Initial commit

Signed-off-by: Ben <[email protected]>

ADOPTERS.md

@@ -0,0 +1,25 @@
+# Adopters
+
+# Well-known companies
+
+List of well-known companies who are publicly acknowledge using and/or contributing to Kubescape are (in alphabetical order):
+* AWS uses Kubescape in the security training material [link](https://catalog.workshops.aws/containersecurity/en-US/module2)
+* Energi Danmark: Publicly talking about how they use Kubescape in their CI/CD pipeline [link](https://www.armosec.io/energi-danmark-business-support/)
+* Gitpod: Used Kubescape in their SOC2 compliance process [link](https://www.armosec.io/gitpod/)
+* Intel: using Kubescape for security prioritization [video](https://youtu.be/1iCW1KboypY?si=OjmnshWbpFNVPGJT)
+* Orange Business: talking about Kubescape/ARMO service they are doing [video](https://www.youtube.com/watch?v=cbJYCUM8578)
+* Rabobank: talked at KCD Amsterdam about having Kubescape in their technology stack [video](https://youtu.be/oa_YJmjwepI?si=vSrFW6seMKHj2Lze) [image](/docs/img/kcd-amsterdam-rabo.jpg)
+* VMWare/Bitnami: listing Kubescape in their public image/helm repository [link](https://github.com/bitnami/containers/tree/main/bitnami/kubescape)
+
+
+# Users
+
+If you want to be listed here and share with others your experience, open a PR and add the bellow table:
+
+
+| Name | Company | Use case | Contact for questions (optional) |
+| ---- | ------- | -------- | -------------------------------- |
+| Yonathan Amzallag | ARMO | Vulnerability monitoring | [email protected] |
+| Engin Diri | Schwarz IT (SIT) | Ensure continuous compliance for edge k8s cluster | [email protected] |
+| Idan Bidani | Cox Communications | Security analysis for k8s best practices in CI pipelines of 3,000 applications 🔒☸ | [email protected] |
+

CODE_OF_CONDUCT.md

@@ -0,0 +1,5 @@
+# Code of Conduct
+
+The Kubescape project follows the [CNCF Code of Conduct](https://github.com/cncf/foundation/blob/master/code-of-conduct.md).
+
+To summarize beyond CNCF CoC our worldview in this project: be nice regardless of `.*`

COMMUNITY.md

@@ -0,0 +1,31 @@
+# Community
+
+Here are the main ways to be in touch with the Kubescape community.
+
+## Slack
+
+Slack is the best way to get involved or just raise a simple question. We are online in these channels through work hours (sometimes even beyond)
+
+So, [join the CNCF Slack](https://slack.cncf.io/) and then our [users](https://cloud-native.slack.com/archives/C04EY3ZF9GE) or [developers](https://cloud-native.slack.com/archives/C04GY6H082K) channel.
+
+## GitHub issues
+
+We like issues when we need tracking for something, whether it is a bug or a feature request. We might ask you top open an issue for things that were raised in Slack to make sure there is a clear follow-up.
+
+If you open an issue, we might ask you to move it from one project to another, but it is not a big thing. In general, if you don't know which project is relevant, [open an issue here](https://github.com/kubescape/kubescape/issues/new/choose)
+
+## Community meetings
+
+We hold [community meetings](https://zoom.us/j/95174063585) on Zoom, every other week, at 15:00 CET. ([See that in your local time zone](https://time.is/compare/1500_in_CET). :headphones:
+
+You're more than welcome to join!
+
+If you want to add a discussion point to the meeting, please use [this document](https://docs.google.com/document/d/1X_eyhPzJvb4ascVQ2e0jN87LAvq7lTuXT5d4gQxi8us/edit?usp=sharing) to add an item. You can also see here the summary of previous discussions. 🖥️
+
+## Conferences
+
+We are taking an active part in the CNCF community attending, speaking, and organizing Kubecons, KCDs and other meetups .
+
+In Kubecon we always doing a project hour, having a project booth in the pavilon. Follow us to know where to meet us. We are very happy hearing your stories.
+
+Contact us in the Slack for any kind of cooperation you have in mind!

CONTRIBUTING.md

@@ -0,0 +1,103 @@
+# Contributing
+
+First, it is awesome that you are considering contributing to Kubescape! Contributing is important and fun and we welcome your efforts.
+
+When contributing, we categorize contributions into two:
+* Small code changes or fixes, whose scope is limited to documentation, minor fixes, development that involves no more than a file or two
+* Complex features and improvements, with potentially unlimited scope
+
+If you have a small change, feel free to fire up a Pull Request.
+
+When planning a bigger change, please first discuss the change you wish with one of the maintainers and the community. In this case, opening an issue in the most relevant repository and raising the improvement you want to add in Kubescape slack or community meeting is a great start!
+
+Getting a sign-off from a maintainer is important so the maintainers are able to help guide you and let you know if you are going in the right direction. It is always good have a common view with others so we don't need to upset you later if we see the world in another way...
+
+## Community
+
+Read about where to find Kubescape community [here](COMMUNITY.md)
+
+## Code of Conduct
+
+Please follow our [code of conduct](CODE_OF_CONDUCT.md) in all of your interactions within the project.
+
+## Build and test locally
+
+Please follow the [instructions here](https://github.com/kubescape/kubescape/wiki/Building).
+
+## Pull Request Process
+
+1. Ensure any install or build dependencies are removed before the end of the layer when doing a
+   build.
+2. Update the README.md with details of changes to the interface, this includes new environment
+   variables, exposed ports, useful file locations and container parameters.
+3. Open Pull Request to the `master`/`main` branch.
+4. We will merge the Pull Request once you have the sign-off.
+
+## Developer Certificate of Origin
+
+All commits to the project must be "signed off", which states that you agree to the terms of the [Developer Certificate of Origin](https://developercertificate.org/).  This is done by adding a "Signed-off-by:" line in the commit message, with your name and email address.
+
+Commits made through the GitHub web application are automatically signed off.
+
+### Configuring Git to sign off commits
+
+First, configure your name and email address in Git global settings:
+
+```
+$ git config --global user.name "John Doe"
+$ git config --global user.email [email protected]
+```
+
+You can now sign off per-commit, or configure Git to always sign off commits per repository.
+
+### Sign off per-commit
+
+Add [`-s`](https://git-scm.com/docs/git-commit#Documentation/git-commit.txt--s) to your Git command line. For example:
+
+```git commit -s -m "Fix issue 64738"```
+
+This is tedious, and if you forget, you'll have to [amend your commit](#fixing-a-commit-where-the-dco-failed).
+
+### Configure a repository to always include sign off
+
+There are many ways to achieve this with Git hooks, but the simplest is to do the following:
+
+```
+cd your-repo
+curl -Ls https://gist.githubusercontent.com/dixudx/7d7edea35b4d91e1a2a8fbf41d0954fa/raw/prepare-commit-msg -o .git/hooks/prepare-commit-msg
+chmod +x .git/hooks/prepare-commit-msg
+```
+
+### Use semantic commit messages (optional)
+
+When contributing, you could consider using [conventional commits](https://www.conventionalcommits.org/en/v1.0.0/), in order to improve logs readability and help us to automatically generate `CHANGELOG`s.
+
+Format: `<type>(<scope>): <subject>`
+
+`<scope>` is optional
+
+#### Example
+
+```
+feat(cmd): add kubectl plugin
+^--^ ^-^   ^----------------^
+|    |     |
+|    |     +-> subject: summary in present tense.
+|    |
+|    +-------> scope: point of interest
+|
++-------> type: chore, docs, feat, fix, refactor, style, or test.
+```
+
+More Examples:
+* `feat`: new feature for the user, not a new feature for build script
+* `fix`: bug fix for the user, not a fix to a build script
+* `docs`: changes to the documentation
+* `style`: formatting, missing semi colons, etc; no production code change
+* `refactor`: refactoring production code, eg. renaming a variable
+* `test`: adding missing tests, refactoring tests; no production code change
+* `chore`: updating grunt tasks etc; no production code change
+
+## Fixing a commit where the DCO failed
+
+Check out [this guide](https://github.com/src-d/guide/blob/master/developer-community/fix-DCO.md).

GOVERNANCE.md

@@ -0,0 +1,69 @@
+# Governance of Kubescape
+
+## Overview
+
+The Kubescape project is an open-source initiative dedicated to improve security and best practices in Kubernetes environments. This document outlines the governance structure of the Kubescape project and provides guidance for its community contributors.
+
+## Code of Conduct
+
+Please follow our [code of conduct](CODE_OF_CONDUCT.md) in all of your interactions within the project.
+
+## Decision Making
+
+### Maintainers
+
+- Maintainers are responsible for the smooth operation of the project.
+- They review and merge pull requests, manage releases, and ensure the quality and stability of the codebase.
+- Maintainers are chosen based on their ongoing contributions and their demonstrated commitment to the project.
+- Everyone who had at least 5 code contribution in the last 12 month can submit her/himself for joining the maintainer team
+- Maintainers who have not taken part in the project work (code, reviews, discussions) for 12 month are automaticaly removed from the maintainer team
+
+
+### Committers
+
+- Committers are contributors who have made significant and consistent contributions to the project.
+- They have the ability to merge minor pull requests if assigned by maintainers.
+- A contributor can be proposed as a committer by any existing maintainer. The proposal will be reviewed and voted on by the existing maintainers.
+
+### Community Members
+
+- Anyone can become a community member by contributing to the project. This can be in the form of code contributions, documentation, or any other form of project support.
+
+## Processes
+
+### Proposing Changes
+
+1. Open an issue on the project repository to discuss the proposed change.
+2. Once there is consensus around the proposed change, create a pull request.
+3. Pull requests will be reviewed by committers and/or maintainers.
+4. Once the pull request has received approval, it can be merged into the main codebase.
+
+### Conflict Resolution
+
+1. In case of any conflicts, it is primarily the responsibility of the parties involved to resolve it.
+2. If the conflict cannot be resolved, it will be escalated to the maintainers for resolution.
+3. Maintainers' decision will be final in case of unresolved conflicts.
+
+## Roles and Responsibilities
+
+### Maintainers
+
+- Ensure the quality and stability of the project.
+- Resolve conflicts.
+- Provide direction and set priorities for the project.
+
+### Committers
+
+- Review and merge minor pull requests.
+- Assist maintainers in project tasks.
+- Promote best practices within the community.
+
+### Community Members
+
+- Contribute to the project in any form.
+- Participate in discussions and provide feedback.
+- Respect the code of conduct and governance of the project.
+
+## Changes to the Governance Document
+
+Proposed changes to this governance document should follow the same process as any other code change to the Kubescape project (see "Proposing Changes").

MAINTAINERS.md

@@ -0,0 +1,17 @@
+# Maintainers
+
+The following table lists the Kubescape project core maintainers:
+
+| Name | GitHub | Organization | Added/Renewed On |
+| --- | --- | --- | --- |
+| [Matthias Bertschy](https://www.linkedin.com/in/matthias-bertschy-b427b815/) | [@matthyx](https://github.com/matthyx) | [ARMO](https://www.armosec.io/) | 2024-01-01 |
+| [Craig Box](https://www.linkedin.com/in/crbnz/) | [@craigbox](https://github.com/craigbox) | [Solo.io](https://www.solo.io/) | 2024-10-31 |
+| [Ben Hirschberg](https://www.linkedin.com/in/benyamin-ben-hirschberg-66141890) | [@slashben](https://github.com/slashben) | [ARMO](https://www.armosec.io/) | 2024-09-01 |
+| [Rotem Refael](https://www.linkedin.com/in/rotem-refael) | [@rotemamsa](https://github.com/rotemamsa) | [ARMO](https://www.armosec.io/) | 2024-10-11 |
+| [David Wertenteil](https://www.linkedin.com/in/david-wertenteil-0ba277b9) | [@dwertent](https://github.com/dwertent) | [Kaleido](https://www.kaleido.io/) | 2023-09-01 |
+
+The following table lists the Kubescape project commiters:
+| Name | GitHub | Organization | Added/Renewed On |
+| --- | --- | --- | --- |
+| [Amir Malka](https://www.linkedin.com/in/matthias-bertschy-b427b815/) | [@amirmalka](https://github.com/amirmalka) | [ARMO](https://www.armosec.io/) | 2024-01-01 |
+| [Amit Schendel](https://www.linkedin.com/in/matthias-bertschy-b427b815/) | [@amitschendel](https://github.com/amitschendel) | [ARMO](https://www.armosec.io/) | 2024-01-01 |

README.md

@@ -1,2 +1,48 @@
-# project-governance
-Repository serving as the central project governance documentation directory for the Kubescape project
+[![GitHub](https://img.shields.io/github/license/kubescape/kubescape)](https://github.com/kubescape/kubescape/blob/master/LICENSE)
+[![CNCF](https://shields.io/badge/CNCF-Sandbox%20project-blue?logo=linux-foundation&style=flat)](https://landscape.cncf.io/card-mode?project=sandbox&selected=kubescape)
+[![Stars](https://img.shields.io/github/stars/kubescape/kubescape?style=social)](https://github.com/kubescape/kubescape/stargazers)
+[![Twitter Follow](https://img.shields.io/twitter/follow/kubescape?style=social)](https://twitter.com/kubescape)
+[![Slack](https://img.shields.io/badge/slack-kubescape-blueviolet?logo=slack)](https://cloud-native.slack.com/archives/C04EY3ZF9GE)
+
+# Kubescape project documentation
+
+<picture>
+  <source media="(prefers-color-scheme: dark)" srcset="https://raw.githubusercontent.com/cncf/artwork/master/projects/kubescape/stacked/white/kubescape-stacked-white.svg" width="150">
+  <source media="(prefers-color-scheme: light)" srcset="https://raw.githubusercontent.com/cncf/artwork/master/projects/kubescape/stacked/color/kubescape-stacked-color.svg" width="150">
+  <img alt="Kubescape logo" align="right" src="https://raw.githubusercontent.com/cncf/artwork/master/projects/kubescape/stacked/color/kubescape-stacked-color.svg" width="150">
+</picture>
+
+## Adoption
+
+See here a list of official adopters [here](ADOPTERS.md), if you have a use case to solve with Kubescape I suggest you looking into the use-case documentation at [kubescape.io](https://kubescape.io)
+
+## Getting involved in the project
+
+* [Community](COMMUNITY.md)
+* [Contributing](CONTRIBUTING.md)
+* [Code of Cunduct](CODE_OF_CONDUCT.md)
+
+## Governance
+
+* [Governance](GOVERNANCE.md)
+* [Maintainers](MAINTAINERS.md)
+* [Licence](LICENSE)
+
+
+## Wall of fame
+
+All those who made this happen 😄
+
+<a href = "https://github.com/kubescape/kubescape/graphs/contributors">
+  <img src = "https://contrib.rocks/image?repo=kubescape/kubescape"/>
+</a>
+
+## License
+
+Copyright 2021-2024, the Kubescape Authors. All rights reserved. Kubescape is released under the Apache 2.0 license. See the [LICENSE](LICENSE) file for details.
+
+Kubescape is a [Cloud Native Computing Foundation (CNCF) sandbox project](https://www.cncf.io/sandbox-projects/) and was contributed by [ARMO](https://www.armosec.io/?utm_source=github&utm_medium=repository).
+
+<div align="center">
+    <img src="https://raw.githubusercontent.com/cncf/artwork/master/other/cncf-sandbox/horizontal/color/cncf-sandbox-horizontal-color.svg" width="300" alt="CNCF Sandbox Project">
+</div>

SECURITY.md

@@ -0,0 +1,7 @@
+# Reporting Security Issues
+
+To report a security issue or vulnerability, submit a [private vulnerability report via GitHub](https://github.com/kubescape/kubescape/security/advisories/new) to the repository maintainers with a description of the issue, the steps you took to create the issue, affected versions, and, if known, mitigations for the issue.
+
+The maintainers will respond within 7 working days of your report. If the issue is confirmed as a vulnerability, we will open a Security Advisory and acknowledge your contributions as part of it. This project follows a 90 day disclosure timeline.
+
+Other contacts: [email protected]