stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 1 Releases Wiki Activity
Files
691028fe6982aa129aebb8ad201da450b8df0a10
git.stella-ops.org/docs/technical/security/README.md
Vladimir Moushkov 691028fe69
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details
feat: Document completed tasks across multiple components 
- Added completed tasks documentation for Scheduler WebService, ImpactIndex, Models, Queue, Storage.Mongo, Worker, Signals, Signer, UI, Zastava.Observer, Zastava.Webhook, Zastava.Core, Cryptography.Kms, Cryptography, and Plugin.
- Each task includes ID, status, owners, dependencies, descriptions, and exit criteria to ensure clarity and traceability.
- Enhanced integration and unit testing coverage across various components to validate functionality and compliance with specifications.
2025-10-30 18:20:31 +02:00

36 lines
3.1 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Security, Risk & Governance
Authoritative sources for threat models, governance, compliance, and security operations.
## Policies & Governance
- [../13_SECURITY_POLICY.md](../../13_SECURITY_POLICY.md) responsible disclosure, support windows.
- [../11_GOVERNANCE.md](../../11_GOVERNANCE.md) project governance charter.
- [../12_CODE_OF_CONDUCT.md](../../12_CODE_OF_CONDUCT.md) community expectations.
- [../17_SECURITY_HARDENING_GUIDE.md](../../17_SECURITY_HARDENING_GUIDE.md) deployment hardening steps.
- [../security/policy-governance.md](../../security/policy-governance.md) policy governance specifics.
- [../29_LEGAL_FAQ_QUOTA.md](../../29_LEGAL_FAQ_QUOTA.md) legal interpretation of quota.
- [../33_333_QUOTA_OVERVIEW.md](../../33_333_QUOTA_OVERVIEW.md) quota policy reference.
- [../risk/risk-profiles.md](../../risk/risk-profiles.md) organisational risk personas.
## Threat Models & Security Architecture
- [../security/authority-threat-model.md](../../security/authority-threat-model.md) Authority service threat analysis.
- [../security/authority-scopes.md](../../security/authority-scopes.md) scope model.
- [../security/console-security.md](../../security/console-security.md) Console posture guidance.
- [../security/pack-signing-and-rbac.md](../../security/pack-signing-and-rbac.md) pack signing, RBAC guardrails.
- [../security/policy-governance.md](../../security/policy-governance.md) policy governance controls.
- [../security/rate-limits.md](../../security/rate-limits.md) rate limiting behaviour.
- [../security/password-hashing.md](../../security/password-hashing.md) credential storage.
## Audit, Revocation & Compliance
- [../security/audit-events.md](../../security/audit-events.md) audit event taxonomy.
- [../security/revocation-bundle.md](../../security/revocation-bundle.md) & [../security/revocation-bundle-example.json](../../security/revocation-bundle-example.json) revocation process.
- [../license-jwt-quota.md](../../license-jwt-quota.md) licence/quota enforcement controls.
- [../30_QUOTA_ENFORCEMENT_FLOW1.md](../../30_QUOTA_ENFORCEMENT_FLOW1.md) quota enforcement sequence.
- [../10_OFFLINE_KIT.md](../../10_OFFLINE_KIT.md) & [../24_OFFLINE_KIT.md](../../24_OFFLINE_KIT.md) tamper-evident offline artefacts.
- [../security/](../../security/) browse for additional deep dives (audit, scopes, rate limits).
## Supporting Material
- Module operations security notes: [../../modules/authority/operations/key-rotation.md](../../modules/authority/operations/key-rotation.md), [../../modules/concelier/operations/authority-audit-runbook.md](../../modules/concelier/operations/authority-audit-runbook.md), [../../modules/zastava/README.md](../../modules/zastava/README.md) (runtime enforcement).
- [../observability/policy.md](../../observability/policy.md) security-relevant telemetry for policy.
- [../updates/2025-10-27-console-security-signoff.md](../../updates/2025-10-27-console-security-signoff.md) & [../updates/2025-10-31-console-security-refresh.md](../../updates/2025-10-31-console-security-refresh.md) recent security sign-offs.
Reference in New Issue View Git Blame Copy Permalink