ```python # Import your workflow from .your_workflow.workflow import main_flow as your_workflow_flow # Add to registry WORKFLOW_REGISTRY["your_workflow"] = { "flow": your_workflow_flow, "module_path": "toolbox.workflows.your_workflow.workflow", "function_name": "main_flow", "description": "Description of your workflow", "version": "1.0.0", "author": "Your Name", "tags": ["tag1", "tag2"] } ``` 3. **Testing Workflows** - Create test cases in `test_projects/vulnerable_app/` - Ensure SARIF output format compliance - Test with various input scenarios ### Security Guidelines - ๐Ÿ” Never commit secrets, API keys, or credentials - ๐Ÿ›ก๏ธ Focus on **defensive security** tools and analysis - โš ๏ธ Do not create tools for malicious purposes - ๐Ÿงช Test workflows thoroughly before submission - ๐Ÿ“‹ Follow responsible disclosure for security issues ## ๐Ÿ› Bug Reports When reporting bugs, please include: - **Environment**: OS, Python version, Docker version - **Steps to Reproduce**: Clear steps to recreate the issue - **Expected Behavior**: What should happen - **Actual Behavior**: What actually happens - **Logs**: Relevant error messages and stack traces - **Screenshots**: If applicable Use our [Bug Report Template](.github/ISSUE_TEMPLATE/bug_report.md). ## ๐Ÿ’ก Feature Requests For new features, please provide: - **Use Case**: Why is this feature needed? - **Proposed Solution**: How should it work? - **Alternatives**: Other approaches considered - **Implementation**: Technical considerations (optional) Use our [Feature Request Template](.github/ISSUE_TEMPLATE/feature_request.md). ## ๐Ÿ“š Documentation Help improve our documentation: - **API Documentation**: Update docstrings and type hints - **User Guides**: Create tutorials and how-to guides - **Workflow Documentation**: Document new security workflows - **Examples**: Add practical usage examples ## ๐Ÿ™ Recognition Contributors will be: - Listed in our [Contributors](CONTRIBUTORS.md) file - Mentioned in release notes for significant contributions - Invited to join our Discord community - Eligible for FuzzingLabs Academy courses and swag ## ๐Ÿ“œ License By contributing to FuzzForge, you agree that your contributions will be licensed under the same [Business Source License 1.1](LICENSE) as the project. --- **Thank you for making FuzzForge better! ๐Ÿš€** Every contribution, no matter how small, helps build a stronger security community.