Skip to content

Security Baseline

This baseline defines minimum security hygiene for ongoing development.

Required

  • No plaintext secrets in repository commits.
  • Dependency updates reviewed on a regular cadence.
  • Security scan signals reviewed before merge when available.
  • Auth-sensitive changes receive focused review.
  • Secret scanning in CI.
  • Dependency vulnerability checks in CI.
  • Periodic key and credential rotation.

PR Guidance

  • Call out security-relevant changes in the PR summary.
  • Add follow-up backlog items for deferred security improvements.

Licensed under the MIT License.