security-mcp 1.0.5 → 1.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (35) hide show
  1. package/defaults/checklists/ai.json +25 -0
  2. package/defaults/checklists/api.json +27 -0
  3. package/defaults/checklists/infra.json +27 -0
  4. package/defaults/checklists/mobile.json +25 -0
  5. package/defaults/checklists/payments.json +25 -0
  6. package/defaults/checklists/web.json +30 -0
  7. package/defaults/control-catalog.json +392 -0
  8. package/defaults/evidence-map.json +194 -0
  9. package/defaults/security-policy.json +41 -2
  10. package/dist/cli/index.js +13 -8
  11. package/dist/cli/install.js +11 -0
  12. package/dist/cli/onboarding.js +590 -0
  13. package/dist/gate/baseline.js +115 -0
  14. package/dist/gate/checks/ai-redteam.js +374 -0
  15. package/dist/gate/checks/api.js +93 -0
  16. package/dist/gate/checks/crypto.js +153 -0
  17. package/dist/gate/checks/database.js +144 -0
  18. package/dist/gate/checks/dependencies.js +126 -0
  19. package/dist/gate/checks/dlp.js +153 -0
  20. package/dist/gate/checks/graphql.js +122 -0
  21. package/dist/gate/checks/infra.js +126 -12
  22. package/dist/gate/checks/k8s.js +190 -0
  23. package/dist/gate/checks/playbook.js +160 -0
  24. package/dist/gate/checks/runtime.js +263 -0
  25. package/dist/gate/checks/sbom.js +199 -0
  26. package/dist/gate/checks/scanners.js +373 -7
  27. package/dist/gate/checks/secrets.js +85 -20
  28. package/dist/gate/policy.js +85 -19
  29. package/dist/gate/threat-intel.js +157 -0
  30. package/dist/mcp/server.js +500 -5
  31. package/dist/repo/search.js +13 -1
  32. package/dist/review/store.js +128 -0
  33. package/package.json +1 -1
  34. package/prompts/SECURITY_PROMPT.md +415 -1
  35. package/skills/senior-security-engineer/SKILL.md +35 -3
package/defaults/checklists/ai.json ADDED
@@ -0,0 +1,25 @@
1
+ {
2
+ "surface": "ai",
3
+ "items": [
4
+ { "id": "ai_input_sanitization", "description": "All AI inputs sanitized and validated before being passed to models", "critical": true },
5
+ { "id": "ai_prompt_separation", "description": "System prompt structurally separated from user content — no string concatenation", "critical": true },
6
+ { "id": "ai_rag_untrusted", "description": "Indirect prompt injection: retrieved RAG context treated as untrusted and isolated", "critical": true },
7
+ { "id": "ai_output_schema", "description": "Model outputs validated against JSON schema before acting on them", "critical": true },
8
+ { "id": "ai_pii_scan", "description": "Output PII scan in place — no SSN, card numbers, tokens in model responses", "critical": true },
9
+ { "id": "ai_rate_limiting", "description": "AI endpoints rate-limited independently from regular API — token budgets enforced", "critical": true },
10
+ { "id": "ai_access_logging", "description": "Model access logging enabled — user, timestamp, token counts, model version logged", "critical": false },
11
+ { "id": "ai_redteam_done", "description": "Red-team test cases executed — jailbreak, injection, PII exfil probes reviewed", "critical": true },
12
+ { "id": "ai_tool_allowlist", "description": "AI agent tool calls routed through allowlist — no unconstrained tool execution", "critical": true },
13
+ { "id": "ai_human_in_loop", "description": "Human-in-the-loop approval required for high-impact agentic actions (delete, send, execute)", "critical": true },
14
+ { "id": "ai_no_eval_output", "description": "Model output never passed to eval() or executed as code", "critical": true },
15
+ { "id": "ai_no_shell_exec", "description": "Model output never passed directly to shell commands — allowlisted templates only", "critical": true },
16
+ { "id": "ai_data_minimization", "description": "Only minimum necessary data included in prompts — no bulk data injection", "critical": false },
17
+ { "id": "ai_model_versioning", "description": "Model version pinned — changes to model version go through security review", "critical": false },
18
+ { "id": "ai_abuse_monitoring", "description": "Abuse monitoring in place — anomaly detection on token usage and response patterns", "critical": false },
19
+ { "id": "ai_threat_model", "description": "AI-specific threat model completed — MITRE ATLAS and OWASP LLM Top 10 reviewed", "critical": true },
20
+ { "id": "ai_rag_authz", "description": "RAG retrieval enforces authorization — documents filtered by user permissions", "critical": true },
21
+ { "id": "ai_no_pii_in_prompts", "description": "No PII, credentials, or secrets in prompt templates", "critical": true },
22
+ { "id": "ai_fallback_handling", "description": "Model failures handled gracefully — no sensitive error details exposed to users", "critical": false },
23
+ { "id": "ai_owasp_llm_top10", "description": "OWASP LLM Top 10 controls reviewed and addressed for this AI surface", "critical": true }
24
+ ]
25
+ }
package/defaults/checklists/api.json ADDED
@@ -0,0 +1,27 @@
1
+ {
2
+ "surface": "api",
3
+ "items": [
4
+ { "id": "api_authn_required", "description": "All new endpoints require authentication (JWT RS256/ES256 validated, not HS256)", "critical": true },
5
+ { "id": "api_authz_server_side", "description": "Authorization checked server-side for every resource operation — IDOR prevention confirmed", "critical": true },
6
+ { "id": "api_input_validation", "description": "Server-side schema validation on all new inputs (Zod/Valibot/Yup/Joi)", "critical": true },
7
+ { "id": "api_rate_limiting", "description": "Rate limiting configured on all new endpoints — per-user and per-IP", "critical": true },
8
+ { "id": "api_cors_allowlist", "description": "CORS origin allowlist reviewed — no wildcard on authenticated endpoints", "critical": true },
9
+ { "id": "api_request_size", "description": "Request size limits enforced — no unbounded body parsing", "critical": false },
10
+ { "id": "api_ssrf_protection", "description": "SSRF protection on any server-side HTTP client — block private IPs and metadata endpoints", "critical": true },
11
+ { "id": "api_webhook_sig", "description": "Webhook signatures verified with HMAC-SHA256 and replay protection", "critical": true },
12
+ { "id": "api_openapi_updated", "description": "OpenAPI spec updated for all new endpoints", "critical": false },
13
+ { "id": "api_csrf", "description": "CSRF protections present on all state-mutating browser-accessible endpoints", "critical": true },
14
+ { "id": "api_error_messages", "description": "Error responses reviewed — no stack traces, internal paths, or schema details", "critical": false },
15
+ { "id": "api_logging", "description": "Security events logged for all auth decisions — no PII or secrets in logs", "critical": false },
16
+ { "id": "api_jwt_expiry", "description": "JWT expiry enforced — access tokens max 15 minutes, refresh tokens rotated", "critical": true },
17
+ { "id": "api_sql_injection", "description": "No raw SQL string concatenation — parameterized queries or ORM used throughout", "critical": true },
18
+ { "id": "api_mass_assignment", "description": "Mass assignment prevention — explicit field allowlists, not object spread from request body", "critical": true },
19
+ { "id": "api_sensitive_data", "description": "Sensitive data (PII, credentials) not included in API responses unless required", "critical": true },
20
+ { "id": "api_versioning", "description": "API versioning strategy in place — old versions have defined deprecation timeline", "critical": false },
21
+ { "id": "api_dependency_scan", "description": "Backend dependencies scanned — no CRITICAL CVEs unresolved", "critical": true },
22
+ { "id": "api_secrets_scan", "description": "Secrets scan clean — no hardcoded credentials or API keys", "critical": true },
23
+ { "id": "api_sast_pass", "description": "SAST scan passed with no CRITICAL findings", "critical": true },
24
+ { "id": "api_threat_model", "description": "Threat model completed and reviewed for this API surface change", "critical": true },
25
+ { "id": "api_health_endpoint", "description": "Health/readiness endpoints do not expose sensitive version or config info", "critical": false }
26
+ ]
27
+ }
package/defaults/checklists/infra.json ADDED
@@ -0,0 +1,27 @@
1
+ {
2
+ "surface": "infra",
3
+ "items": [
4
+ { "id": "infra_no_public_ingress", "description": "No 0.0.0.0/0 ingress rules in any firewall or security group", "critical": true },
5
+ { "id": "infra_private_endpoints", "description": "All managed services accessed via VPC endpoints or private connectivity", "critical": true },
6
+ { "id": "infra_no_public_storage", "description": "No world-readable storage buckets or containers", "critical": true },
7
+ { "id": "infra_secrets_manager", "description": "All secrets stored in secret manager — not in env files, CI logs, or container images", "critical": true },
8
+ { "id": "infra_iam_least_privilege", "description": "IAM roles follow least privilege — no wildcard permissions or admin roles", "critical": true },
9
+ { "id": "infra_network_segmentation", "description": "Network segmentation reviewed — web, app, and data tiers isolated", "critical": true },
10
+ { "id": "infra_waf_rules", "description": "WAF rules updated if new public endpoints added", "critical": false },
11
+ { "id": "infra_audit_logging", "description": "Cloud audit logging confirmed for all new resources", "critical": true },
12
+ { "id": "infra_iac_scan", "description": "IaC scan passed (Checkov/tfsec/Terrascan) with no HIGH/CRITICAL findings", "critical": true },
13
+ { "id": "infra_container_scan", "description": "Container scan passed — no CRITICAL CVEs with available fix", "critical": true },
14
+ { "id": "infra_tf_state_encrypted", "description": "Terraform state stored with encryption and locking — restricted access", "critical": true },
15
+ { "id": "infra_tf_versions_pinned", "description": "Provider and module versions pinned to exact versions — no floating ranges", "critical": false },
16
+ { "id": "infra_drift_detection", "description": "Drift detection enabled — unauthorized changes trigger alerts", "critical": false },
17
+ { "id": "infra_backup_verified", "description": "Backups configured and restore tested for all data stores", "critical": true },
18
+ { "id": "infra_tls_config", "description": "TLS 1.3 configured — TLS 1.0/1.1 disabled on all endpoints", "critical": true },
19
+ { "id": "infra_encryption_at_rest", "description": "Encryption at rest with CMEK/KMS for all data stores", "critical": true },
20
+ { "id": "infra_mfa_enforced", "description": "MFA enforced for all console and cloud provider access", "critical": true },
21
+ { "id": "infra_sbom_generated", "description": "SBOM generated for all container images included in this change", "critical": false },
22
+ { "id": "infra_provenance", "description": "SLSA provenance attestation generated for release artifacts", "critical": false },
23
+ { "id": "infra_threat_model", "description": "Threat model completed and reviewed for this infrastructure change", "critical": true },
24
+ { "id": "infra_zero_trust", "description": "Zero Trust controls applied — explicit authentication for all service-to-service calls", "critical": true },
25
+ { "id": "infra_ddos_protection", "description": "DDoS protection enabled for public-facing load balancers", "critical": false }
26
+ ]
27
+ }
package/defaults/checklists/mobile.json ADDED
@@ -0,0 +1,25 @@
1
+ {
2
+ "surface": "mobile",
3
+ "items": [
4
+ { "id": "mobile_ios_ats", "description": "iOS: NSAllowsArbitraryLoads is false — ATS strictly enforced", "critical": true },
5
+ { "id": "mobile_android_debuggable", "description": "Android: android:debuggable=false in release build manifest", "critical": true },
6
+ { "id": "mobile_android_cleartext", "description": "Android: usesCleartextTraffic=false — TLS enforced for all network traffic", "critical": true },
7
+ { "id": "mobile_cert_pinning", "description": "Certificate pinning implemented for high-value API calls", "critical": true },
8
+ { "id": "mobile_secure_storage", "description": "Sensitive data not stored in SharedPreferences, external storage, or plist in plaintext", "critical": true },
9
+ { "id": "mobile_keychain_keystore", "description": "Secrets stored in iOS Keychain / Android Keystore — not in code or config files", "critical": true },
10
+ { "id": "mobile_biometric_auth", "description": "Biometric authentication properly tied to Keychain/Keystore — not bypassable", "critical": false },
11
+ { "id": "mobile_screenshot_prevention", "description": "Screenshot prevention enabled for sensitive screens (payment, auth)", "critical": false },
12
+ { "id": "mobile_clipboard_protection", "description": "Sensitive fields (passwords, card numbers) block clipboard access", "critical": false },
13
+ { "id": "mobile_network_security_config", "description": "Android Network Security Config restricts cleartext and pins certificates", "critical": true },
14
+ { "id": "mobile_obfuscation", "description": "Release build uses code obfuscation (ProGuard/R8 for Android, Swift symbol stripping for iOS)", "critical": false },
15
+ { "id": "mobile_root_jailbreak_detection", "description": "Root/jailbreak detection implemented for high-risk operations", "critical": false },
16
+ { "id": "mobile_deep_links", "description": "Deep links validated — no open redirect or intent injection via deep link handling", "critical": true },
17
+ { "id": "mobile_api_keys_absent", "description": "No API keys, secrets, or credentials embedded in app binary or resources", "critical": true },
18
+ { "id": "mobile_masvs_l2", "description": "OWASP MASVS L2 checklist completed for release build", "critical": true },
19
+ { "id": "mobile_dependency_scan", "description": "Mobile dependencies scanned for known CVEs", "critical": true },
20
+ { "id": "mobile_threat_model", "description": "Threat model completed and reviewed for this mobile surface change", "critical": true },
21
+ { "id": "mobile_data_residency", "description": "Data residency requirements met — no user data stored on device beyond session", "critical": false },
22
+ { "id": "mobile_backup_prevention", "description": "allowBackup=false in Android manifest — sensitive data not included in backups", "critical": true },
23
+ { "id": "mobile_logging", "description": "No sensitive data logged in production builds — crash reporting sanitized", "critical": true }
24
+ ]
25
+ }
package/defaults/checklists/payments.json ADDED
@@ -0,0 +1,25 @@
1
+ {
2
+ "surface": "payments",
3
+ "items": [
4
+ { "id": "pci_no_pan_in_logs", "description": "No card numbers, CVV, or PAN in any log, database, cache, or error message", "critical": true },
5
+ { "id": "pci_webhook_verified", "description": "Payment processor webhook signatures verified with HMAC-SHA256 and replay protection", "critical": true },
6
+ { "id": "pci_scope_documented", "description": "PCI scope clearly defined and documented — CDE boundaries explicit", "critical": true },
7
+ { "id": "pci_network_segmented", "description": "Payment-adjacent systems network-segmented from non-payment systems", "critical": true },
8
+ { "id": "pci_audit_trail", "description": "Complete audit trail maintained for all payment operations — tamper-evident logs", "critical": true },
9
+ { "id": "pci_no_raw_card_storage", "description": "Raw card data never stored — tokenization used throughout", "critical": true },
10
+ { "id": "pci_tls_required", "description": "TLS 1.2+ required on all payment data flows — no fallback to older protocols", "critical": true },
11
+ { "id": "pci_strong_crypto", "description": "Strong cryptography used — no weak ciphers, MD5, SHA1 for security purposes", "critical": true },
12
+ { "id": "pci_access_control", "description": "Access to payment data restricted to minimum necessary roles — least privilege", "critical": true },
13
+ { "id": "pci_vulnerability_mgmt", "description": "Payment system dependencies scanned — no CRITICAL vulnerabilities unresolved", "critical": true },
14
+ { "id": "pci_waf_in_place", "description": "WAF in place and tuned for payment endpoints — OWASP rule sets active", "critical": true },
15
+ { "id": "pci_ids_ips", "description": "IDS/IPS monitoring payment data flows with alerting configured", "critical": false },
16
+ { "id": "pci_file_integrity", "description": "File integrity monitoring on payment system files — alerts on unauthorized change", "critical": false },
17
+ { "id": "pci_vendor_managed", "description": "Payment processing handled by PCI-compliant vendor (Stripe/Braintree/Adyen) — not custom", "critical": true },
18
+ { "id": "pci_pen_test", "description": "Penetration test conducted within the last 12 months for payment scope", "critical": false },
19
+ { "id": "pci_anti_fraud", "description": "Anti-fraud controls in place — velocity checks, geographic anomaly detection", "critical": true },
20
+ { "id": "pci_chargeback_monitoring", "description": "Chargeback monitoring and alerting configured with defined response process", "critical": false },
21
+ { "id": "pci_data_retention", "description": "Payment data retention policy enforced — data purged per PCI DSS schedule", "critical": true },
22
+ { "id": "pci_ir_playbook", "description": "Payment fraud and PCI breach IR playbooks exist and are current", "critical": true },
23
+ { "id": "pci_threat_model", "description": "Threat model completed and reviewed for this payment surface change", "critical": true }
24
+ ]
25
+ }
package/defaults/checklists/web.json ADDED
@@ -0,0 +1,30 @@
1
+ {
2
+ "surface": "web",
3
+ "items": [
4
+ { "id": "web_csp_nonce", "description": "Content-Security-Policy uses nonce-based control — no unsafe-inline or unsafe-eval", "critical": true },
5
+ { "id": "web_hsts", "description": "Strict-Transport-Security with includeSubDomains and preload, max-age >= 1 year", "critical": true },
6
+ { "id": "web_xframe", "description": "X-Frame-Options: DENY or SAMEORIGIN", "critical": true },
7
+ { "id": "web_xcto", "description": "X-Content-Type-Options: nosniff on all responses", "critical": true },
8
+ { "id": "web_referrer", "description": "Referrer-Policy: strict-origin-when-cross-origin", "critical": false },
9
+ { "id": "web_permissions", "description": "Permissions-Policy restricts camera, microphone, geolocation to self or none", "critical": false },
10
+ { "id": "web_no_inline_js", "description": "No inline JavaScript or inline event handlers (onclick, onerror, etc.)", "critical": true },
11
+ { "id": "web_sri", "description": "Subresource Integrity (SRI) on all third-party scripts and stylesheets", "critical": true },
12
+ { "id": "web_csrf", "description": "CSRF protection (SameSite cookies + CSRF tokens) on all state-changing endpoints", "critical": true },
13
+ { "id": "web_xss_no_dsi", "description": "dangerouslySetInnerHTML absent or sanitized with proven HTML sanitizer", "critical": true },
14
+ { "id": "web_secure_cookies", "description": "Session cookies have HttpOnly, Secure, SameSite=Strict flags", "critical": true },
15
+ { "id": "web_cors", "description": "CORS origin allowlist reviewed — no wildcard on authenticated endpoints", "critical": true },
16
+ { "id": "web_error_messages", "description": "Error messages reviewed — no stack traces, schema details, or enum leakage", "critical": false },
17
+ { "id": "web_open_redirect", "description": "No open redirect vulnerabilities — all redirects use allowlisted destinations", "critical": true },
18
+ { "id": "web_clickjacking", "description": "Clickjacking prevention verified in staging (X-Frame-Options + CSP frame-ancestors)", "critical": false },
19
+ { "id": "web_subresource_integrity", "description": "All CDN resources have SRI hashes verified and up-to-date", "critical": false },
20
+ { "id": "web_auth_headers", "description": "Authorization tokens not stored in localStorage — use HttpOnly cookies", "critical": true },
21
+ { "id": "web_rate_limiting", "description": "Rate limiting configured on login, registration, and password-reset endpoints", "critical": true },
22
+ { "id": "web_ssrf_guard", "description": "SSRF protection on server-side HTTP calls — private IP ranges blocked", "critical": true },
23
+ { "id": "web_dependency_scan", "description": "Frontend dependencies scanned for CVEs — no CRITICAL/HIGH unresolved", "critical": true },
24
+ { "id": "web_threat_model", "description": "Threat model completed and reviewed for this web surface change", "critical": true },
25
+ { "id": "web_sast_pass", "description": "SAST scan passed with no CRITICAL findings", "critical": true },
26
+ { "id": "web_secrets_scan", "description": "Secrets scan clean — no credentials or tokens in source code", "critical": true },
27
+ { "id": "web_logging", "description": "Required security events logged — no PII, tokens, or secrets in logs", "critical": false },
28
+ { "id": "web_staging_verified", "description": "Security headers verified in staging environment with automated check", "critical": false }
29
+ ]
30
+ }
package/defaults/control-catalog.json CHANGED
@@ -152,6 +152,398 @@
152
152
  "surfaces": ["all"],
153
153
  "frameworks": ["NIST 800-218", "SOC 2"],
154
154
  "required_steps": ["self_heal_loop"]
155
+ },
156
+ {
157
+ "id": "SBOM_SCANNER_READY",
158
+ "description": "An SBOM generator (Syft) is installed and runnable.",
159
+ "automation": "tooling",
160
+ "surfaces": ["all"],
161
+ "frameworks": ["SLSA", "NIST 800-218", "Executive Order 14028"],
162
+ "required_scanners": ["syft"]
163
+ },
164
+ {
165
+ "id": "NIST_AC_ACCESS_CONTROL",
166
+ "description": "Access control policies enforce least privilege and separation of duties (NIST 800-53 AC).",
167
+ "automation": "evidence",
168
+ "surfaces": ["all"],
169
+ "frameworks": ["NIST 800-53"],
170
+ "evidence": ["deny_by_default_authz", "service_to_service_auth"]
171
+ },
172
+ {
173
+ "id": "NIST_AU_AUDIT_LOGGING",
174
+ "description": "Audit events are logged, immutable, timestamped, and retained ≥1 year (NIST 800-53 AU).",
175
+ "automation": "evidence",
176
+ "surfaces": ["all"],
177
+ "frameworks": ["NIST 800-53", "SOC 2"],
178
+ "evidence": ["audit_logging_configured", "log_retention_policy"]
179
+ },
180
+ {
181
+ "id": "NIST_IA_IDENTIFICATION",
182
+ "description": "All users and services are uniquely identified and authenticated (NIST 800-53 IA).",
183
+ "automation": "evidence",
184
+ "surfaces": ["web", "api", "infra"],
185
+ "frameworks": ["NIST 800-53", "OWASP ASVS"],
186
+ "evidence": ["mfa_enforced", "service_account_per_workload"]
187
+ },
188
+ {
189
+ "id": "NIST_SC_TRANSMISSION",
190
+ "description": "All data in transit is encrypted using approved algorithms (NIST 800-53 SC).",
191
+ "automation": "evidence",
192
+ "surfaces": ["all"],
193
+ "frameworks": ["NIST 800-53", "PCI DSS 4.0"],
194
+ "evidence": ["tls_config_verified"]
195
+ },
196
+ {
197
+ "id": "NIST_SI_INPUT_VALIDATION",
198
+ "description": "All inputs are validated, sanitized, and encoded before processing (NIST 800-53 SI).",
199
+ "automation": "evidence",
200
+ "surfaces": ["web", "api"],
201
+ "frameworks": ["NIST 800-53", "OWASP Top 10"],
202
+ "evidence": ["input_validation_schema", "output_encoding_present"]
203
+ },
204
+ {
205
+ "id": "NIST_CM_CONFIGURATION",
206
+ "description": "Baseline configurations are established and enforced for all systems (NIST 800-53 CM).",
207
+ "automation": "tooling",
208
+ "surfaces": ["infra"],
209
+ "frameworks": ["NIST 800-53", "CIS Benchmarks"],
210
+ "required_scanners": ["checkov"]
211
+ },
212
+ {
213
+ "id": "NIST_IR_INCIDENT_RESPONSE",
214
+ "description": "Incident response playbooks exist, are tested, and have defined MTTD/MTTR SLAs (NIST 800-53 IR).",
215
+ "automation": "evidence",
216
+ "surfaces": ["all"],
217
+ "frameworks": ["NIST 800-53", "SOC 2"],
218
+ "evidence": ["ir_playbook_present", "ir_playbook_tested"]
219
+ },
220
+ {
221
+ "id": "NIST_RA_RISK_ASSESSMENT",
222
+ "description": "Security risk assessments are performed before major releases (NIST 800-53 RA).",
223
+ "automation": "workflow",
224
+ "surfaces": ["all"],
225
+ "frameworks": ["NIST 800-53", "ISO 27001:2022"],
226
+ "required_steps": ["threat_model"]
227
+ },
228
+ {
229
+ "id": "NIST_SA_SYSTEM_SERVICES",
230
+ "description": "Third-party components are assessed for security risk before adoption (NIST 800-53 SA).",
231
+ "automation": "tooling",
232
+ "surfaces": ["all"],
233
+ "frameworks": ["NIST 800-53", "NIST 800-218"],
234
+ "required_scanners": ["osv-scanner"]
235
+ },
236
+ {
237
+ "id": "NIST_SR_SUPPLY_CHAIN",
238
+ "description": "Supply chain integrity is verified via SBOM, provenance attestation, and dependency scanning (NIST 800-53 SR).",
239
+ "automation": "tooling",
240
+ "surfaces": ["all"],
241
+ "frameworks": ["NIST 800-53", "SLSA", "Executive Order 14028"],
242
+ "required_scanners": ["syft", "osv-scanner"]
243
+ },
244
+ {
245
+ "id": "PCI_REQ1_NETWORK",
246
+ "description": "Network security controls restrict inbound/outbound traffic to only what is necessary (PCI DSS 4.0 Req 1).",
247
+ "automation": "tooling",
248
+ "surfaces": ["infra"],
249
+ "frameworks": ["PCI DSS 4.0"],
250
+ "required_scanners": ["checkov"]
251
+ },
252
+ {
253
+ "id": "PCI_REQ3_STORED_DATA",
254
+ "description": "Cardholder data at rest is encrypted and PAN is never stored in plaintext (PCI DSS 4.0 Req 3).",
255
+ "automation": "evidence",
256
+ "surfaces": ["api", "infra"],
257
+ "frameworks": ["PCI DSS 4.0"],
258
+ "evidence": ["pan_encryption_configured", "no_plaintext_pan"]
259
+ },
260
+ {
261
+ "id": "PCI_REQ4_TRANSIT",
262
+ "description": "Cardholder data in transit uses TLS 1.2+ with approved cipher suites (PCI DSS 4.0 Req 4).",
263
+ "automation": "evidence",
264
+ "surfaces": ["web", "api"],
265
+ "frameworks": ["PCI DSS 4.0"],
266
+ "evidence": ["tls_config_verified"]
267
+ },
268
+ {
269
+ "id": "PCI_REQ6_SECURE_SYSTEMS",
270
+ "description": "All software components are up-to-date and protected against known vulnerabilities (PCI DSS 4.0 Req 6).",
271
+ "automation": "tooling",
272
+ "surfaces": ["all"],
273
+ "frameworks": ["PCI DSS 4.0"],
274
+ "required_scanners": ["osv-scanner", "trivy"]
275
+ },
276
+ {
277
+ "id": "SOC2_CC6_LOGICAL_ACCESS",
278
+ "description": "Logical access to systems is restricted and uses MFA for privileged accounts (SOC 2 CC6).",
279
+ "automation": "evidence",
280
+ "surfaces": ["all"],
281
+ "frameworks": ["SOC 2 Type II"],
282
+ "evidence": ["mfa_enforced", "deny_by_default_authz"]
283
+ },
284
+ {
285
+ "id": "SOC2_CC7_SYSTEM_MONITORING",
286
+ "description": "System components are monitored for anomalous activity and security events (SOC 2 CC7).",
287
+ "automation": "evidence",
288
+ "surfaces": ["all"],
289
+ "frameworks": ["SOC 2 Type II"],
290
+ "evidence": ["audit_logging_configured", "alerting_configured"]
291
+ },
292
+ {
293
+ "id": "SOC2_CC8_CHANGE_MANAGEMENT",
294
+ "description": "Changes are authorized, tested, and reviewed before deployment (SOC 2 CC8).",
295
+ "automation": "workflow",
296
+ "surfaces": ["all"],
297
+ "frameworks": ["SOC 2 Type II"],
298
+ "required_steps": ["run_pr_gate"]
299
+ },
300
+ {
301
+ "id": "SOC2_CC9_RISK_MITIGATION",
302
+ "description": "Security risks are identified and formally risk-accepted or remediated (SOC 2 CC9).",
303
+ "automation": "workflow",
304
+ "surfaces": ["all"],
305
+ "frameworks": ["SOC 2 Type II"],
306
+ "required_steps": ["threat_model", "run_pr_gate"]
307
+ },
308
+ {
309
+ "id": "MITRE_INITIAL_ACCESS",
310
+ "description": "Controls in place to prevent initial access vectors: phishing, supply chain, public-facing exploits (TA0001).",
311
+ "automation": "evidence",
312
+ "surfaces": ["all"],
313
+ "frameworks": ["MITRE ATT&CK Enterprise"],
314
+ "evidence": ["mfa_enforced", "email_filtering", "public_surface_hardened"]
315
+ },
316
+ {
317
+ "id": "MITRE_CREDENTIAL_ACCESS",
318
+ "description": "Controls prevent credential dumping, brute force, and credential theft (TA0006).",
319
+ "automation": "evidence",
320
+ "surfaces": ["all"],
321
+ "frameworks": ["MITRE ATT&CK Enterprise"],
322
+ "evidence": ["no_hardcoded_secrets", "secret_manager_refs", "rate_limiting_present"]
323
+ },
324
+ {
325
+ "id": "MITRE_EXFILTRATION",
326
+ "description": "Controls prevent unauthorized data exfiltration over network, cloud storage, or encoding (TA0010).",
327
+ "automation": "evidence",
328
+ "surfaces": ["all"],
329
+ "frameworks": ["MITRE ATT&CK Enterprise"],
330
+ "evidence": ["egress_controls", "dlp_configured"]
331
+ },
332
+ {
333
+ "id": "MITRE_DEFENSE_EVASION",
334
+ "description": "Logging is tamper-evident; code signing prevents unauthorized binary substitution (TA0005).",
335
+ "automation": "evidence",
336
+ "surfaces": ["all"],
337
+ "frameworks": ["MITRE ATT&CK Enterprise"],
338
+ "evidence": ["audit_logging_configured", "artifact_signing"]
339
+ },
340
+ {
341
+ "id": "MITRE_PERSISTENCE",
342
+ "description": "Controls detect and prevent backdoors, scheduled tasks, and unauthorized service installation (TA0003).",
343
+ "automation": "tooling",
344
+ "surfaces": ["infra"],
345
+ "frameworks": ["MITRE ATT&CK Enterprise"],
346
+ "required_scanners": ["checkov", "trivy"]
347
+ },
348
+ {
349
+ "id": "MITRE_PRIVILEGE_ESCALATION",
350
+ "description": "Containers and services cannot escalate to root; least-privilege IAM enforced (TA0004).",
351
+ "automation": "tooling",
352
+ "surfaces": ["infra"],
353
+ "frameworks": ["MITRE ATT&CK Enterprise", "CIS Kubernetes Benchmark"],
354
+ "required_scanners": ["checkov"]
355
+ },
356
+ {
357
+ "id": "MITRE_LATERAL_MOVEMENT",
358
+ "description": "Network segmentation and mTLS prevent lateral movement between services (TA0008).",
359
+ "automation": "evidence",
360
+ "surfaces": ["infra"],
361
+ "frameworks": ["MITRE ATT&CK Enterprise", "NIST 800-207"],
362
+ "evidence": ["network_segmentation", "zero_trust_network"]
363
+ },
364
+ {
365
+ "id": "MITRE_IMPACT",
366
+ "description": "Data backups are encrypted and tested; ransomware-resistant backup policies in place (TA0040).",
367
+ "automation": "evidence",
368
+ "surfaces": ["infra"],
369
+ "frameworks": ["MITRE ATT&CK Enterprise"],
370
+ "evidence": ["backup_encryption", "backup_tested"]
371
+ },
372
+ {
373
+ "id": "MITRE_COMMAND_CONTROL",
374
+ "description": "Egress filtering blocks C2 channels; DNS monitoring detects beaconing (TA0011).",
375
+ "automation": "evidence",
376
+ "surfaces": ["infra"],
377
+ "frameworks": ["MITRE ATT&CK Enterprise"],
378
+ "evidence": ["egress_controls", "dns_monitoring"]
379
+ },
380
+ {
381
+ "id": "AI_LLM01_PROMPT_INJECTION",
382
+ "description": "Application defends against direct and indirect prompt injection attacks (OWASP LLM01).",
383
+ "automation": "tooling",
384
+ "surfaces": ["ai"],
385
+ "frameworks": ["OWASP LLM Top 10 2025", "MITRE ATLAS"],
386
+ "required_scanners": ["semgrep"]
387
+ },
388
+ {
389
+ "id": "AI_LLM02_OUTPUT_HANDLING",
390
+ "description": "LLM outputs are validated against a schema before use in downstream systems (OWASP LLM02).",
391
+ "automation": "evidence",
392
+ "surfaces": ["ai"],
393
+ "frameworks": ["OWASP LLM Top 10 2025"],
394
+ "evidence": ["json_schema_validation", "output_encoding_present"]
395
+ },
396
+ {
397
+ "id": "AI_LLM04_MODEL_DOS",
398
+ "description": "Rate limiting and input length limits prevent model resource exhaustion (OWASP LLM04).",
399
+ "automation": "evidence",
400
+ "surfaces": ["ai", "api"],
401
+ "frameworks": ["OWASP LLM Top 10 2025"],
402
+ "evidence": ["rate_limiting_present", "input_length_limits"]
403
+ },
404
+ {
405
+ "id": "AI_LLM07_PLUGIN_DESIGN",
406
+ "description": "LLM plugins and tools operate on an explicit allowlist with minimal permissions (OWASP LLM07).",
407
+ "automation": "evidence",
408
+ "surfaces": ["ai"],
409
+ "frameworks": ["OWASP LLM Top 10 2025"],
410
+ "evidence": ["tool_allowlist_router"]
411
+ },
412
+ {
413
+ "id": "AI_LLM08_EXCESSIVE_AGENCY",
414
+ "description": "LLM agents cannot take irreversible actions without human confirmation (OWASP LLM08).",
415
+ "automation": "evidence",
416
+ "surfaces": ["ai"],
417
+ "frameworks": ["OWASP LLM Top 10 2025", "NIST AI RMF"],
418
+ "evidence": ["human_in_loop_for_actions", "tool_allowlist_router"]
419
+ },
420
+ {
421
+ "id": "SLSA_L3_PROVENANCE",
422
+ "description": "Build artifacts have signed SLSA Level 3 provenance from a hermetic, ephemeral CI build.",
423
+ "automation": "evidence",
424
+ "surfaces": ["all"],
425
+ "frameworks": ["SLSA", "NIST 800-218"],
426
+ "evidence": ["artifact_signing", "hermetic_build_configured"]
427
+ },
428
+ {
429
+ "id": "SBOM_GENERATED",
430
+ "description": "A CycloneDX or SPDX SBOM is generated on every release and stored as a signed artifact.",
431
+ "automation": "tooling",
432
+ "surfaces": ["all"],
433
+ "frameworks": ["Executive Order 14028", "NIST 800-218", "SLSA"],
434
+ "required_scanners": ["syft"]
435
+ },
436
+ {
437
+ "id": "ZERO_TRUST_MICROSEG",
438
+ "description": "Network microsegmentation enforces deny-by-default between all services.",
439
+ "automation": "evidence",
440
+ "surfaces": ["infra"],
441
+ "frameworks": ["NIST 800-207", "CISA Zero Trust Maturity Model"],
442
+ "evidence": ["network_segmentation", "zero_trust_network"]
443
+ },
444
+ {
445
+ "id": "ZERO_TRUST_CONTINUOUS_VERIFY",
446
+ "description": "Every request is continuously verified — no persistent trust based on network location.",
447
+ "automation": "evidence",
448
+ "surfaces": ["all"],
449
+ "frameworks": ["NIST 800-207"],
450
+ "evidence": ["deny_by_default_authz", "service_to_service_auth"]
451
+ },
452
+ {
453
+ "id": "IR_PLAYBOOKS_CURRENT",
454
+ "description": "Incident response playbooks exist for all surfaces, are tested within 90 days, and have contact lists.",
455
+ "automation": "tooling",
456
+ "surfaces": ["all"],
457
+ "frameworks": ["NIST 800-53", "SOC 2 Type II"],
458
+ "required_scanners": []
459
+ },
460
+ {
461
+ "id": "CIS_CONTAINER_HARDENING",
462
+ "description": "Container images comply with CIS Docker Benchmark Level 2.",
463
+ "automation": "tooling",
464
+ "surfaces": ["infra"],
465
+ "frameworks": ["CIS Benchmarks", "NIST 800-190"],
466
+ "required_scanners": ["trivy", "checkov"]
467
+ },
468
+ {
469
+ "id": "CIS_K8S_HARDENING",
470
+ "description": "Kubernetes cluster configuration complies with CIS Kubernetes Benchmark Level 2.",
471
+ "automation": "tooling",
472
+ "surfaces": ["infra"],
473
+ "frameworks": ["CIS Benchmarks", "NIST 800-190"],
474
+ "required_scanners": ["checkov"]
475
+ },
476
+ {
477
+ "id": "CIS_CLOUD_HARDENING",
478
+ "description": "Cloud account configuration complies with CIS Benchmark Level 2 for the active cloud provider.",
479
+ "automation": "tooling",
480
+ "surfaces": ["infra"],
481
+ "frameworks": ["CIS Benchmarks", "NIST 800-53"],
482
+ "required_scanners": ["checkov"]
483
+ },
484
+ {
485
+ "id": "GRAPHQL_INTROSPECTION_DISABLED",
486
+ "description": "GraphQL introspection is disabled in non-development environments.",
487
+ "automation": "tooling",
488
+ "surfaces": ["api"],
489
+ "frameworks": ["OWASP API Security Top 10", "CWE-200"],
490
+ "required_scanners": ["semgrep"]
491
+ },
492
+ {
493
+ "id": "GRAPHQL_QUERY_COMPLEXITY",
494
+ "description": "GraphQL query depth and complexity limits are enforced.",
495
+ "automation": "tooling",
496
+ "surfaces": ["api"],
497
+ "frameworks": ["OWASP API Security Top 10"],
498
+ "required_scanners": ["semgrep"]
499
+ },
500
+ {
501
+ "id": "K8S_POD_SECURITY",
502
+ "description": "Kubernetes pods enforce security contexts with least-privilege settings.",
503
+ "automation": "tooling",
504
+ "surfaces": ["infra"],
505
+ "frameworks": ["CIS Kubernetes Benchmark", "NIST 800-190"],
506
+ "required_scanners": ["checkov"]
507
+ },
508
+ {
509
+ "id": "K8S_NETWORK_POLICY",
510
+ "description": "Kubernetes NetworkPolicy resources restrict pod-to-pod traffic.",
511
+ "automation": "tooling",
512
+ "surfaces": ["infra"],
513
+ "frameworks": ["CIS Kubernetes Benchmark", "NIST 800-190"],
514
+ "required_scanners": ["checkov"]
515
+ },
516
+ {
517
+ "id": "DB_ENCRYPTION_TRANSIT",
518
+ "description": "All database connections require TLS/SSL encryption in transit.",
519
+ "automation": "tooling",
520
+ "surfaces": ["api", "infra"],
521
+ "frameworks": ["PCI DSS 4.0", "NIST 800-53"],
522
+ "required_scanners": ["semgrep"]
523
+ },
524
+ {
525
+ "id": "DB_LEAST_PRIVILEGE",
526
+ "description": "Database credentials use least-privilege accounts, not root/admin.",
527
+ "automation": "tooling",
528
+ "surfaces": ["infra"],
529
+ "frameworks": ["NIST 800-53", "CIS"],
530
+ "required_scanners": ["semgrep"]
531
+ },
532
+ {
533
+ "id": "CRYPTO_APPROVED_ALGORITHMS",
534
+ "description": "Only NIST-approved cryptographic algorithms are used (AES-256, SHA-256+, RSA-2048+).",
535
+ "automation": "tooling",
536
+ "surfaces": ["all"],
537
+ "frameworks": ["NIST SP 800-131A", "FIPS 140-3"],
538
+ "required_scanners": ["semgrep"]
539
+ },
540
+ {
541
+ "id": "DLP_NO_PII_IN_LOGS",
542
+ "description": "PII, PAN, SSN, and credentials are never written to application logs.",
543
+ "automation": "tooling",
544
+ "surfaces": ["all"],
545
+ "frameworks": ["GDPR", "HIPAA", "PCI DSS 4.0"],
546
+ "required_scanners": ["semgrep"]
155
547
  }
156
548
  ]
157
549
  }