Merge pull request #42 from konstruktoid/contrib

CONTRIBUTING.md

CONTRIBUTING.md

@@ -19,12 +19,15 @@ The only thing you need to hack on Docker Bench for Security is a POSIX 2004 com
 You can build the container that wraps the docker-bench for security:
 ```sh
 ✗ git clone git@github.com:docker/docker-bench-security.git
-✗ docker build -t diogomonica/docker-bench-security .
+✗ cd docker-bench-security
+✗ docker build -t docker-bench-security .
 ```
 
 Or you can simply run the shell script locally:
 
 ```sh
+✗ git clone git@github.com:docker/docker-bench-security.git
+✗ cd docker-bench-security
 ✗ sh docker-bench-security.sh
 ```
 
@@ -33,8 +36,7 @@ The Docker Bench has the main script called `docker-bench-security.sh`. This is
 The tests are split in 6 different files:
 
 ```sh
-✗  docker-bench-security git:(master) ✗ tree tests
-tests
+✗ tests
 ├── 1_host_configuration.sh
 ├── 2_docker_daemon_configuration.sh
 ├── 3_docker_daemon_configuration_files.sh
@@ -43,6 +45,6 @@ tests
 └── 6_docker_security_operations.sh
 ```
 
-To modify the Docker Bench for Security you should first clone the repository, make your changes, and then sign off on your commits. After that feel free to send us a pull-request with the changes.
+To modify the Docker Bench for Security you should first clone the repository, make your changes, check your code with `shellcheck`, `checkbashisms` or similar tools, and then sign off on your commits. After that feel free to send us a pull-request with the changes.
 
 While this tool is inspired in the CIS Docker 1.6 Benchmark, feel free to add new tests. We will try to turn dockerbench.com into a list of good community benchmarks for both security and performance, and we would love community contributions.