Дмитрий
24 lines
923 B
Markdown
24 lines
923 B
Markdown
# docs/audit — audit procedures and artifacts
|
|
|
|
This directory is the home of the `D3 «Аудит и управление рисками»` section of
|
|
the automation map (`docs/automation-graph.html`). It holds repeatable audit
|
|
procedures and their artifacts.
|
|
|
|
## Toolset
|
|
|
|
- `/security-review` — the customized Anthropic security-review command
|
|
(`.claude/commands/security-review.md`).
|
|
- Trail of Bits Skills — the `trailofbits` marketplace audit plugins.
|
|
- Security Guidance — the Anthropic warn-only inline-vulnerability hook.
|
|
- `audit-portal` — the project skill encoding the 14-phase portal audit.
|
|
|
|
## Boundaries
|
|
|
|
- Closed decisions and their residual risks → `docs/adr/` (see ADR-003).
|
|
- Open product, business, and legal risks → `docs/Открытые_вопросы_v8_3.md`.
|
|
|
|
## Procedures
|
|
|
|
- `toolchain-attack-surface.md` — manual audit of the Claude Code plugin and
|
|
MCP-server attack surface.
|