@catladder/cli

[ { "description": "No API keys or secrets are stored in repository", "responsibles": 1, "more": "" }, { "description": "The app does not provide password login", "responsibles": 1, "more": "" }, { "description": "Passwords are not stored", "responsibles": 1, "more": "" }, { "description": "No sensitive information (passwords, keys, user data, ...) is logged or traced", "responsibles": 1, "more": "[Logging guide](https://www.notion.so/panterch/Long-story-logging-022722bb878f4724ae5b49e17667b630?pvs=4#9e5a36b7158a4953b73ec6a345bd8989), [Tracing guide](https://www.notion.so/panterch/Long-story-tracing-d8a9ec1ac2ff4fa78cefa8991233224e?pvs=4#535121b5bf9741fbaf8654b4b64d879d)" }, { "description": "Passwords are stored hashed with salt and salt is not stored in the repository", "responsibles": 1, "more": "[guide](https://git.panter.ch/panter/security-guide/-/blob/main/docs/audit/hash.md)" }, { "description": "Input that ends up in DOM is properly sanitized", "responsibles": 1, "more": "[guide](https://git.panter.ch/panter/security-guide/-/blob/main/docs/audit/xss.md)" }, { "description": "All user inputs have reasonable validations", "responsibles": 1, "more": "[guide](https://git.panter.ch/panter/security-guide/-/blob/main/docs/audit/validation.md)" }, { "description": "The app is not using cookies", "responsibles": 1, "more": "[guide](https://git.panter.ch/panter/security-guide/-/blob/main/docs/audit/cookies.md)" }, { "description": "The app is using cookies and cookies are properly configured", "responsibles": 1, "more": "[guide](https://git.panter.ch/panter/security-guide/-/blob/main/docs/audit/cookies.md)" }, { "description": "The app uses JWT with a secret and the secret is not stored in the repository", "responsibles": 1, "more": "[guide](https://git.panter.ch/panter/security-guide/-/blob/main/docs/audit/cookies.md)" }, { "description": "Authorization and user roles (RBAC) were reviewed thoroughly", "responsibles": 2, "more": "[guide](https://git.panter.ch/panter/security-guide/-/blob/main/docs/audit/authorization.md)" }, { "description": "CORS headers do not use `*`", "responsibles": 1, "more": "[guide](https://git.panter.ch/panter/security-guide/-/blob/main/docs/audit/cors.md)" }, { "description": "CSP headers are properly configured (no `unsafe-inline` or `unsafe-eval`)", "responsibles": 1, "more": "[guide](https://git.panter.ch/panter/security-guide/-/blob/main/docs/audit/csp.md)" }, { "description": "DoS defense mechanism is implemented", "responsibles": 1, "more": "[guide](https://git.panter.ch/panter/security-guide/-/blob/main/docs/audit/dos.md)" }, { "description": "YAML/XML parsing is not used or used YAML/XML parsers have disabled DTD", "responsibles": 1, "more": "[guide](https://git.panter.ch/panter/security-guide/-/blob/main/docs/audit/dos.md)" }, { "description": "The app implements CSRF prevention", "responsibles": 1, "more": "[guide](https://git.panter.ch/panter/security-guide/-/blob/main/docs/audit/csrf.md)" }, { "description": "The app has a rate limitter", "responsibles": 1, "more": "" }, { "description": "The app has disabled GraphQL introspection and schema registry", "responsibles": 1, "more": "[guide](https://git.panter.ch/panter/security-guide/-/blob/main/docs/audit/graphql.md)" }, { "description": "The app has set GraphQL complexity query limits", "responsibles": 1, "more": "[guide](https://git.panter.ch/panter/security-guide/-/blob/main/docs/audit/graphql.md)" }, { "description": "`sitemap.xml` does not leak any routes with sensitive data", "responsibles": 1, "more": "" }, { "description": "Cloud storage is (private) configured to not leak any sensitive data publicly", "responsibles": 1, "more": "" }, { "description": "Security Dashboard checks weekly vulnerable dependencies https://dep.panter.swiss/", "responsibles": 1, "more": "" }, { "description": "The app has `.well-known/security.txt` https://securitytxt.org/", "responsibles": 1, "more": "" } ]