691028fe69
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
- Added completed tasks documentation for Scheduler WebService, ImpactIndex, Models, Queue, Storage.Mongo, Worker, Signals, Signer, UI, Zastava.Observer, Zastava.Webhook, Zastava.Core, Cryptography.Kms, Cryptography, and Plugin. - Each task includes ID, status, owners, dependencies, descriptions, and exit criteria to ensure clarity and traceability. - Enhanced integration and unit testing coverage across various components to validate functionality and compliance with specifications.
3.1 KiB
3.1 KiB
Security, Risk & Governance
Authoritative sources for threat models, governance, compliance, and security operations.
Policies & Governance
- ../13_SECURITY_POLICY.md – responsible disclosure, support windows.
- ../11_GOVERNANCE.md – project governance charter.
- ../12_CODE_OF_CONDUCT.md – community expectations.
- ../17_SECURITY_HARDENING_GUIDE.md – deployment hardening steps.
- ../security/policy-governance.md – policy governance specifics.
- ../29_LEGAL_FAQ_QUOTA.md – legal interpretation of quota.
- ../33_333_QUOTA_OVERVIEW.md – quota policy reference.
- ../risk/risk-profiles.md – organisational risk personas.
Threat Models & Security Architecture
- ../security/authority-threat-model.md – Authority service threat analysis.
- ../security/authority-scopes.md – scope model.
- ../security/console-security.md – Console posture guidance.
- ../security/pack-signing-and-rbac.md – pack signing, RBAC guardrails.
- ../security/policy-governance.md – policy governance controls.
- ../security/rate-limits.md – rate limiting behaviour.
- ../security/password-hashing.md – credential storage.
Audit, Revocation & Compliance
- ../security/audit-events.md – audit event taxonomy.
- ../security/revocation-bundle.md & ../security/revocation-bundle-example.json – revocation process.
- ../license-jwt-quota.md – licence/quota enforcement controls.
- ../30_QUOTA_ENFORCEMENT_FLOW1.md – quota enforcement sequence.
- ../10_OFFLINE_KIT.md & ../24_OFFLINE_KIT.md – tamper-evident offline artefacts.
- ../security/ – browse for additional deep dives (audit, scopes, rate limits).
Supporting Material
- Module operations security notes: ../../modules/authority/operations/key-rotation.md, ../../modules/concelier/operations/authority-audit-runbook.md, ../../modules/zastava/README.md (runtime enforcement).
- ../observability/policy.md – security-relevant telemetry for policy.
- ../updates/2025-10-27-console-security-signoff.md & ../updates/2025-10-31-console-security-refresh.md – recent security sign-offs.