1# Contributing to CAP 2 3Thank you for contributing to CAP! Here you can find common questions around 4reporting issues and opening pull requests to our project. 5 6## Issue Reporting 7### Reporting Security Related Vulnerabilities 8 9We take CAP's security and our users' trust very seriously. If you believe you 10have found a security issue in CAP, please responsibly disclose by contacting us 11at security@hashicorp.com. Do not open an issue on our GitHub issue tracker if 12you believe you've found a security related issue, thank you! 13 14### Bug Fixes 15 16If you believe you found a bug with CAP, please: 17 181. Build from the latest `main` HEAD commit to attempt to reproduce the issue. 19 It's possible we've already fixed the bug, and this is a first good step to 20 ensuring that's not the case. 211. Ensure a similar ticket is not already opened by searching our opened issues 22 on GitHub. 23 24 25Once you've verified the above, feel free to open a bug fix issue template type 26from our [issue selector](https://github.com/hashicorp/cap/issues/new/choose) 27and we'll do our best to triage it as quickly as possible. 28 29## Pull Requests 30 31### New Features & Improvements 32 33Before writing a line of code, please ask us about a potential improvement or 34feature that you want to write into CAP. We may already be working on it; 35even if we aren't, we need to ensure that both the feature and its proposed 36implementation is aligned with our road map, vision, and standards for the 37project. We're happy to help walk through that via a [feature request 38issue](https://github.com/hashicorp/cap/issues/new/choose). 39 40### Submitting a New Pull Request 41 42When submitting a pull request, please ensure: 43 441. You've added a changelog line clearly describing the new addition under the 45 correct changelog sub-section. 461. You've followed the above guidelines for contributing to CAP. 47 48Once you open your PR, please allow us a couple of days to comment, request 49changes, or approve your PR. Once a PR is created, please do not rebase your PR 50branch, since rebasing would make it more difficult to review requested PR 51changes. Accepted PR commits will be squashed into a single commit when 52they are merged. 53 54Thank you for your contribution! 55 56## Changelog 57 58The changelog is updated by PR contributors. Each contribution to CAP should 59include a changelog update at the contributor or reviewer discretion. The 60changelog should be updated when the contribution is large enough to warrant it 61being called out in the larger release cycle. Enhancements, bug fixes, and other 62contributions that practitioners might want to be aware of should exist in the 63changelog. 64 65When contributing to the changelog, follow existing patterns for referencing 66PR's, issues or other ancillary context. 67 68The changelog is broken down into sections: 69 70### Next 71 72The current release cycle. New contributions slated for the next release should 73go under this heading. If the contribution is being backported, the inclusion of 74the feature in the appropriate release during the backport process is handled 75on an as-needed basis. 76 77### New and Improved 78 79Any enhancements, new features, etc fall into this section. 80 81### Bug Fixes 82 83Any bug fixes fall into this section. 84 85****