prep for public (#5)

* prep for public

* add trivy yaml

* trivy debug

* executor change

Author: dwanderson-intel

Diff for: .circleci/config.yml

@@ -1,6 +1,9 @@
 version: 2.1
 
 commands:
+  install-trivy:
+    steps:
+      - run: curl -fSsLo trivy.deb https://github.com/aquasecurity/trivy/releases/download/v0.38.3/trivy_0.38.3_Linux-64bit.deb && sudo dpkg -i trivy.deb && rm trivy.deb
   python_test:
     steps:
       - checkout
@@ -24,9 +27,20 @@ jobs:
       - image: cimg/node:18.14.0
     steps:
       - node_test
+  trivy-scan-project:
+    docker:
+      - image: cimg/base:stable
+    resource_class: small
+    steps:
+      - checkout
+      - install-trivy
+      - run: mkdir -p artifacts/trivy && trivy fs . --debug
+      - store_artifacts:
+          path: artifacts/trivy/
 
 workflows:
   main:
     jobs:
       - node_test
       - python_test
+      - trivy-scan-project

Diff for: .gitignore

@@ -6,3 +6,4 @@ node_modules/
 
 # local testing output
 junit.xml
+artifacts/

Diff for: CONTRIBUTING.md

@@ -0,0 +1,33 @@
+<!--
+Copyright © 2023 Intel Corporation
+
+SPDX-License-Identifier: MIT
+-->
+
+# How to Contribute
+
+We welcome community contributions to sigopt-config. You can:
+
+- Submit your changes directly with a [pull request](https://github.com/sigopt/sigopt-config/pulls).
+- Log a bug or make a feature request with an [issue](https://github.com/sigopt/sigopt-config/issues).
+
+Refer to our guidelines on [pull requests](#pull-requests) and [issues](#issues) before you proceed.
+
+## Issues
+
+Use [GitHub issues](https://github.com/sigopt/sigopt-config/issues) to:
+
+- report an issue
+- make a feature request
+
+**Note**: To report a vulnerability, refer to [Intel vulnerability reporting policy](https://www.intel.com/content/www/us/en/security-center/default.html).
+
+## Pull Requests
+
+To contribute your changes directly to the repository, do the following:
+
+- Make sure you can build the product and run all the examples with your patch.
+- Document your code.
+- [Submit](https://github.com/sigopt/sigopt-config/pulls) a pull request into the `main` branch. Provide a brief description of the changes you are contributing.
+
+CI is enabled for the repository. Your PR should pass all of our checks. We will review your contribution and, if any additional fixes or modifications are necessary, we may give some feedback to guide you. When accepted, your pull request will be merged into our GitHub repository.

Diff for: README.md

@@ -0,0 +1,8 @@
+<!--
+Copyright © 2023 Intel Corporation
+
+SPDX-License-Identifier: MIT
+-->
+Sigopt-Config is an open-source tool for managing configuration for SigOpt deployments from [sigopt-server](https://github.com/sigopt/sigopt-server).
+
+Currently very opinionated as it was lifted from pre-existing code, but there are plans to make it more generic.

Diff for: trivy.yaml

@@ -0,0 +1,36 @@
+db:
+  download-only: false
+  light: false
+  no-progress: true
+  repository: ghcr.io/aquasecurity/trivy-db
+  skip-update: false
+debug: false
+exit-code: 1
+format: json
+image:
+  removed-pkgs: false
+insecure: false
+license:
+  forbidden: []
+  full: false
+  ignored: []
+  notice: []
+  permissive: []
+  reciprocal: []
+  restricted: []
+  unencumbered: []
+list-all-pkgs: false
+output: artifacts/trivy/results.json
+quiet: false
+scan:
+  file-patterns: []
+  scanners:
+    - vuln
+    - secret
+  skip-dirs: []
+  skip-files: []
+severity: LOW,MEDIUM,HIGH,CRITICAL
+timeout: 10m0s
+vulnerability:
+  ignore-unfixed: false
+  type: os,library