Files
portal/docs
Дмитрий 17d530f669 docs(audit): Phase 4 security findings (audit #2)
- 4.1 CI workflows enum (methodology gap closure per Pravila v1.12 §4.6): 3 active (dependency-check.yml + sast.yml + trivy.yml). Semgrep SAST confirmed deployed: p/php + p/javascript + p/typescript + p/secrets, SARIF upload to GitHub Security tab. Q.INFO.001 12.05 closure verified holding.
- 4.2 Gitleaks full history: 401 commits / 12.11 MB / 0 leaks . vs 12.05 (333/11.14) — +68 commits, still clean.
- 4.3 Composer audit cross-link: 0 advisories.
- 4.4 Production secrets grep: 0 AWS prefix, 0 Stripe prefix в app/.

Severity Phase 4: P0=0 / P1=0 / P2=0 / P3=0 — fully clean.

CI security stack полный: SAST + dependency-check + Trivy = pre-prod readiness baseline.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-13 10:37:30 +03:00
..