zsp/everything-claude-code
1
0
Fork 0
mirror of https://github.com/affaan-m/everything-claude-code.git synced 2026-03-30 13:43:26 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
everything-claude-code/.kiro/steering/security.md
Himanshu Sharma bacc585b87 Add Kiro steering files, hooks, and scripts (#812) 
Co-authored-by: Sungmin Hong <hsungmin@amazon.com>
2026-03-22 21:55:47 -07:00

1003 B
Raw Permalink Blame History

inclusion, description
inclusion description
auto Security best practices including mandatory checks, secret management, and security response protocol.

Security Guidelines

Mandatory Security Checks

Before ANY commit:

  • No hardcoded secrets (API keys, passwords, tokens)
  • All user inputs validated
  • SQL injection prevention (parameterized queries)
  • XSS prevention (sanitized HTML)
  • CSRF protection enabled
  • Authentication/authorization verified
  • Rate limiting on all endpoints
  • Error messages don't leak sensitive data

Secret Management

  • NEVER hardcode secrets in source code
  • ALWAYS use environment variables or a secret manager
  • Validate that required secrets are present at startup
  • Rotate any secrets that may have been exposed

Security Response Protocol

If security issue found:

  1. STOP immediately
  2. Use security-reviewer agent
  3. Fix CRITICAL issues before continuing
  4. Rotate any exposed secrets
  5. Review entire codebase for similar issues
Reference in New Issue View Git Blame Copy Permalink