fix gitleaks.toml, fix community and contrib

Author: clewellyn-nava

.gitleaks.toml

@@ -11,7 +11,5 @@ useDefault = true
 regexTarget = "match"
 description = "whitelist public and test secrets"
 regexes = [
-  '''a''',
-  '''b''',
-  '''c''',
+  '''add-your-secrets-here''',
 ]

COMMUNITY.md

@@ -1,6 +1,6 @@
 # COMMUNITY.md
 
-bluebutton-sample-client-nodejs-react is supported by a dedicated team of individuals fulfilling various roles to ensure its success, security, and alignment with government standards and agency goals.
+The Blue Button Node Sample Client is supported by a dedicated team of individuals fulfilling various roles to ensure its success, security, and alignment with government standards and agency goals.
 
 ## Project Members
 
@@ -11,13 +11,9 @@ bluebutton-sample-client-nodejs-react is supported by a dedicated team of indivi
 | Maintainer | Brandon Wang | ICF |
 | Maintainer | Connor Lewellyn | Nava PBC |
 
-See [CODEOWNERS.md](.github/CODEOWNERS.md) for a list of those responsible for the code and documentation in this repository.
-
-See [Community Guidelines](#bluebutton-sample-client-nodejs-react-open-source-community-guidelines) on principles and guidelines for participating in this open source project.
-
 ## Roles & Responsibilities
 
-The members of bluebutton-sample-client-nodejs-react community are responsible for guiding its development, ensuring quality standards, and fostering a collaborative environment. They play a vital role in making decisions about code contributions, handling releases, and ensuring the project meets its goals and objectives. Below is a list of the key members and their specific roles and responsibilities. We are eagerly seeking individuals who are interested in joining the community and helping shape and support these roles.
+The members of Blue Button community are responsible for guiding its development, ensuring quality standards, and fostering a collaborative environment. They play a vital role in making decisions about code contributions, handling releases, and ensuring the project meets its goals and objectives. Below is a list of the key members and their specific roles and responsibilities. We are eagerly seeking individuals who are interested in joining the community and helping shape and support these roles.
 
 ### Maintainers:
 
@@ -28,8 +24,18 @@ The members of bluebutton-sample-client-nodejs-react community are responsible f
 
 ### Approvers:
 
+- @jimmyfagan
+- @clewellyn-nava
+- @bwang-icf
+- @stiwarisemanticbits
+
 ### Reviewers:
 
+- @jimmyfagan
+- @clewellyn-nava
+- @bwang-icf
+- @stiwarisemanticbits
+
 | Roles      | Responsibilities                               | Requirements                                                                      | Defined by                                                |
 | ---------- | :--------------------------------------------- | :-------------------------------------------------------------------------------- | :-------------------------------------------------------- |
 | member     | active contributor in the community            | multiple contributions to the project.                                            | PROJECT GitHub org Committer Team                         |
@@ -52,9 +58,9 @@ Total number of contributors: <!--CONTRIBUTOR COUNT START--> <!--CONTRIBUTOR COU
 We'd like to acknowledge the following individuals for their past contributions of this project:
 
 
-## bluebutton-sample-client-nodejs-react Open Source Community Guidelines
+## Blue Button Open Source Community Guidelines
 
-This document contains principles and guidelines for participating in the bluebutton-sample-client-nodejs-react open source community.
+This document contains principles and guidelines for participating in the Blue Button open source community.
 
 ### Principles
 
@@ -74,7 +80,7 @@ All community members are expected to adhere to our [Code of Conduct](CODE_OF_CO
 
 Information on contributing to this repository is available in our [Contributing file](CONTRIBUTING.md).
 
-When participating in bluebutton-sample-client-nodejs-react open source community conversations and spaces, we ask individuals to follow the following guidelines:
+When participating in Blue Button open source community conversations and spaces, we ask individuals to follow the following guidelines:
 
 - When joining a conversation for the first time, please introduce yourself by providing a brief intro that includes:
   - your related organization (if applicable)

CONTRIBUTING.md

@@ -78,7 +78,7 @@ We welcome improvements to the project documentation. This includes:
 - Developer tutorials
 - Code comments and inline documentation
 
-Please file an [issue](https://github.com/CMSGov/ms-bb2-node-sdk/issues) for documentation improvements or submit a pull request with your changes.
+Please file an [issue](https://github.com/CMSGov/bluebutton-sample-client-nodejs-react/issues) for documentation improvements or submit a pull request with your changes.
 
 **Documentation Resources:**
 - Developer documentation: https://cmsgov.github.io/bluebutton-developer-help/

README.md

@@ -134,17 +134,40 @@ This project follows standard GitHub flow practices:
 * Tests should be written for changes introduced
 * Each change should be deployable to production
 
-<!-- # Community
+# Community
+The Blue Button Web Server team is taking a community-first and open source approach to the product development of this tool. We believe government software should be made in the open and be built and licensed such that anyone can download the code, run it themselves without paying money to third parties or using proprietary software, and use it as they will.
 
-# Community Guidelines -->
+We know that we can learn from a wide variety of communities, including those who will use or will be impacted by the tool, who are experts in technology, or who have experience with similar technologies deployed in other spaces. We are dedicated to creating forums for continuous conversation and feedback to help shape the design and development of the tool.
+
+We also recognize capacity building as a key part of involving a diverse open source community. We are doing our best to use accessible language, provide technical and process documents, and offer support to community members with a wide variety of backgrounds and skillsets.
+
+# Community Guidelines
+Principles and guidelines for participating in our open source community are can be found in [COMMUNITY.md](COMMUNITY.md). Please read them before joining or starting a conversation in this repo or one of the channels listed below. All community members and participants are expected to adhere to the community guidelines and code of conduct when participating in community spaces including: code repositories, communication channels and venues, and events.
 
 # Governance
 For more information about our governance, see [GOVERNANCE.md](GOVERNANCE.md).
 
 # Feedback
 Got questions? Need help troubleshooting? Want to propose a new feature? Contact the Blue Button 2.0 team and connect with the community in our [Google Group](https://groups.google.com/forum/#!forum/Developer-group-for-cms-blue-button-api).
 
-# Policites
+# Policies
+### Open Source Policy
+
+We adhere to the [CMS Open Source Policy](https://github.com/CMSGov/cms-open-source-policy). If you have any questions, just [shoot us an email](mailto:[email protected]).
+
+### Security and Responsible Disclosure Policy
+
+_Submit a vulnerability:_ Vulnerability reports can be submitted through [Bugcrowd](https://bugcrowd.com/cms-vdp). Reports may be submitted anonymously. If you share contact information, we will acknowledge receipt of your report within 3 business days.
+
+For more information about our Security, Vulnerability, and Responsible Disclosure Policies, see [SECURITY.md](SECURITY.md).
+
+### Software Bill of Materials (SBOM)
+
+A Software Bill of Materials (SBOM) is a formal record containing the details and supply chain relationships of various components used in building software.
+
+In the spirit of [Executive Order 14028 - Improving the Nation's Cyber Security](https://www.gsa.gov/technology/it-contract-vehicles-and-purchasing-programs/information-technology-category/it-security/executive-order-14028), a SBOM for this repository is provided here: https://github.com/CMSGov/bluebutton-web-server/network/dependencies.
+
+For more information and resources about SBOMs, visit: https://www.cisa.gov/sbom.
 
 # Public Domain
 This project is in the public domain within the United States, and copyright and related rights in the work worldwide are waived through the [CC0 1.0 Universal public domain dedication](https://creativecommons.org/publicdomain/zero/1.0/) as indicated in [LICENSE](LICENSE).