CONTRIBUTING: Add a more fleshed out contributing guide

CODE_OF_CONDUCT.md

@@ -0,0 +1,53 @@
+# Contributor Code of Conduct
+
+As contributors and maintainers of this project, and in the interest of
+fostering an open and welcoming community, we pledge to respect all people who
+contribute through reporting issues, posting feature requests, updating
+documentation, submitting pull requests, and other activities.
+
+We are committed to making participation in this project a harassment-free
+experience for everyone, regardless of level of experience, gender, gender
+identity and expression, sexual orientation, disability, personal appearance,
+body size, race, ethnicity, age, religion, or nationality.
+
+Examples of unacceptable behavior by participants include:
+
+* The use of sexualized language or imagery
+* Personal attacks
+* Trolling or insulting/derogatory comments
+* Public or private harassment
+* Publishing other's private information, such as physical or electronic
+  addresses, without explicit permission
+* Other unethical or unprofessional conduct
+
+Project maintainers have the right and responsibility to remove, edit, or
+reject comments, commits, code, wiki edits, issues, and other contributions
+that are not aligned to this Code of Conduct, or to ban temporarily or
+permanently any contributor for other behaviors that they deem inappropriate,
+threatening, offensive, or harmful. In addition, we reserve the right to modify
+or supplement this Code of Conduct document.
+
+By adopting this Code of Conduct, project maintainers commit themselves to
+fairly and consistently applying these principles to every aspect of managing
+this project. Project maintainers who do not follow or enforce the Code of
+Conduct may be permanently removed from the project team.
+
+This Code of Conduct applies both within project spaces and in public spaces
+when an individual is representing the project or its community.
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported by contacting the project maintainers at IntegrationAlliance@rapid7.com. If
+the incident involves a committer, you may report directly to
+jonathan_schipp@rapid7.com.
+
+All complaints will be reviewed and investigated and will result in a
+response that is deemed necessary and appropriate to the circumstances.
+Maintainers are obligated to maintain confidentiality with regard to the
+reporter of an incident.
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage],
+version 1.3.0, available at
+[http://contributor-covenant.org/version/1/3/0/][version].
+
+[homepage]: http://contributor-covenant.org
+[version]: http://contributor-covenant.org/version/1/3/0/

CONTRIBUTING.md

@@ -0,0 +1,78 @@
+# Contributing
+
+Thank you for your interest in joining the InsightConnect developer community!! Please review our [Code of Conduct] before making contributions.
+
+There are multiple ways to contribute beyond writing code. These include:
+
+- [Submit bugs and feature requests] with detailed information about your issue or idea.
+- [Help fellow users with open issues] or [help fellow committers test recent pull requests].
+- [Report a security vulnerability in InsightConnect's plugins] to Rapid7.
+- Submit an updated or brand new plugin!  We are always eager for new
+  integrations or features. Don't know where to start? Check out the [developer documentation].
+
+Here is a short list of do's and don'ts to make sure *your* valuable contributions actually make
+it into production.  If you do not care to follow these rules, your contribution **will** be rejected. Sorry!
+
+## Code Contributions
+
+- **Do** read the [developer documentation]
+- **Do** stick to the [Python PEP8] and [plugin style] guides.
+- **Do** follow the [50/72 rule] for Git commit messages.
+- **Do** license your code as MIT.
+- **Do** create a [topic branch] to work on. This helps ensure users are aware of commits on the branch being considered for merge, allows for a location for more commits to be offered without mingling with other contributor changes, and allows contributors to make progress while a PR is still being reviewed.
+
+### Pull Requests
+
+- **Do** write "WIP" on your PR and/or open a [draft PR] if submitting unfinished code.
+- **Do** target your pull request to the **master branch**.
+- **Do** specify a descriptive title to make searching for your pull request easier e.g. "Okta: add Suspend User action".
+- **Do** include [console output], especially the JSON output for new features and bug fixes.
+- **Do** list [verification steps] so your tests are reproducible.
+- **Do** [reference associated issues] in your pull request description.
+- **Don't** leave your pull request description blank.
+- **Don't** abandon your pull request. Being responsive helps us land your code faster.
+
+#### New Features
+
+- **Do** install validator dependencies necessary to run `make validate` to find and fix any errors or warnings that come up.
+- **Do** include documentation showing sample run-throughs.
+- **Don't** include more than one plugin per pull request.
+
+#### Bug Fixes
+
+- **Do** include reproduction steps in the form of [verification steps].
+- **Do** link to any corresponding [Issues] in the format of `See #1234` in your commit description.
+
+## Bug Reports
+
+Please report vulnerabilities in Rapid7 software directly to security@rapid7.com.
+For more on our disclosure policy and Rapid7's approach to coordinated disclosure, [head over here](https://www.rapid7.com/security).
+
+When reporting issues:
+
+- **Do** write a detailed description of your bug and use a descriptive title.
+- **Do** include reproduction steps, stack traces, and anything that might help us fix your bug.
+- **Don't** file duplicate reports; search for your bug before filing a new report.
+
+If you need additional guidance, reach out to the open source contribution owners at
+`IntegrationAlliance@rapid7.com`
+
+Finally, **thank you** for taking the few moments to read this far! You're already way ahead of the
+curve, so keep it up!
+
+[Code of Conduct]:./CODE_OF_CONDUCT.md
+[developer documentation]:https://komand.github.io/python/start.html
+[Submit bugs and feature requests]:https://github.com/rapid7/insightconnect-plugins/issues
+[Report a security vulnerability in InsightConnect itself or its plugins]:https://www.rapid7.com/disclosure.jsp
+[Help fellow users with open issues]:https://github.com/rapid7/insightconnect-plugins/issues
+[help fellow committers test recent pull requests]:https://github.com/rapid7/insightconnect-plugins/pulls
+[Python PEP8]:https://www.python.org/dev/peps/pep-0008/
+[plugin style]:https://komand.github.io/python/style.html
+[50/72 rule]:http://tbaggery.com/2008/04/19/a-note-about-git-commit-messages.html
+[Report a security vulnerability in Metasploit itself]:https://www.rapid7.com/disclosure.jsp
+[topic branch]:http://git-scm.com/book/en/Git-Branching-Branching-Workflows#Topic-Branches
+[draft PR]:https://help.github.com/en/articles/about-pull-requests#draft-pull-requests
+[console output]:https://help.github.com/articles/github-flavored-markdown#fenced-code-blocks
+[verification steps]:https://help.github.com/articles/writing-on-github#task-lists
+[reference associated issues]:https://github.com/blog/1506-closing-issues-via-pull-requests
+[Issues]:https://github.com/rapid7/insightconnect-plugins/issues

README.md

@@ -11,7 +11,7 @@ If you have questions, reach out to us at `IntegrationAlliance@rapid7.com`.
 1. [Getting Started](#getting-started)
 2. [Example](#example)
 3. [Plugin Support](#plugin-support)
-4. [Host to Contribute](#contributing)
+4. [Contributing](#contributing)
 
 ### Getting Started
 
@@ -352,11 +352,4 @@ The following table shows which plugins are officially supported by Rapid7 devel
 
 ### Contributing
 
-If you would like to contribute, follow the documentation and open a pull request :) Your contribution will improve integrations for all users.
-
-1. Fork this repository or create an aptly named branch e.g. `rapid7_insightvm/action/scan_hosts`
-2. Write and test your code with the [documentation](https://komand.github.io/python/index.html) in mind
-3. Open a pull request
-4. Complete the pull request's template
-5. A team member will review or provide feedback
-6. Once merged, the plugin will be released to all customers (usually same-day)
+See our [contributing guide](./CONTRIBUTING.md).