How To Contribute

Thank you for your interest in contributing to the OpenASC project!

OpenASC is an open-source repository of structured threat and control catalogs. It provides a foundational resource for systematically identifying and mitigating security threats in the automotive domain utilizing classification models like STRIDE and MITRE ATT&CK®. OpenASC is designed to support processes outlined in Clause 15 of ISO/SAE 21434 and the United Nations regulation no.155 for cybersecurity management in road vehicles.

Your contributions help improve the quality and coverage of our catalogs.

Quick Links

• OpenASC GitHub Repository
• GitHub: Contributing to Projects
• GitHub: About Pull Requests
• GitHub: Creating a pull request from a fork

How to Contribute

1. Fork the Repository: Use the Fork button on our GitHub repository to create your own copy.
2. Clone Your Fork:

   git clone https://github.com/<your-username>/OpenASC.git
   cd OpenASC

3. Create a Feature Branch: Name your branch descriptively (e.g., feature/add-new-threat-xyz).

   git checkout -b feature/add-new-threat-xyz

4. Add or Update Entries: Make your changes directly to either threats/threats.json or controls/controls.json, depending on whether you are contributing a threat or a control. Please ensure you are following best practices as explained below.
5. Validate Your Changes: Before submitting, validate your JSON files to ensure they conform to the schemas. You can use built-in scripts, online tools such as JSON Schema Validator, or take advantage of automatic schema validation features available in editors like VS Code.
   Using built-in scripts:

   npm install
   npm run validate:threats
   npm run validate:controls
   npm run validate:all

6. Commit and Push:

   git add threats/threats.json controls/controls.json
   git commit -m "Add new threat or control: XYZ description"
   git push origin feature/add-new-threat-xyz

7. Create a Pull Request: Go to your fork on GitHub and click Compare & pull request. Provide a meaningful title and description, and link to any related issues if applicable.
8. Review Process: The maintainers will review your PR. Please respond to any feedback or requested changes.
9. Merge: Once approved, your changes will be merged into the main repository.

Best Practices

• Atomic Commits: Each pull request should address a single change (e.g., add or update one threat or control).
• Descriptive Commit Messages: Write clear, concise commit messages describing your change.
• Document Complex Entries: If your entry is complex, add documentation or comments.
• Check for Existing Issues/PRs: Before submitting new ones, check if your idea or fix already exists.
• Reference Issues: In your PR description, reference issues your change addresses or closes (e.g., Closes #123).
• Respectful Communication: Keep discussions respectful and constructive.
• Open Issues for Discussion: If unsure, open a GitHub issue first to discuss your idea.

Need Help?

If you have questions or need guidance, open an issue on GitHub or contact us via email at [email protected].

Thank you for helping us build a comprehensive and open TARA threat/control catalog!