Issues templates improvements (#1629)

* add security.md
* add metrics and config show

.github/ISSUE_TEMPLATE/bug_report.md

@@ -1,33 +0,0 @@
----
-name: Bug report
-about: Create a report to help us improve
-title: Bug/
-labels: bug
-assignees: ''
-
----
-
-Please, start your issue name (after `Bug`) with the component name impacted by this feature request and a small description of the Bug. Example: `Bug/cscli: issue with ....` and remove this line :)
-
-**Describe the bug**
-A clear and concise description of what the bug is.
-
-**To Reproduce**
-Steps to reproduce the behavior:
-1. Go to '...'
-2. Click on '....'
-3. Scroll down to '....'
-4. See error
-
-**Expected behavior**
-A clear and concise description of what you expected to happen.
-
-**Screenshots**
-If applicable, add screenshots to help explain your problem.
-
-**Technical Information (please complete the following information):**
- - OS: [e.g. Ubuntu, Redhat ..]
- - Version [e.g. v0.2.0, v0.1.5 ..]
-
-**Additional context**
-Add any other context about the problem here, for example `/var/log/crowdsec.log` or error messages.

.github/ISSUE_TEMPLATE/bug_report.yml

@@ -0,0 +1,136 @@
+name: Bug report
+about: Report a bug encountered while operating crowdsec
+labels: bug
+body:
+  - type: textarea
+    id: problem
+    attributes:
+      label: What happened?
+      description: |
+        Please provide as much info as possible. Not doing so may result in your bug not being addressed in a timely manner.
+        If this matter is security related, please disclose it privately to security@crowdsec.net
+    validations:
+      required: true
+
+  - type: textarea
+    id: expected
+    attributes:
+      label: What did you expect to happen?
+    validations:
+      required: true
+
+  - type: textarea
+    id: repro
+    attributes:
+      label: How can we reproduce it (as minimally and precisely as possible)?
+    validations:
+      required: true
+
+  - type: textarea
+    id: additional
+    attributes:
+      label: Anything else we need to know?
+
+  - type: textarea
+    id: Version
+    attributes:
+      label: Crowdsec version
+      value: |
+        <details>
+
+        ```console
+        $ cscli version
+        # paste output here
+        ```
+
+        </details>
+    validations:
+      required: true
+
+  - type: textarea
+    id: osVersion
+    attributes:
+      label: OS version
+      value: |
+        <details>
+
+        ```console
+        # On Linux:
+        $ cat /etc/os-release
+        # paste output here
+        $ uname -a
+        # paste output here
+
+        # On Windows:
+        C:\> wmic os get Caption, Version, BuildNumber, OSArchitecture
+        # paste output here
+        ```
+
+        </details>
+
+  - type: textarea
+    id: collections
+    attributes:
+      label: Enabled collections and parsers
+      value: |
+        <details>
+
+        ```console
+        $ cscli hub list -o raw
+        # paste output here
+        ```
+
+        </details>
+
+  - type: textarea
+    id: acquis
+    attributes:
+      label: Acquisition config
+      value: |
+        <details>
+        ```console
+        # On Linux:
+        $ cat /etc/crowdsec/acquis.yaml /etc/crowdsec/acquis.d/*
+        # paste output here
+
+        # On Windows:
+        C:\> Get-Content C:\ProgramData\CrowdSec\config\acquis.yaml
+        # paste output here
+        </details>
+
+  - type: textarea
+    id: collections
+    attributes:
+      label: Config show
+      value: |
+        <details>
+
+        ```console
+        $ cscli config show
+        # paste output here
+        ```
+
+        </details>
+
+  - type: textarea
+    id: collections
+    attributes:
+      label: Prometheus metrics
+      value: |
+        <details>
+
+        ```console
+        $ cscli metrics
+        # paste output here
+        ```
+
+        </details>
+
+  - type: textarea
+    id: customizations
+    attributes:
+      label: Related custom configs versions (if applicable) : notification plugins, custom scenarios, parsers etc.
+      value: |
+        <details>
+
+        </details>

.github/ISSUE_TEMPLATE/config.yml

@@ -0,0 +1,4 @@
+contact_links:
+  - name: Support Request
+    url: https://discourse.crowdsec.net
+    about: Support request or question relating to Crowdsec

.github/ISSUE_TEMPLATE/feature_request.md

@@ -1,25 +0,0 @@
----
-name: Feature request
-about: Suggest an idea for this project
-title: Improvement/
-labels: enhancement
-assignees: ''
-
----
-
-Please, start your issue name (after `improvement`) with the component name impacted by this feature request and a small description of the FR. Example: `Improvement/cscli: add this feature ....` and remove this line :)
-
-**Is your feature request related to a problem? Please describe.**
-A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
-
-**Describe the solution you'd like**
-A clear and concise description of what you want to happen.
-
-**Describe alternatives you've considered** (Optional) 
-A clear and concise description of any alternative solutions or features you've considered.
-
-**Example of what you imagine**
-If applicable, add an example of what you would expect from this feature request.
-
-**Additional context**
-Add any other context or screenshots about the feature request here.

.github/ISSUE_TEMPLATE/feature_request.yml

@@ -0,0 +1,19 @@
+name: Feature request
+about: Suggest an improvement or a new feature
+labels: enhancement
+body:
+  - type: textarea
+    id: feature
+    attributes:
+      label: What would you like to be added?
+      description: |
+        Significant feature requests are unlikely to make progress as issues. Please consider engaging on discord (discord.gg/crowdsec) and forums (https://discourse.crowdsec.net), instead.
+    validations:
+      required: true
+
+  - type: textarea
+    id: rationale
+    attributes:
+      label: Why is this needed?
+    validations:
+      required: true

security.MD

@@ -0,0 +1,30 @@
+# Security Policy
+
+## Scope
+
+This security policy applies to :
+ - Crowdsec agent
+ - Crowdsec Local API
+ - Crowdsec bouncers **developped and maintained** by Crowdsec's team [1]
+
+Reports regarding developpements of community members that are not part of the crowdsecurity organization will be thoroughly investigated nontheless.
+
+[1] Projects developped and maintained by the Crowdsec team are under the **crowdsecurity** github organization. Bouncers developped by community members that are not part of the Crowdsec organization are explictely excluded.
+
+## Reporting a Vulnerability
+
+We're extremely grateful for security researchers and users that report vulnerabilities regarding the Crowdsec project. All reports are thoroughly investigated by members of the Crowdsec organization.
+
+You can email the private [security@crowdsec.net](mailto:security@crowdsec.net) list with the security details and the details expected for [all Crowdsec bug reports](https://github.com/crowdsecurity/crowdsec/blob/master/.github/ISSUE_TEMPLATE/bug_report.md).
+
+You may encrypt your email to this list using the GPG key of the [Security team](https://doc.crowdsec.net/docs/next/contact_team). Encryption using GPG is NOT required to make a disclosure.
+
+## When Should I Report a Vulnerability? 
+
+ - You think you discovered a potential security vulnerability in Crowdsec
+ - You are unsure how a vulnerability affects Crowdsec
+ - You think you discovered a vulnerability in another project that Crowdsec depends on
+   - For projects with their own vulnerability reporting and disclosure process, please report it directly there
+
+
+<!-- Very heavily inspired from https://kubernetes.io/docs/reference/issues-security/security/ -->