sf-agent-framework
Version:
AI Agent Orchestration Framework for Salesforce Development - Two-phase architecture with 70% context reduction
452 lines (417 loc) • 16 kB
YAML
workflow:
id: security-audit-workflow
name: Security Audit Workflow
description: >-
Comprehensive security assessment and remediation workflow for Salesforce
implementations. Covers initial assessment through remediation and validation
to ensure robust security posture and compliance.
type: sequential-with-iterations
duration: 2-3 weeks
project_types:
- security-assessment
- compliance-audit
- penetration-testing
- vulnerability-assessment
- periodic-review
dependencies:
audit_matrix: ../audit/cognizant-enhanced-security-matrix.yaml
original_matrix: ../audit/salesforce-security-audit-matrix.yaml
scoring_template: ../templates/audit-scoring-template.md
health_check_package: ../../docs/Security-audit/SF-SecurityHealthCheck-pkg.xml
cognizant_standards: ../../docs/Security-audit/Cognizant_Salesforce_Security_Checklist.xlsx
sequence:
# Phase 1: Audit Preparation (Days 1-2)
- phase: audit_preparation
duration: 2 days
steps:
- step: scope_definition
agent: sf-security
participants: [sf-architect, business_stakeholders]
creates: audit-scope.md
activities:
audit_areas:
- Access control and permissions
- Data security and encryption
- Integration security
- Application security
- Compliance requirements
scope_boundaries:
included:
- Production org
- Integrated systems
- Custom code
- Data handling processes
excluded:
- Third-party managed services
- Infrastructure (unless relevant)
- Non-production environments
compliance_frameworks:
- SOC 2
- GDPR
- HIPAA (if applicable)
- PCI DSS (if applicable)
- Industry-specific regulations
deliverables:
- audit_scope.md
- compliance_checklist.xlsx
- stakeholder_matrix.md
- step: audit_matrix_initialization
agent: sf-security
uses: audit/cognizant-enhanced-security-matrix.yaml
creates: audit-matrix-instance.xlsx
activities:
- Load Cognizant enhanced audit matrix
- Initialize 5-layer architecture assessment
- Configure weighted scoring methodology
- Set compliance requirements (SOC2, GDPR, HIPAA, PCI-DSS, ISO27001)
- Initialize 119 security control checks
- Load 29 SOQL audit queries
- Prepare Health Check metadata extraction
- step: information_gathering
agent: sf-security
creates: security-inventory.md
activities:
documentation_review:
- Security policies
- Architecture diagrams
- Data flow diagrams
- Integration specifications
- Access control matrix
- Previous audit reports
system_inventory:
- User profiles and roles
- Permission sets
- Sharing rules
- Custom objects
- Integration points
- Connected apps
tools:
- Security scanner
- Metadata API
- Permission analyzer
# Phase 2: Security Assessment (Days 3-7)
- phase: security_assessment
duration: 5 days
uses_matrix_layers:
- foundation_layer (30% weight)
- user_experience_layer (15% weight)
- application_logic_layer (20% weight)
- data_layer (25% weight)
- integration_layer (10% weight)
cognizant_security_domains:
foundation:
- certificate_key_management
- password_policies
- multi_factor_authentication
- login_access_policies
- admin_access_management
- guest_user_security
user_experience:
- session_settings
- pii_data_access
- lightning_security
application_logic:
- apex_security
- flow_security
- code_security_testing
data:
- unrestricted_access
- data_export_controls
- sharing_model
- data_classification
integration:
- credential_management
- api_access_restrictions
- authentication_methods
- connected_app_management
parallel_tracks:
- track: access_control_audit
lead: sf-security
matrix_domain: identity_access_management
steps:
- step: profile_permission_analysis
creates: access-control-findings.md
uses: permission-review-checklist
matrix_controls: [FND-002, FND-003, FND-004, FND-005, FND-006]
soql_queries:
- SELECT user.id, user.Email, user.profile.name FROM user WHERE user.profile.Name = 'System Administrator'
- SELECT Id,Name FROM Profile WHERE PermissionsViewAllData = true
- SELECT Id,Name FROM PermissionSet WHERE PermissionsModifyAllData = true
activities:
- Review all profiles
- Analyze permission sets
- Check role hierarchy
- Validate sharing rules
- Assess record access
findings:
- Over-privileged users
- Unused permissions
- Sharing violations
- Role hierarchy issues
- step: authentication_review
creates: authentication-findings.md
activities:
- SSO configuration
- MFA enforcement
- Password policies
- Session settings
- Login restrictions
- track: data_security_audit
lead: sf-security-architect
matrix_domain: data_security
steps:
- step: encryption_assessment
creates: encryption-findings.md
matrix_controls: [UX-002, DATA-005]
soql_queries:
- SELECT QualifiedApiName FROM FieldDefinition WHERE DataType IN ('Email','Phone','SSN')
activities:
- Field encryption status
- Platform encryption
- Data masking rules
- Key management
- Data retention policies
- step: data_access_patterns
creates: data-access-findings.md
activities:
- CRUD permissions
- Field-level security
- Data export controls
- API access patterns
- Bulk data operations
- track: application_security_audit
lead: sf-developer
matrix_domain: code_configuration_security
steps:
- step: code_security_review
creates: code-security-findings.md
uses: security-scan-checklist
matrix_controls: [APP-001, APP-002, APP-003]
soql_queries:
- SELECT Name FROM ApexClass WHERE Body LIKE '%without sharing%'
- SELECT Id, ApiName FROM Flow WHERE RunInMode = 'SystemModeWithSharing'
security_tools:
- Salesforce Code Scanner
- PMD Apex Rules
- Checkmarx SAST
activities:
- SOQL injection check
- XSS vulnerability scan
- CRUD/FLS enforcement
- Sharing enforcement
- Secret management
- step: integration_security
creates: integration-security-findings.md
matrix_controls: [INT-001, INT-002, INT-003, INT-004]
soql_queries:
- SELECT Id, DeveloperName FROM NamedCredential
- SELECT Name FROM ConnectedApplication WHERE IsAdminApproved = false
- SELECT Id,Name FROM Profile WHERE PermissionsApiUserOnly = true
activities:
- API authentication
- Certificate management
- Endpoint security
- Data validation
- Error handling
# Phase 3: Vulnerability Analysis (Days 8-9)
- phase: vulnerability_analysis
duration: 2 days
steps:
- step: matrix_scoring_calculation
agent: sf-security
uses: audit-matrix-instance.xlsx
creates: audit-scores.md
activities:
- Calculate layer-weighted scores (Foundation 30%, UX 15%, App 20%, Data 25%, Integration 10%)
- Apply Cognizant risk levels (Critical/High/Medium/Low)
- Generate 5-layer security heat map
- Execute all 29 SOQL audit queries
- Identify critical gaps across 119 controls
- Create priority matrix with SLA timelines
- step: risk_assessment
agent: sf-security
participants: [sf-architect, sf-security-architect]
creates: risk-assessment.md
uses: templates/security-audit-tmpl
activities:
- Categorize findings by severity
- Assess exploitability
- Determine business impact
- Calculate risk scores
- Prioritize remediation
risk_matrix:
critical: Immediate action required
high: Fix within 7 days
medium: Fix within 30 days
low: Fix in next release
scoring_integration:
- Use audit matrix risk scores
- Apply compliance weightings
- Consider business impact
- Factor in exploitability
- step: compliance_gap_analysis
agent: sf-security
creates: compliance-gaps.md
condition: has_compliance_requirements
uses: cognizant-enhanced-security-matrix.compliance_mappings
activities:
- Map findings to SOC2 controls
- Validate GDPR compliance (Articles 17, 25, 32, 33)
- Assess HIPAA requirements (164.308, 164.312, 164.314, 164.530)
- Check PCI-DSS controls (8.3, 8.5, 10.1, 12.3)
- Verify ISO 27001 Annex A controls
- Map findings to requirements
- Identify compliance gaps
- Assess penalties/risks
- Define remediation timeline
- Document exceptions
- step: penetration_testing
agent: sf-security
creates: pentest-report.md
condition: pentest_in_scope
uses: penetration-test-checklist
activities:
- Authorization bypass attempts
- Data exfiltration tests
- Privilege escalation tests
- Session hijacking attempts
- API security testing
# Phase 4: Remediation Planning (Days 10-11)
- phase: remediation_planning
duration: 2 days
steps:
- step: remediation_strategy
agent: sf-security-architect
participants: [sf-architect, sf-developer, sf-admin]
creates: remediation-plan.md
activities:
- Group related findings
- Define fix approaches
- Estimate effort
- Sequence changes
- Identify dependencies
approach:
quick_wins: Immediate fixes
systematic_changes: Planned updates
architectural_changes: Major revisions
- step: implementation_plan
agent: sf-orchestrator
creates: implementation-schedule.md
activities:
- Assign responsibilities
- Set timelines
- Define test approach
- Plan deployments
- Schedule validations
# Phase 5: Remediation Implementation (Days 12-17)
- phase: remediation_implementation
duration: 6 days
parallel_tracks:
- track: configuration_fixes
lead: sf-admin
steps:
- step: permission_updates
creates: permission-changes.md
activities:
- Update profiles
- Modify permission sets
- Adjust sharing rules
- Fix field security
- Update page layouts
- step: security_settings
creates: settings-changes.md
activities:
- Update password policies
- Configure session settings
- Enable security features
- Set login restrictions
- Configure monitoring
- track: code_fixes
lead: sf-developer
steps:
- step: security_patches
creates: code-patches/
activities:
- Fix injection vulnerabilities
- Add FLS checks
- Implement sharing checks
- Secure API calls
- Update error handling
- step: test_coverage
creates: security-tests/
activities:
- Write security tests
- Validate fixes
- Check regressions
- Document changes
# Phase 6: Validation & Closure (Days 18-21)
- phase: validation_closure
duration: 4 days
steps:
- step: remediation_validation
agent: sf-security
participants: [sf-qa]
creates: validation-report.md
uses: audit-matrix-instance.xlsx
activities:
- Rerun all 119 matrix control assessments
- Execute validation SOQL queries
- Verify Health Check metadata components
- Rerun security scans
- Verify all fixes
- Test security controls
- Validate compliance
- Check for regressions
- step: final_assessment
agent: sf-security
creates: final-security-report.md
uses: cognizant-enhanced-security-matrix.reporting_templates
activities:
- Generate Cognizant COE compliance report
- Create layer-by-layer security assessment
- Produce executive dashboard with weighted scores
- Generate technical assessment with query results
- Document remaining risks
- Update risk register
- Create executive summary
- Define monitoring plan
- Schedule next audit
- step: knowledge_transfer
agent: sf-security
participants: [sf-admin, sf-developer]
creates: security-playbook.md
activities:
- Document security practices
- Create detection rules
- Define response procedures
- Train team members
- Update policies
success_criteria:
- All critical vulnerabilities remediated
- High-risk findings addressed
- Compliance requirements met
- Security controls validated
- Team trained on security practices
- Monitoring implemented
deliverables:
assessment:
- Security findings report
- Risk assessment matrix
- Compliance gap analysis
- Penetration test results
remediation:
- Remediation plan
- Implementation documentation
- Configuration changes log
- Code security patches
validation:
- Validation test results
- Final security report
- Security playbook
- Executive summary
ongoing_activities:
- Monthly security scans
- Quarterly access reviews
- Annual penetration tests
- Continuous monitoring
- Security training