all: add license headers and CONTRIBUTING.md
Change-Id: Icb46b1d9d8f3f1db6066b729e511cbd0ff94f113
Reviewed-on: https://team-review.git.corp.google.com/c/golang/vulndb/+/1054184
Reviewed-by: Filippo Valsorda <valsorda@google.com>
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
new file mode 100644
index 0000000..7185d89
--- /dev/null
+++ b/CONTRIBUTING.md
@@ -0,0 +1,28 @@
+# Contributing to the Go Vulnerability Database
+
+Go is an open source project.
+
+It is the work of hundreds of contributors. We appreciate your help!
+
+## Reporting a vulnerability
+
+To report a new *public* vulnerability,
+[open an issue](https://github.com/golang/vulndb/issues/new),
+send a GitHub PR, or mail a Gerrit CL.
+
+Please read the
+[Contribution Guidelines](https://golang.org/doc/contribute.html)
+before sending patches.
+
+## Contributor License Agreement
+
+Contributions to this project must be accompanied by a Contributor License
+Agreement (CLA). You (or your employer) retain the copyright to your
+contribution; this simply gives us permission to use and redistribute your
+contributions as part of the project. Head over to
+<https://cla.developers.google.com/> to see your current agreements on file or
+to sign a new one.
+
+You generally only need to submit a CLA once, so if you've already submitted one
+(even if it was for a different project), you probably don't need to do it
+again.
diff --git a/README.md b/README.md
index cc21e52..81fd419 100644
--- a/README.md
+++ b/README.md
@@ -25,12 +25,7 @@
* `cmd/linter` provides a tool for linting individual reports
* `cmd/report2cve` provides a tool for converting TOML reports into JSON CVEs
-## Contributing
-
-To report a new *public* vulnerability, [open an
-issue](https://github.com/golang/vulndb/issues/new) or send a PR. Please read
-the [Contribution Guidelines](https://golang.org/doc/contribute.html) before
-sending patches.
+## License
Unless otherwise noted, the Go source files are distributed under
the BSD-style license found in the LICENSE file.
diff --git a/client/cache.go b/client/cache.go
index dd5c3bb..880e08a 100644
--- a/client/cache.go
+++ b/client/cache.go
@@ -1,3 +1,7 @@
+// Copyright 2021 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
package client
import (
diff --git a/client/cache_test.go b/client/cache_test.go
index 9c474fe..70047f7 100644
--- a/client/cache_test.go
+++ b/client/cache_test.go
@@ -1,3 +1,7 @@
+// Copyright 2021 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
package client
import (
diff --git a/client/client.go b/client/client.go
index a2d939b..69a6570 100644
--- a/client/client.go
+++ b/client/client.go
@@ -1,3 +1,7 @@
+// Copyright 2021 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
package client
import (
diff --git a/client/client_test.go b/client/client_test.go
index 04b1fda..b256bdf 100644
--- a/client/client_test.go
+++ b/client/client_test.go
@@ -1,3 +1,7 @@
+// Copyright 2021 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
package client
import (
diff --git a/cmd/gendb/main.go b/cmd/gendb/main.go
index b024817..17bddf2 100644
--- a/cmd/gendb/main.go
+++ b/cmd/gendb/main.go
@@ -1,3 +1,7 @@
+// Copyright 2021 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
package main
import (
@@ -21,7 +25,7 @@
}
// TODO: obviously not for the real world
-const dbURL = "https://team.git.corp.google.com/golang/vulndb/+/refs/heads/main/reports/"
+const dbURL = "https://go.googlesource.com/vulndb/+/refs/heads/main/reports/"
func matchesCurrent(path string, new []osv.Entry) bool {
var current []osv.Entry
diff --git a/cmd/gendb/main_test.go b/cmd/gendb/main_test.go
deleted file mode 100644
index 06ab7d0..0000000
--- a/cmd/gendb/main_test.go
+++ /dev/null
@@ -1 +0,0 @@
-package main
diff --git a/cmd/genhtml/main.go b/cmd/genhtml/main.go
index 3c8f9aa..6fac8cf 100644
--- a/cmd/genhtml/main.go
+++ b/cmd/genhtml/main.go
@@ -1,3 +1,7 @@
+// Copyright 2021 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
package main
import (
diff --git a/cmd/linter/main.go b/cmd/linter/main.go
index f893e70..9982c0b 100644
--- a/cmd/linter/main.go
+++ b/cmd/linter/main.go
@@ -1,3 +1,7 @@
+// Copyright 2021 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
package main
import (
diff --git a/cmd/report2cve/main.go b/cmd/report2cve/main.go
index 3eca63c..7ae09e4 100644
--- a/cmd/report2cve/main.go
+++ b/cmd/report2cve/main.go
@@ -1,3 +1,7 @@
+// Copyright 2021 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
package main
import (
diff --git a/new-vuln.sh b/new-vuln.sh
index 4cd8c7d..f151607 100644
--- a/new-vuln.sh
+++ b/new-vuln.sh
@@ -1,4 +1,8 @@
-#!/bin/bash
+#!/usr/bin/env bash
+# Copyright 2021 The Go Authors. All rights reserved.
+# Use of this source code is governed by a BSD-style
+# license that can be found in the LICENSE file.
+
prev=$(find reports/GO-* | tail -n 1 | sed -n 's/reports\/GO-[0-9]*-\([0-9]*\).toml/\1/p')
new=$(printf "%04d" $(expr $prev + 1))
year=$(date +"%Y")
diff --git a/osv/json.go b/osv/json.go
index 19c249c..f0179ce 100644
--- a/osv/json.go
+++ b/osv/json.go
@@ -1,3 +1,7 @@
+// Copyright 2021 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
package osv
import (
diff --git a/osv/json_test.go b/osv/json_test.go
index 18cd2bf..7af05f9 100644
--- a/osv/json_test.go
+++ b/osv/json_test.go
@@ -1,3 +1,7 @@
+// Copyright 2021 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
package osv
import (
diff --git a/report/lint.go b/report/lint.go
index 9e86ee8..b03981a 100644
--- a/report/lint.go
+++ b/report/lint.go
@@ -1,3 +1,7 @@
+// Copyright 2021 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
package report
import (
diff --git a/report/report.go b/report/report.go
index 2b94a85..0609a1f 100644
--- a/report/report.go
+++ b/report/report.go
@@ -1,3 +1,7 @@
+// Copyright 2021 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
package report
import "time"
