docs: Align documentation style with qramm-cryptoscan

- Rewrite README.md with improved structure and visual appeal
  - Add tagline and one-liner mission statement
  - Add Go Version badge and quick navigation links
  - Add comparison table and collapsible details
  - Add "Try It Out" demo section
  - Add Roadmap with version checkboxes
  - Update About CSNP and References sections

- Add PATTERNS.md documenting detection patterns
  - Quantum risk classification tables
  - Algorithm classifications by category
  - Import patterns by ecosystem (Go, npm, Python, Maven)
  - Instructions for adding new patterns

- Update CONTRIBUTING.md with cleaner structure
  - Add PATTERNS.md reference
  - Add security vulnerability reporting
  - Add PR guidelines and checklist

- Fix release workflow
  - Disable cosign signing until properly configured
  - Prevents release failures from missing cosign binary

- Update .gitignore for internal docs

Author: abdelsfane

.github/workflows/release.yml

@@ -42,8 +42,9 @@ jobs:
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Install Cosign
-        uses: sigstore/cosign-installer@v3
+      # TODO: Re-enable cosign signing once properly configured
+      # - name: Install Cosign
+      #   uses: sigstore/cosign-installer@v3
 
       - name: Run GoReleaser
         uses: goreleaser/goreleaser-action@v6

.gitignore

@@ -1,4 +1,4 @@
-# Binaries (only in root)
+# Binaries
 /cryptodeps
 *.exe
 *.exe~
@@ -38,3 +38,9 @@ Thumbs.db
 
 # Downloaded package sources (cache)
 .cache/
+
+# GoReleaser
+dist/
+
+# Internal roadmap and planning docs
+ROADMAP.md

.goreleaser.yml

@@ -163,17 +163,18 @@ release:
   extra_files:
     - glob: ./data/crypto-database.json
 
-# Sign releases
-signs:
-  - cmd: cosign
-    env:
-      - COSIGN_EXPERIMENTAL=1
-    certificate: '${artifact}.pem'
-    args:
-      - sign-blob
-      - '--output-certificate=${certificate}'
-      - '--output-signature=${signature}'
-      - '${artifact}'
-      - '--yes'
-    artifacts: checksum
-    output: true
+# TODO: Enable cosign signing once properly configured
+# Sign releases with cosign
+# signs:
+#   - cmd: cosign
+#     env:
+#       - COSIGN_EXPERIMENTAL=1
+#     certificate: '${artifact}.pem'
+#     args:
+#       - sign-blob
+#       - '--output-certificate=${certificate}'
+#       - '--output-signature=${signature}'
+#       - '${artifact}'
+#       - '--yes'
+#     artifacts: checksum
+#     output: true

CONTRIBUTING.md

@@ -1,6 +1,6 @@
 # Contributing to CryptoDeps
 
-Thank you for your interest in contributing to CryptoDeps. This document provides guidelines for contributing to the project.
+Thank you for your interest in contributing to CryptoDeps! This document provides guidelines for contributing to the project.
 
 ## Getting Started
 
@@ -14,9 +14,9 @@ Thank you for your interest in contributing to CryptoDeps. This document provide
 ```bash
 git clone https://github.com/csnp/qramm-cryptodeps.git
 cd qramm-cryptodeps
-make deps
-make build
-make test
+go mod download
+go build -o cryptodeps ./cmd/cryptodeps
+go test ./...
 ```
 
 ## Development Workflow
@@ -25,32 +25,34 @@ make test
 
 ```bash
 # Run all tests
-make test
+go test -race ./...
 
 # Run tests without race detector (faster)
-make test-short
+go test ./...
 
 # View coverage report
-make coverage
+go test -coverprofile=coverage.out ./...
+go tool cover -html=coverage.out
 ```
 
 ### Code Style
 
 ```bash
 # Format code
-make fmt
+go fmt ./...
+gofumpt -w .
 
 # Run linter
-make lint
+golangci-lint run
 ```
 
 ## Contributing Code
 
 1. Fork the repository
 2. Create a feature branch: `git checkout -b feature/my-feature`
 3. Make your changes
-4. Run tests: `make test`
-5. Run linter: `make lint`
+4. Run tests: `go test -race ./...`
+5. Run linter: `golangci-lint run`
 6. Commit with a descriptive message
 7. Push and open a Pull Request
 
@@ -63,6 +65,7 @@ feat: add support for Cargo.toml
 fix: correct SHA-384 classification
 docs: update installation instructions
 test: add tests for npm parser
+refactor: improve reachability analysis performance
 ```
 
 ## Contributing Package Data
@@ -75,29 +78,63 @@ Help expand the crypto knowledge database by contributing analysis for packages
 # Scan a project and identify unknown packages
 cryptodeps analyze /path/to/project --deep
 
-# Look for "not in database" warnings
+# Look for packages marked as "unknown" or "low confidence"
 ```
 
 ### Submitting Package Data
 
 1. Analyze the package source code to identify crypto usage
-2. Create a YAML entry following the schema in `data/packages/`
+2. Create a JSON entry following the schema below
 3. Submit a Pull Request with the new package data
 
 ### Package Entry Format
 
-```yaml
-name: "package-name"
-ecosystem: "go"  # go, npm, pypi, maven
-crypto:
-  - algorithm: "RSA"
-    type: "asymmetric"
-    quantumRisk: "vulnerable"
-    usage: "Key exchange"
-    file: "crypto.go"
-    evidence: "Uses crypto/rsa package"
+Add entries to `data/crypto-database.json`:
+
+```json
+{
+  "name": "package-name",
+  "ecosystem": "go",
+  "crypto": [
+    {
+      "algorithm": "RSA",
+      "type": "asymmetric",
+      "quantumRisk": "vulnerable",
+      "usage": "Key exchange",
+      "file": "crypto.go",
+      "evidence": "Uses crypto/rsa package",
+      "confidence": "high"
+    }
+  ]
+}
 ```
 
+**Ecosystem values**: `go`, `npm`, `pypi`, `maven`
+
+**quantumRisk values**: `vulnerable`, `partial`, `safe`
+
+**confidence values**: `verified`, `high`, `medium`, `low`
+
+## Adding Detection Patterns
+
+### Import Patterns
+
+Add new import patterns in `pkg/crypto/patterns.go`:
+
+```go
+{Pattern: "new/crypto/package", Ecosystem: types.EcosystemGo, Description: "Description", Algorithms: []string{"RSA", "AES"}},
+```
+
+### Algorithm Classifications
+
+Add new algorithms in `pkg/crypto/quantum.go`:
+
+```go
+"new-algorithm": {Name: "New-Algorithm", Type: "encryption", QuantumRisk: types.RiskSafe, Severity: types.SeverityInfo, Description: "Description", Remediation: "Guidance"},
+```
+
+See [PATTERNS.md](PATTERNS.md) for the complete list of current patterns.
+
 ## Reporting Issues
 
 ### Bug Reports
@@ -107,7 +144,7 @@ Include:
 - Operating system and architecture
 - Steps to reproduce
 - Expected vs actual behavior
-- Relevant manifest file (sanitized)
+- Relevant manifest file (sanitized of sensitive data)
 
 ### Feature Requests
 
@@ -116,6 +153,34 @@ Describe:
 - Your proposed solution
 - Alternatives you've considered
 
+### Security Vulnerabilities
+
+For security issues, please email security@csnp.org instead of opening a public issue.
+
+## Pull Request Guidelines
+
+### Before Submitting
+
+- [ ] Tests pass: `go test -race ./...`
+- [ ] Linter passes: `golangci-lint run`
+- [ ] Code is formatted: `go fmt ./...`
+- [ ] Documentation updated if needed
+- [ ] Commit messages follow conventional commits
+
+### PR Description
+
+Include:
+- Summary of changes
+- Motivation and context
+- Testing performed
+- Screenshots (if UI changes)
+
+### Review Process
+
+1. All PRs require at least one review
+2. CI must pass before merge
+3. Squash commits on merge for clean history
+
 ## Code of Conduct
 
 Be respectful and constructive. We're all here to improve quantum security.
@@ -124,7 +189,7 @@ Be respectful and constructive. We're all here to improve quantum security.
 
 By contributing, you agree that your contributions will be licensed under the Apache License 2.0.
 
-## Questions
+## Questions?
 
 - Open an issue for questions
 - Visit [QRAMM.org](https://qramm.org) for quantum readiness resources