← Back to Factory Recipes
🛡️

Security Audit Factory

Dependency scan, SAST analysis, secret detection, and compliance check

Operations 7 stages 3 specialists v1.0.0

About

A comprehensive security audit pipeline that runs three parallel scans — dependency vulnerability checking, static application security testing, and secret detection — before consolidating findings through a config review and risk assessment. Produces a severity-rated audit report with executive summary and remediation plan, requiring security team approval before release.

Input / Output

Input

Codebase to audit for security vulnerabilities

codebase

Output

Security audit report with severity-rated findings and remediation plan

min quality: 0.85

Pipeline Stages

dependency scan

Execute

Scan dependencies for known CVEs and outdated packages

👤 guardian 🔧 shell, file_read
⇅ runs in parallel

sast analysis

Execute

Static application security testing for injection, XSS, and OWASP risks

👤 guardian 🔧 file_read, grep, shell
⇅ runs in parallel

secret detection

Execute

Scan codebase for hardcoded secrets, API keys, and credentials

👤 guardian 🔧 file_read, grep
⇅ runs in parallel

config review

Execute

Review security configurations, permissions, and access controls

👤 analyst 🔧 file_read, grep ← sast analysis

risk assessment

Execute

Consolidate findings, assign severity ratings, and prioritize remediations

👤 analyst 🔧 file_read, file_write ← dependency scan, sast analysis, secret detection, config review

audit report

Execute

Generate security audit report with executive summary and remediation plan

👤 writer 🔧 file_write ← risk assessment

approval

Approval

Security team approval of audit findings and remediation priorities

← audit report timeout: 120m

Tags

securityauditsastcompliancevulnerabilities

Related Recipes

📋
Compliance Review Factory

Policy scan, license audit, data flow analysis, and compliance report

 🚨
Incident Response Factory

Automated incident triage, investigation, and remediation pipeline