security-audit

Purpose

Ensure security requirements are properly defined, implemented, and tested, and identify vulnerabilities across code, dependencies, infrastructure, and configuration. Validates compliance against recognized standards (OWASP Top 10, CWE, GDPR/HIPAA/SOC 2/PCI DSS where relevant) and performs STRIDE threat modeling. Security requirements trace from SPEC (Layer 6) and the EARS/ADR security topics upstream of it.

When to Use

Use security-audit when: