Add CODEOWNERS, FUNDING, SECURITY, SUPPORT, and Dependabot configuration files; update CONTRIBUTING guidelines

Author: marko-stanojevic

.github/CODEOWNERS

@@ -0,0 +1,19 @@
+# CODEOWNERS file for PSScriptModule
+# This file defines code ownership and review requirements for the repository
+# See: https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners
+
+# Default owners for everything in the repo
+# These owners will be requested for review when someone opens a pull request
+*       @marko-stanojevic
+
+# Source code
+/src/   @marko-stanojevic
+
+# Build and CI/CD
+*.build.ps1                 @marko-stanojevic
+/.github/workflows/         @marko-stanojevic
+/requirements.psd1          @marko-stanojevic
+/gitversion.yml             @marko-stanojevic
+
+# Tests
+/tests/ @marko-stanojevic

.github/FUNDING.yml

@@ -0,0 +1,6 @@
+# See https://help.github.com/articles/adding-a-funding-file-to-your-repository/ for more information
+github: marko-stanojevic
+ko_fi: mstanojevic
+buy_me_a_coffee: marko.stanojevic
+liberapay: marko-stanojevic
+custom: ["https://www.paypal.me/mstanojevic84"]

.github/pull_request_template.md .github/PULL_REQUEST_TEMPLATE.md.github/pull_request_template.md renamed to .github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,117 @@
+# Security Policy
+
+## Supported Versions
+
+We release patches for security vulnerabilities. Currently supported versions:
+
+| Version | Supported          |
+| ------- | ------------------ |
+| latest  | :white_check_mark: |
+| < latest| :x:                |
+
+## Reporting a Vulnerability
+
+We take the security of PSScriptModule seriously. If you believe you have found a security vulnerability, please report it to us as described below.
+
+### Please Do Not
+
+- **Do not** open a public GitHub issue for security vulnerabilities
+- **Do not** disclose the vulnerability publicly until it has been addressed
+
+### Please Do
+
+1. **Report via GitHub Security Advisories**:
+    - Navigate to the repository's "Security" tab
+    - Click "Report a vulnerability"
+    - Provide detailed information about the vulnerability
+
+1. **Include in Your Report**:
+    - Description of the vulnerability
+    - Steps to reproduce the issue
+    - Potential impact
+    - Suggested fix (if available)
+    - Your contact information
+
+## Security Best Practices
+
+When using this PowerShell module template:
+
+### Code Security
+
+- **Never commit credentials**: Use `SecureString` or credential management systems
+- **Validate all inputs**: Use parameter validation attributes
+- **Sanitize user input**: Prevent injection attacks
+- **Use approved verbs**: Follow PowerShell naming conventions
+- **Handle errors properly**: Don't expose sensitive information in error messages
+
+### Development Security
+
+- **Run PSScriptAnalyzer**: All code must pass static analysis
+- **Run InjectionHunter tests**: Check for injection vulnerabilities
+- **Review dependencies**: Regularly update modules in `requirements.psd1`
+
+### Deployment Security
+
+- **Sign your scripts**: Use code signing certificates for production
+- **Verify execution policy**: Use appropriate PowerShell execution policies
+- **Limit permissions**: Follow principle of least privilege
+- **Audit module usage**: Enable PowerShell logging in production environments
+
+## Known Security Considerations
+
+### PowerShell Execution
+
+This module requires PowerShell script execution. Ensure:
+
+- Execution policy is set appropriately for your environment
+- Scripts are obtained from trusted sources
+- Code signing is enforced in production environments
+
+### External Dependencies
+
+This project uses external PowerShell modules:
+
+- **InvokeBuild**: Build orchestration
+- **Pester**: Testing framework
+- **PSScriptAnalyzer**: Static code analysis
+- **platyPS**: Documentation generation
+
+Review the security advisories for these dependencies regularly.
+
+## Security Testing
+
+### Automated Tests
+
+Every PR runs:
+
+1. **PSScriptAnalyzer**: Static code analysis for common issues
+1. **InjectionHunter**: Detection of potential injection vulnerabilities
+1. **Pester Tests**: Functional testing including security scenarios
+1. **Dependency Checks**: Ensure dependencies are up-to-date
+
+## Security Update Process
+
+When a security vulnerability is confirmed:
+
+1. **Assessment**: Evaluate severity and impact
+1. **Fix Development**: Create patch in private branch
+1. **Testing**: Thoroughly test the security fix
+1. **Release**:
+    - Use `+semver: patch` for minor security fixes
+    - Use `+semver: major` for breaking security changes
+1. **Disclosure**: Publish security advisory after fix is released
+1. **Notification**: Notify users of the security update
+
+## Additional Resources
+
+- [PowerShell Security Best Practices](https://docs.microsoft.com/en-us/powershell/scripting/learn/security/powershell-security-best-practices)
+- [PSScriptAnalyzer Rules](https://github.com/PowerShell/PSScriptAnalyzer/blob/master/docs/Rules/README.md)
+- [OWASP Secure Coding Practices](https://owasp.org/www-project-secure-coding-practices-quick-reference-guide/)
+
+## Contact
+
+For security-related questions that are not vulnerabilities, please open a regular GitHub issue or discussion.
+
+---
+
+**Thank you for helping keep PSScriptModule and its users safe!**

.github/SECURITY.md

@@ -0,0 +1,70 @@
+# Support
+
+## Getting Help
+
+Thank you for using PSScriptModule! If you need help or have questions, here are the available resources:
+
+### Documentation
+
+- **[README](../README.md)** - Project overview and quick start guide
+- **[Help Documentation](../docs/help/)** - Detailed cmdlet reference
+- **[AI Agents Guide](../AGENTS.md)** - Guidance for AI-assisted development
+
+### Community Support
+
+- **GitHub Issues** - Search [existing issues](../../issues) or [create a new issue](../../issues/new) for:
+    - Bug reports
+    - Feature requests
+    - Questions about usage
+    - Documentation clarifications
+
+- **GitHub Discussions** - Join [discussions](../../discussions) for:
+    - General questions
+    - Best practices
+    - Community collaboration
+    - Show and tell
+
+### Reporting Issues
+
+When reporting issues, please include:
+
+1. **PowerShell Version**: Output of `$PSVersionTable`
+1. **Module Version**: Output of `Get-Module PSScriptModule`
+1. **Operating System**: Windows, macOS, or Linux distribution
+1. **Steps to Reproduce**: Clear steps to reproduce the issue
+1. **Expected Behavior**: What you expected to happen
+1. **Actual Behavior**: What actually happened
+1. **Error Messages**: Full error output with stack traces if available
+
+### Security Issues
+
+**Do not report security vulnerabilities through public GitHub issues.**
+
+Please report security vulnerabilities by emailing the project maintainer or using GitHub's private security reporting feature.
+
+### Contributing
+
+Interested in contributing? See our [Contributing Guidelines](CONTRIBUTING.md) for:
+
+- Code of conduct
+- Development setup
+- Pull request process
+- Coding standards
+
+### Response Times
+
+This is a community-driven project. Response times may vary:
+
+- **Critical bugs**: We aim to respond within 48 hours
+- **General issues**: Usually responded to within 1 week
+- **Feature requests**: Reviewed during regular planning cycles
+
+### Additional Resources
+
+- **PowerShell Documentation**: [docs.microsoft.com/powershell](https://docs.microsoft.com/en-us/powershell/)
+- **Pester Documentation**: [pester.dev](https://pester.dev/)
+- **PSScriptAnalyzer**: [github.com/PowerShell/PSScriptAnalyzer](https://github.com/PowerShell/PSScriptAnalyzer)
+
+---
+
+**Note**: This project is maintained by volunteers. Please be patient and respectful when seeking support.

.github/SUPPORT.md

@@ -0,0 +1,38 @@
+# Automatically checks for updates to GitHub Actions and PowerShell modules
+
+version: 2
+updates:
+  # GitHub Actions dependencies
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      day: "monday"
+    labels:
+      - "dependencies"
+      - "github-actions"
+    commit-message:
+      prefix: "ci"
+      include: "scope"
+    open-pull-requests-limit: 5
+
+  # PowerShell modules via requirements.psd1
+  # Note: Dependabot doesn't natively support PowerShell modules
+  # This monitors the requirements.psd1 file for manual updates
+  - package-ecosystem: "nuget"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      day: "monday"
+    labels:
+      - "dependencies"
+      - "powershell"
+    commit-message:
+      prefix: "deps"
+      include: "scope"
+    open-pull-requests-limit: 5
+    ignore:
+      # PowerShell modules are managed via PSDepend
+      # This is primarily for any NuGet packages if added later
+      - dependency-name: "*"
+        update-types: ["version-update:semver-major"]

.github/dependabot.yml

@@ -30,19 +30,18 @@ We welcome suggestions for enhancements! Please:
 ### Pull Requests
 
 1. **Fork the repository** and create your branch from `main`
-2. **Follow the project structure**:
+1. **Follow the project structure**:
    - Place public functions in `src/Public/`
    - Place private functions in `src/Private/`
    - Add corresponding Pester tests with `.Tests.ps1` suffix
    - Update documentation in `docs/help/` if needed
-
-3. **Write quality code**:
+1. **Write quality code**:
    - Follow PowerShell best practices
    - Use approved verbs for function names (Get, Set, New, etc.)
    - Include proper comment-based help for all public functions
    - Ensure your code passes PSScriptAnalyzer checks
+1. **Test your changes**:
 
-4. **Test your changes**:
    ```powershell
    # Run all tests
    Invoke-Build Test
@@ -54,19 +53,17 @@ We welcome suggestions for enhancements! Please:
    Invoke-Build Invoke-UnitTests
    ```
 
-5. **Document your changes**:
+1. **Document your changes**:
    - Update the README.md if needed
-    - Generate or update function help sections
-
-6. **Commit your changes**:
+   - Generate or update function help sections
+1. **Commit your changes**:
    - Use clear and meaningful commit messages
    - Follow semantic versioning keywords in commit messages:
      - `+semver: breaking` or `+semver: major` for breaking changes
      - `+semver: feature` or `+semver: minor` for new features
      - `+semver: fix` or `+semver: patch` for bug fixes
      - `+semver: none` or `+semver: skip` to skip version bump
-
-7. **Submit a pull request**:
+1. **Submit a pull request**:
    - Provide a clear description of the changes
    - Reference any related issues
    - Ensure all CI checks pass
@@ -78,21 +75,23 @@ We welcome suggestions for enhancements! Please:
 - PowerShell 7.0 or higher (PowerShell 5.1 minimum)
 - Git
 - Required modules (installed via PSDepend):
-  - InvokeBuild
-  - ModuleBuilder
-  - Pester
-  - PSScriptAnalyzer
-  - PlatyPS
+- InvokeBuild
+- ModuleBuilder
+- Pester
+- PSScriptAnalyzer
+- PlatyPS
 
 ### Setting Up Your Development Environment
 
 1. Clone your fork:
+
    ```bash
    git clone https://github.com/YOUR-USERNAME/PSScriptModule.Template.git
    cd PSScriptModule.Template
    ```
 
-2. Install dependencies:
+1. Install dependencies:
+
    ```powershell
    # Install PSDepend if not already installed
    Install-Module -Name PSDepend -Scope CurrentUser
@@ -101,7 +100,8 @@ We welcome suggestions for enhancements! Please:
    Invoke-PSDepend -Path ./requirements.psd1 -Install -Import -Force
    ```
 
-3. Create a new branch:
+1. Create a new branch:
+
    ```bash
    git checkout -b feature/your-feature-name
    ```
@@ -135,6 +135,7 @@ Invoke-Build Clean
 - Mock external dependencies
 
 Example test structure:
+
 ```powershell
 Describe 'Get-MyFunction' {
     Context 'When valid input is provided' {
@@ -194,7 +195,7 @@ Version numbers are automatically managed by GitVersion based on commit messages
 Releases are automated through the CI/CD pipeline:
 
 1. Merge pull request to `main` branch
-2. CI/CD pipeline automatically:
+1. CI/CD pipeline automatically:
    - Calculates version number using GitVersion
    - Runs all tests and checks
    - Builds the module