Rodin
b988751861
Models already know what SQL injection and XSS are. They don't need tutorials - they need a checklist to ensure nothing is missed. Before: 23 individual pattern files (~100KB total) After: 1 focused checklist (~4KB) Same coverage, better signal-to-noise ratio for review context.
39 lines
907 B
Markdown
39 lines
907 B
Markdown
# Security Patterns
|
|
|
|
A focused security checklist for AI-assisted code review.
|
|
|
|
## Philosophy
|
|
|
|
Models already know *what* SQL injection or XSS are. What they need is a checklist to ensure nothing is missed during review. This repo provides that checklist, not tutorials.
|
|
|
|
## Usage
|
|
|
|
The `SECURITY-CHECKLIST.md` file is designed to be loaded as context for a security-focused code reviewer. Point your review bot's `patterns-files` at this repo.
|
|
|
|
## Contents
|
|
|
|
- `SECURITY-CHECKLIST.md` - The review checklist covering:
|
|
- Input & Validation
|
|
- Authentication & Sessions
|
|
- Authorization
|
|
- Secrets & Credentials
|
|
- Request Handling
|
|
- Response & Headers
|
|
- Concurrency & State
|
|
- File Operations
|
|
- Logging & Audit
|
|
- Dependencies & Supply Chain
|
|
- AI/LLM Specific
|
|
|
|
## Integration
|
|
|
|
```yaml
|
|
# In your review workflow
|
|
patterns-repo: rodin/security-patterns
|
|
patterns-files: '.'
|
|
```
|
|
|
|
## License
|
|
|
|
MIT
|