Enhance security auditing capabilities by introducing a comprehensive 5-phase OWASP-based security audit process, including dependency scanning, static analysis, and a consolidated report with severity-ranked findings. Update autopilot workflows to incorporate an optional security audit step before deployment, and refine documentation across related skills for clarity and usability.

2026-04-22 09:16:33 +00:00 · 2026-03-22 18:03:47 +02:00
parent 3165a88f0b
commit 091d9a8fb0
13 changed files with 482 additions and 1976 deletions
@@ -111,13 +111,14 @@ This skill activates when the user wants to:
 │ GREENFIELD FLOW (flows/greenfield.md):                         │
 │   Step 0 Problem → Step 1 Research → Step 2 Plan              │
 │   → Step 3 Decompose → [SESSION] → Step 4 Implement           │
-│   → Step 5 Run Tests → Step 6 Deploy → DONE                   │
+│   → Step 5 Run Tests → 5b Security (opt) → Step 6 Deploy     │
+│   → DONE                                                      │
 │                                                                │
 │ EXISTING CODE FLOW (flows/existing-code.md):                   │
 │   Pre-Step Document → 2b Test Spec → 2c Decompose Tests      │
 │   → [SESSION] → 2d Implement Tests → 2e Refactor             │
 │   → 2f New Task → [SESSION] → 2g Implement                   │
-│   → 2h Run Tests → 2i Deploy → DONE                          │
+│   → 2h Run Tests → 2hb Security (opt) → 2i Deploy → DONE    │
 │                                                                │
 │ STATE: _docs/_autopilot_state.md (see state.md)                │
 │ PROTOCOLS: choice format, Jira auth, errors (see protocols.md) │