[pull] master from Hacker0x01:master

.eslintrc.js

@@ -1,5 +1,5 @@
 module.exports = {
-  "parser": "babel-eslint",
+  "parser": "@babel/eslint-parser",
   "env": {
     "browser": true,
     "es6": true,
@@ -11,6 +11,10 @@ module.exports = {
     "graphql": false,
   },
   "parserOptions": {
+    "babelOptions": {
+      "presets": ["@babel/preset-react"]
+   },
+    "requireConfigFile": false,
     "sourceType": "module",
     "ecmaFeatures": {
       "experimentalObjectRestSpread": true,

.github/workflows/codeql-analysis.yml

@@ -17,33 +17,22 @@ on:
 jobs:
   analyze:
     name: Analyze
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
 
     strategy:
       fail-fast: false
       matrix:
-        # Override automatic language detection by changing the below list
-        # Supported options are ['csharp', 'cpp', 'go', 'java', 'javascript', 'python']
         language: ['javascript']
         # Learn more...
         # https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#overriding-automatic-language-detection
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v2
-      with:
-        # We must fetch at least the immediate parents so that if this is
-        # a pull request then we can checkout the head.
-        fetch-depth: 2
-
-    # If this run was triggered by a pull request event, then checkout
-    # the head of the pull request instead of the merge commit.
-    - run: git checkout HEAD^2
-      if: ${{ github.event_name == 'pull_request' }}
+      uses: actions/checkout@v3
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v1
+      uses: github/codeql-action/init@v2
       with:
         languages: ${{ matrix.language }}
         # If you wish to specify custom queries, you can do so here or in a config file.
@@ -54,7 +43,7 @@ jobs:
     # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
     # If this step fails, then you should remove it and run the build manually (see below)
     - name: Autobuild
-      uses: github/codeql-action/autobuild@v1
+      uses: github/codeql-action/autobuild@v2
 
     # ℹ️ Command-line programs to run using the OS shell.
     # 📚 https://git.io/JvXDl
@@ -68,4 +57,4 @@ jobs:
     #   make release
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v1
+      uses: github/codeql-action/analyze@v2

.github/workflows/deploy.yml

@@ -7,9 +7,12 @@ on:
 
 jobs:
   build:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     steps:
-      - uses: actions/checkout@v1
+      - uses: actions/checkout@v3
+      - uses: actions/setup-node@v3
+        with:
+          node-version: 16.x
       - uses: enriikke/gatsby-gh-pages-action@v2
         with:
           access-token: ${{ secrets.DEPLOY_KEY }}

.github/workflows/test-suite.yml

@@ -9,32 +9,46 @@ on:
 
 jobs:
   update:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     steps:
-      - uses: actions/checkout@v1
+      - uses: actions/checkout@v3
 
       - name: Get yarn cache directory path
         id: yarn-cache-dir-path
         run: echo "::set-output name=dir::$(yarn cache dir)"
 
-      - uses: actions/cache@v2
+      - uses: actions/cache@v3
         id: yarn-cache # use this to check for `cache-hit` (`steps.yarn-cache.outputs.cache-hit != 'true'`)
         with:
           path: ${{ steps.yarn-cache-dir-path.outputs.dir }}
           key: ${{ runner.os }}-yarn-${{ hashFiles('**/yarn.lock') }}
           restore-keys: |
-            ${{ runner.os }}-yarn-      
+            ${{ runner.os }}-yarn-
+
+      - name: Caching Gatsby
+        id: gatsby-cache-build
+        uses: actions/cache@v3
+        with:
+          path: |
+            public
+            .cache
+          key: ${{ runner.os }}-gatsby-build-${{ github.run_id }}
+          restore-keys: |
+            ${{ runner.os }}-gatsby-build-
 
       - name: Set Node.js
-        uses: actions/setup-node@master
+        uses: actions/setup-node@v3
         with:
-          node-version: 10.x
+          node-version: 16.x
 
       - name: Install dependencies
         run: yarn install
 
       - name: Lint
         run: yarn run lint
 
-      - name: Build
-        run: yarn run build
+      - name: Build Gatsby
+        run: yarn build --log-pages
+        env:
+          GATSBY_EXPERIMENTAL_PAGE_BUILD_ON_DATA_CHANGES: true
+          CI: true

.gitignore

@@ -7,3 +7,4 @@ public/
 .DS_Store
 npm-debug.log
 yarn-error.log
+*.icloud

CONTRIBUTING.md

@@ -1,7 +1,10 @@
 # Style Guide
 
 ### Adding New Articles
-You can add new articles to either the Hacker Book or the Program Book.
+You can add new articles to either the Hacker Book or the Organization Book.
+
+#### Review Process
+All pull requests require approval before going live. New documents should be reviewed by the UX or Technical Writer before being approved. 
 
 #### Hacker Book
 When adding a new article, make sure you format the file such that the first several lines of the markdown file are:
@@ -20,8 +23,8 @@ When adding a new article to the program book, make sure you format the file suc
 ```md
 ---
 title: "Title of the Article"
-path: "/programs/title-of-the-article.html"
-id: "programs/title-of-the-article"
+path: "/organizations/title-of-the-article.html"
+id: "organizations/title-of-the-article"
 ---
 ```
 
@@ -49,7 +52,7 @@ date: "2016-11"
 How do I... | Answer
 ----------- | -------
 Add a link to a page within the docs site of the same book | `[Start H1 Response](start-h1-response.html)` or `[Start H1 Bounty](start-h1-bounty.html)`.
-Add a link to a page within the docs site to an article in another book | `[Start H1 Bounty](/programs/start-h1-bounty.html)`
+Add a link to a page within the docs site to an article in another book | `[Start H1 Bounty](/organizations/start-h1-bounty.html)`
 Add an image | `![image name](./images/signal-impact-2.png)`
 Reference the HackerOne blog link | Use `https://www.hackerone.com/blog` not www.hackerone.com/blog
 
@@ -75,13 +78,44 @@ they're | they are
 we've | we have
 you're | you are
 
+### Abbreviations
+>Do not use abbreviations in our platform without spelling them out completely first. Your first mention should be the full word with the abbreviation in parenthesis. After that, you can use the abbreviation for all further mentions. Eg: HackerOne's Bug Bounty Program (BBP) is a public program. Please be mindful that not all BBPs are public. 
+
+Below are some common abbreviations used by HackerOne
+
+Abbreviation | Definition
+----------- | -----------
+2FA | 2 Factor Authentication
+API | Application Programming Interface
+BBP | Bug Bounty Program
+CTF | Capture The Flag
+CVE | Common Vulnerabilities & Exposures
+CVSS | Common Vulnerability Scoring System
+MFA | Multi-Factor Authentication
+SOC | Security Operations Center
+VDP | Vulnerability Disclosure Program
+XSS | Cross-Site Scripting
+
+
 ### Spelling
 There are some words that can be used with multiple spellings. In order to keep consistency, we need to agree on which spelling to go with.
 
-Yes | No
---- | ---
-checkbox | check box
-double-check | double check (this is a noun)
+This | NOT | That
+---- | --- | ----
+cyberattack | NOT | cyber attack
+engagement | NOT | program
+organization | NOT | company
+hacker-powered | NOT | hacker powered
+internet | NOT | Internet
+eBook | NOT | ebook or e-book
+e-commerce | NOT | ecommerce (capitalized at the beginning of a sentence only)
+pentest and pentesting as one word | NOT | pen test or pen testing
+cybercriminal, bad actor, or malicious actor | NOT | criminal
+hacker | NOT | researcher   Exception: communication with government programs
+malicious hacker | NOT | black hat
+ethical hacker | NOT | white hat
+checkbox | NOT | check box
+double-check | NOT | double check (this is a noun)
 
 ### Numbers
 For numbers that are greater than 0, use the numerical number instead of spelling it out. For 0, spell out the word.
@@ -102,3 +136,11 @@ Sorry, we couldn’t find an account with that username. Can we help you recover
 Sorry, that password isn’t right. We can help you recover your password. | Wrong password.
 Enter a valid email address to use as your Apple ID. | The email address entered is invalid.
 That account doesn’t exist. Enter a different account or create a new one. | Sign-in unsuccessful. Please try again.
+
+### Embedded Videos
+The preferred source of instructional embedded videos is the [HackerOne YouTube channel](https://www.youtube.com/@HackerOneTV) and configured to be `Unlisted`. These should render on-page as an iframe with the following parameters:
+```html
+<iframe id="ytplayer" type="text/html" width="640" height="360" src="https://www.youtube-nocookie.com/embed/<YOUTUBE_VIDEO_ID>" frameborder="0" allowfullscreen></iframe>
+```
+#### Community Video Contributions
+If you're not a HackerOne employee or video content partner, please open a pull request or issue with a publicly accessible link to download the video file so it can be updloaded to HackerOne's YouTube channel. Note that video content will be need to be reviewed by various HackerOne teams; this may result in longer response times from the maintainers of this repository.

README.md

@@ -9,7 +9,7 @@ This repo contains the source code and documentation powering [docs.hackerone.co
 ### Prerequisites
 
 1. Git
-1. Node: install version 8.4 or greater
+1. Node: install version 16 or greater
 1. Yarn: See [Yarn website for installation instructions](https://yarnpkg.com/lang/en/docs/install/)
 1. A fork of the repo (for any contributions)
 1. A clone of the [docs.hackerone.com repo](https://github.com/Hacker0x01/docs.hackerone.com) on your local machine
@@ -24,6 +24,18 @@ This repo contains the source code and documentation powering [docs.hackerone.co
 1. `yarn develop` to start the hot-reloading development server (powered by [Gatsby](https://www.gatsbyjs.org))
 1. `open http://localhost:8000` to open the site in your favorite browser
 
+> On some machines you'll receive an error like:
+
+```
+Generating development SSR bundle failed
+
+error:0308010C:digital envelope routines::unsupported
+```
+> Run the following command to use the legacy OpenSSL provider instead:
+```
+export NODE_OPTIONS=--openssl-legacy-provider
+```
+
 ### Deploy
 
 Deploys are automated using GitHub actions. Every commit to the master branch will trigger a script that will build and deploy the site to production. If you want to deploy manually, follow the steps below:

docs/changelog/2015/august.md

@@ -5,7 +5,7 @@ date: "2015-08"
 ---
 
 ### Permissions
-HackerOne program administrators can set access rights for different team members who might play different roles on your team. Learn more [here](/programs/groups-and-permissions.html).
+HackerOne program administrators can set access rights for different team members who might play different roles on your team. Learn more [here](/organizations/groups-and-permissions.html).
 ![aug_2015_permissions](./images/aug_2015_permissions.jpg)
 
 ### Message Hackers

docs/changelog/2015/november.md

@@ -44,4 +44,4 @@ We’ve added integrations with:
 * Redmine
 * Freshdesk
 
-Read more about how these integrations work [here](https://docs.hackerone.com/programs/supported-integrations.html).
+Read more about how these integrations work [here](https://docs.hackerone.com/organizations/supported-integrations.html).

docs/changelog/2016/august.md

@@ -5,7 +5,7 @@ date: "2016-08"
 ---
 
 ### Report Submission Template
-Programs now have the ability to further customize their report submission form by choosing and customizing a report template that pre-populates the Issue information field. Learn more about [report templates](https://docs.hackerone.com/programs/report-templates.html).
+Programs now have the ability to further customize their report submission form by choosing and customizing a report template that pre-populates the Issue information field. Learn more about [report templates](https://docs.hackerone.com/organizations/report-templates.html).
 
 ### Billing Page Improvements
 We’ve updated the Billing page so that programs can now:

docs/changelog/2016/october.md

@@ -12,7 +12,7 @@ We’ve improved HackBot to suggest single-click actions, such as:
 ![oct_2016_hackbot](./images/oct_2016_hackbot.png)
 
 ### CVSS for Severity
-We introduce the ability for both hackers and security teams to set severity via CVSS. Read our [blog post](https://www.hackerone.com/blog/introducing-severity-cvss) or [docs article](https://docs.hackerone.com/programs/severity.html) to learn more.
+We introduce the ability for both hackers and security teams to set severity via CVSS. Read our [blog post](https://www.hackerone.com/blog/introducing-severity-cvss) or [docs article](https://docs.hackerone.com/organizations/severity.html) to learn more.
 ![oct_2016_cvss](./images/oct_2016_cvss.png)
 
 ### No Attachment Warning

docs/changelog/2017/august.md

@@ -22,7 +22,7 @@ We've revamped our Slack integration so that programs can have:
 * Notifications when a username is mentioned
 ![aug_2017_2](./images/aug_2017_2.png)
 
-Read our [blog post](https://www.hackerone.com/blog/slack-integration-update-2) and learn how to [set up Slack integration](/programs/slack-integration.html).
+Read our [blog post](https://www.hackerone.com/blog/slack-integration-update-2) and learn how to [set up Slack integration](/organizations/slack-integration.html).
 
 ### Bounty Splitting
 We now enable programs to have this feature that enables hackers to split bounties with other hackers that helped them find the vulnerability.

docs/changelog/2017/july.md

@@ -9,11 +9,11 @@ Hackers can now receive payments through Bank Transfers via CurrencyCloud. This
 ![july_2017_2](./images/july_2017_2.png)
 
 ### Scope
-Programs can now define their scope and the list of assets they want hackers to test. This controls what reports can be submitted and helps to prevent noise. Don’t know what a scope is? Learn more [here](/programs/defining-scope.html).
+Programs can now define their scope and the list of assets they want hackers to test. This controls what reports can be submitted and helps to prevent noise. Don’t know what a scope is? Learn more [here](/organizations/defining-scope.html).
 ![july_2017](./images/july_2017.png)
 
 ### Hacker Reviews
-Programs now have the ability to review their hackers and to comment on their behavior. Learn more about [hacker reviews](/programs/hacker-reviews.html). 
+Programs now have the ability to review their hackers and to comment on their behavior. Learn more about [hacker reviews](/organizations/hacker-reviews.html). 
 
 ### Bi-Directional Phabricator Integration
 We now provide programs with a two-way integration that syncs changes between HackerOne and Phabricator. 

docs/changelog/2017/may.md

@@ -22,4 +22,4 @@ We've implemented a hacker VPN that:
 * Pauses individual hacker access without interruption to the overall program
 * Integrates with a program's monitoring tools to have full visibility into program activity 
 
-Contact [HackerOne](https://support.hackerone.com/hc/en-us/requests/new) to participate in this beta. 
+Contact [HackerOne](https://support.hackerone.com) to participate in this beta. 

docs/changelog/2018/december.md

@@ -6,7 +6,7 @@ date: "2018-12"
 
 ### Global Launches
 We've globally launched these 2 previously beta features:
-* [Credential Management](/programs/credential-management.html)  
+* [Credential Management](/organizations/credential-management.html)  
 * [Disclosure for Private Programs](/hackers/disclosure.html)
 
 These features are now open for qualifying programs to opt-in to.

docs/changelog/2018/january.md

@@ -5,10 +5,10 @@ date: "2018-01"
 ---
 
 ### Human Augmented Signal
-We enable programs to utilize the expertise of HackerOne Security Analysts to review those pesky invalid reports so that programs don’t have to deal with them. Learn more about [Human Augmented Signal](/programs/human-augmented-signal.html). 
+We enable programs to utilize the expertise of HackerOne Security Analysts to review those pesky invalid reports so that programs don’t have to deal with them. Learn more about [Human Augmented Signal](/organizations/human-augmented-signal.html). 
 
 ### Response SLAs 
-You can now set your response service level agreements (SLAs) for time to first response, time to triage, time to bounty, and time to resolution. What do all these terms mean? Find out [here](/programs/response-target-metrics.html).
+You can now set your response service level agreements (SLAs) for time to first response, time to triage, time to bounty, and time to resolution. What do all these terms mean? Find out [here](/organizations/response-target-metrics.html).
 
 ### Response Efficiency Indicator
 We now display a colored indicator on a program's security page to show hackers how responsive a program is to report submissions.  

docs/changelog/2018/june.md

@@ -8,5 +8,5 @@ date: "2018-06"
 No need to wait for reports to be resolved in order to increase reputation! We now enable hackers to gain reputation whenever their reports are marked as <i>Triaged</i>. 
 
 ### Bounty Tables
-Instead of having programs manually create their own bounty table on the policy page using tedious markdown, we now enable them to easily generate their own bounty table with our new [bounty table](https://docs.hackerone.com/programs/bounty-tables.html) tool. 
+Instead of having programs manually create their own bounty table on the policy page using tedious markdown, we now enable them to easily generate their own bounty table with our new [bounty table](https://docs.hackerone.com/organizations/bounty-tables.html) tool. 
 ![june_2018](./images/june_2018.png)