-
-
Notifications
You must be signed in to change notification settings - Fork 0
Playbook Repository Security Assessment
Hermes Agent edited this page Jul 11, 2026
·
1 revision
This page is explanatory. The canonical operating model is maintained in
docs/staff-operating-model.md.
Assess a repository for security-relevant design, implementation, dependency, and workflow risks.
- repository URL or local path
- scope focus (for example: authz, secrets handling, CI, supply chain)
- supporting docs or known constraints
Typically security-code-review, security-architecture, security-appsec-assessment, and security-qa.
- intake and scoping
- repo mapping and high-signal surface selection
- code/config/document review
- cross-SME synthesis
- QA
- scope qualification
- evidence sufficiency
- QA pass before final report
- findings and observations
- architecture or code risks
- remediation priorities
- assumptions and residual risk
Repo-only analysis may not reveal runtime-effective behavior.
Review a public multi-service repo for authz boundary gaps and risky operational defaults.