sf-agent-framework
Version:
AI Agent Orchestration Framework for Salesforce Development - Two-phase architecture with 70% context reduction
342 lines (312 loc) • 10.9 kB
YAML
workflow:
id: security-audit-workflow
name: Security Audit Workflow
description: >-
Comprehensive security assessment and remediation workflow for Salesforce
implementations. Covers initial assessment through remediation and validation
to ensure robust security posture and compliance.
type: sequential-with-iterations
duration: 2-3 weeks
project_types:
- security-assessment
- compliance-audit
- penetration-testing
- vulnerability-assessment
- periodic-review
sequence:
# Phase 1: Audit Preparation (Days 1-2)
- phase: audit_preparation
duration: 2 days
steps:
- step: scope_definition
agent: sf-security
participants: [sf-architect, business_stakeholders]
creates: audit-scope.md
activities:
audit_areas:
- Access control and permissions
- Data security and encryption
- Integration security
- Application security
- Compliance requirements
scope_boundaries:
included:
- Production org
- Integrated systems
- Custom code
- Data handling processes
excluded:
- Third-party managed services
- Infrastructure (unless relevant)
- Non-production environments
compliance_frameworks:
- SOC 2
- GDPR
- HIPAA (if applicable)
- PCI DSS (if applicable)
- Industry-specific regulations
deliverables:
- audit_scope.md
- compliance_checklist.xlsx
- stakeholder_matrix.md
- step: information_gathering
agent: sf-security
creates: security-inventory.md
activities:
documentation_review:
- Security policies
- Architecture diagrams
- Data flow diagrams
- Integration specifications
- Access control matrix
- Previous audit reports
system_inventory:
- User profiles and roles
- Permission sets
- Sharing rules
- Custom objects
- Integration points
- Connected apps
tools:
- Security scanner
- Metadata API
- Permission analyzer
# Phase 2: Security Assessment (Days 3-7)
- phase: security_assessment
duration: 5 days
parallel_tracks:
- track: access_control_audit
lead: sf-security
steps:
- step: profile_permission_analysis
creates: access-control-findings.md
uses: permission-review-checklist
activities:
- Review all profiles
- Analyze permission sets
- Check role hierarchy
- Validate sharing rules
- Assess record access
findings:
- Over-privileged users
- Unused permissions
- Sharing violations
- Role hierarchy issues
- step: authentication_review
creates: authentication-findings.md
activities:
- SSO configuration
- MFA enforcement
- Password policies
- Session settings
- Login restrictions
- track: data_security_audit
lead: sf-security-architect
steps:
- step: encryption_assessment
creates: encryption-findings.md
activities:
- Field encryption status
- Platform encryption
- Data masking rules
- Key management
- Data retention policies
- step: data_access_patterns
creates: data-access-findings.md
activities:
- CRUD permissions
- Field-level security
- Data export controls
- API access patterns
- Bulk data operations
- track: application_security_audit
lead: sf-developer
steps:
- step: code_security_review
creates: code-security-findings.md
uses: security-scan-checklist
activities:
- SOQL injection check
- XSS vulnerability scan
- CRUD/FLS enforcement
- Sharing enforcement
- Secret management
- step: integration_security
creates: integration-security-findings.md
activities:
- API authentication
- Certificate management
- Endpoint security
- Data validation
- Error handling
# Phase 3: Vulnerability Analysis (Days 8-9)
- phase: vulnerability_analysis
duration: 2 days
steps:
- step: risk_assessment
agent: sf-security
participants: [sf-architect, sf-security-architect]
creates: risk-assessment.md
uses: templates/security-audit-tmpl
activities:
- Categorize findings by severity
- Assess exploitability
- Determine business impact
- Calculate risk scores
- Prioritize remediation
risk_matrix:
critical: Immediate action required
high: Fix within 7 days
medium: Fix within 30 days
low: Fix in next release
- step: compliance_gap_analysis
agent: sf-security
creates: compliance-gaps.md
condition: has_compliance_requirements
activities:
- Map findings to requirements
- Identify compliance gaps
- Assess penalties/risks
- Define remediation timeline
- Document exceptions
- step: penetration_testing
agent: sf-security
creates: pentest-report.md
condition: pentest_in_scope
uses: penetration-test-checklist
activities:
- Authorization bypass attempts
- Data exfiltration tests
- Privilege escalation tests
- Session hijacking attempts
- API security testing
# Phase 4: Remediation Planning (Days 10-11)
- phase: remediation_planning
duration: 2 days
steps:
- step: remediation_strategy
agent: sf-security-architect
participants: [sf-architect, sf-developer, sf-admin]
creates: remediation-plan.md
activities:
- Group related findings
- Define fix approaches
- Estimate effort
- Sequence changes
- Identify dependencies
approach:
quick_wins: Immediate fixes
systematic_changes: Planned updates
architectural_changes: Major revisions
- step: implementation_plan
agent: sf-orchestrator
creates: implementation-schedule.md
activities:
- Assign responsibilities
- Set timelines
- Define test approach
- Plan deployments
- Schedule validations
# Phase 5: Remediation Implementation (Days 12-17)
- phase: remediation_implementation
duration: 6 days
parallel_tracks:
- track: configuration_fixes
lead: sf-admin
steps:
- step: permission_updates
creates: permission-changes.md
activities:
- Update profiles
- Modify permission sets
- Adjust sharing rules
- Fix field security
- Update page layouts
- step: security_settings
creates: settings-changes.md
activities:
- Update password policies
- Configure session settings
- Enable security features
- Set login restrictions
- Configure monitoring
- track: code_fixes
lead: sf-developer
steps:
- step: security_patches
creates: code-patches/
activities:
- Fix injection vulnerabilities
- Add FLS checks
- Implement sharing checks
- Secure API calls
- Update error handling
- step: test_coverage
creates: security-tests/
activities:
- Write security tests
- Validate fixes
- Check regressions
- Document changes
# Phase 6: Validation & Closure (Days 18-21)
- phase: validation_closure
duration: 4 days
steps:
- step: remediation_validation
agent: sf-security
participants: [sf-qa]
creates: validation-report.md
activities:
- Rerun security scans
- Verify all fixes
- Test security controls
- Validate compliance
- Check for regressions
- step: final_assessment
agent: sf-security
creates: final-security-report.md
activities:
- Document remaining risks
- Update risk register
- Create executive summary
- Define monitoring plan
- Schedule next audit
- step: knowledge_transfer
agent: sf-security
participants: [sf-admin, sf-developer]
creates: security-playbook.md
activities:
- Document security practices
- Create detection rules
- Define response procedures
- Train team members
- Update policies
success_criteria:
- All critical vulnerabilities remediated
- High-risk findings addressed
- Compliance requirements met
- Security controls validated
- Team trained on security practices
- Monitoring implemented
deliverables:
assessment:
- Security findings report
- Risk assessment matrix
- Compliance gap analysis
- Penetration test results
remediation:
- Remediation plan
- Implementation documentation
- Configuration changes log
- Code security patches
validation:
- Validation test results
- Final security report
- Security playbook
- Executive summary
ongoing_activities:
- Monthly security scans
- Quarterly access reviews
- Annual penetration tests
- Continuous monitoring
- Security training