Kjell Tore Guttormsen
ce3891bdd0
Single-file SPA playground har nå parser + renderer for alle 18 produces_report=true-kommandoer (Fase 2: 10 høy-prio + Fase 3: 8 gjenstående: mcp-inspect, supply-check, pre-deploy, diff, watch, registry, clean, threat-model). 18 markdown test-fixtures fungerer som kontrakt-anker for parser-utvikling. Komplett demo-prosjekt `dft-komplett-demo` har alle 18 rapporter ferdig parsed inline — klikk-gjennom uten "parser ikke implementert"- paneler. 2 nye archetypes i KEY_STATS_CONFIG: kanban-buckets (clean) og matrix-risk (threat-model). Bug-fix: normalizeVerdictText sjekker nå GO-WITH-CONDITIONS / CONDITIONAL / BETINGET FØR plain GO så betinget verdict (pre-deploy med åpne vilkår) ikke kollapser til ALLOW. Eksponert 11 window-globaler for testing/automasjon (__store, __navigate, __loadDemoState, __PARSERS, __RENDERERS, __CATALOG, __inferVerdict, __inferKeyStats, __renderPageShell, __handlePasteImport, __scheduleRender). 12 Playwright-genererte screenshots i playground/screenshots/v7.5.0/. A11Y-rapport (WCAG 2.1 AA): 0 blokkerende, 3 mindre forbedringer flagget for v7.5.x patch (skip-link, heading-hierarki på project, aria-live toast). Versjonsbump 7.4.0 -> 7.5.0 i 10 filer (package.json, plugin.json, CLAUDE.md header, README badge, CHANGELOG-entry, 3 scanner VERSION- konstanter, ROADMAP, marketplace-rot README). Ingen scanner- eller hook-behavior-changes — purely additive surface. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
116 lines
4.1 KiB
Markdown
116 lines
4.1 KiB
Markdown
# Pre-Deploy Security Checklist
|
|
|
|
---
|
|
|
|
## Header
|
|
|
|
| Field | Value |
|
|
|-------|-------|
|
|
| **Report type** | pre-deploy |
|
|
| **Target** | DFT data-platform release v3.2.0 |
|
|
| **Date** | 2026-05-05 |
|
|
| **Version** | llm-security v7.4.0 |
|
|
| **Scope** | enterprise gate + production readiness |
|
|
| **Frameworks** | OWASP LLM Top 10, EU AI Act, NSM Grunnprinsipper |
|
|
| **Triggered by** | /security pre-deploy |
|
|
|
|
---
|
|
|
|
## Risk Dashboard
|
|
|
|
| Metric | Value |
|
|
|--------|-------|
|
|
| **Risk Score** | 12/100 |
|
|
| **Risk Band** | Low |
|
|
| **Grade** | A |
|
|
| **Verdict** | GO-WITH-CONDITIONS |
|
|
|
|
| Severity | Count |
|
|
|----------|------:|
|
|
| Critical | 0 |
|
|
| High | 0 |
|
|
| Medium | 2 |
|
|
| Low | 3 |
|
|
| Info | 5 |
|
|
| **Total** | **10** |
|
|
|
|
**Verdict rationale:** All gates PASS or PASS-WITH-NOTES. 2 medium conditions: pending Datatilsynet ack on DPIA addendum (expected 2026-05-08) + missing logging-aggregator wire-up. Conditional approval — deployment may proceed once both are resolved.
|
|
|
|
---
|
|
|
|
## Traffic Light Categories
|
|
|
|
| Category | Status | Notes |
|
|
|----------|--------|-------|
|
|
| Identity & Access | PASS | OIDC + MFA, 89% coverage |
|
|
| Network Isolation | PASS | Private endpoints + NSG |
|
|
| Data Protection | PASS-WITH-NOTES | Customer-managed keys; rotation policy verified |
|
|
| Logging & Audit | FAIL | Logging aggregator not wired (M1 finding) |
|
|
| Compliance | PASS-WITH-NOTES | DPIA pending Datatilsynet ack (M2) |
|
|
| Secrets Management | PASS | Key Vault + managed identity |
|
|
| Hooks Coverage | PASS | All 9 hooks active |
|
|
| MCP Security | PASS | 0 untrusted servers |
|
|
| Supply Chain | PASS | 0 critical, 0 high CVEs |
|
|
| Plugin Trust | PASS | Only first-party plugins |
|
|
| Permission Hygiene | PASS | No wildcard Bash |
|
|
| Memory Hygiene | PASS | CLAUDE.md scanned, no poisoning |
|
|
| Performance | PASS | <500ms hook latency |
|
|
|
|
---
|
|
|
|
## Findings
|
|
|
|
### Medium
|
|
|
|
| ID | Category | File | Line | Description | OWASP |
|
|
|----|----------|------|------|-------------|-------|
|
|
| PRD-001 | Logging | infrastructure/observability.bicep | 12 | Logging aggregator export endpoint missing | — |
|
|
| PRD-002 | Compliance | docs/DPIA-2026-04-15.md | — | Datatilsynet ack pending (submitted 2026-04-22, expected response 2026-05-08) | — |
|
|
|
|
### Low
|
|
|
|
| ID | Category | File | Line | Description | OWASP |
|
|
|----|----------|------|------|-------------|-------|
|
|
| PRD-003 | Documentation | docs/SECURITY.md | — | SLA for security-disclosure response not documented | — |
|
|
| PRD-004 | Documentation | docs/RUNBOOK.md | — | Incident-response runbook missing rollback section | — |
|
|
| PRD-005 | Performance | hooks/post-mcp-verify.mjs | — | P95 latency 412ms (target <500ms) — within budget but monitoring needed | — |
|
|
|
|
### Info
|
|
|
|
| ID | Category | File | Line | Description | OWASP |
|
|
|----|----------|------|------|-------------|-------|
|
|
| PRD-006 | Coverage | (env) | — | Production env: Azure North Europe |
|
|
| PRD-007 | Coverage | (env) | — | Data-classification: Fortrolig |
|
|
| PRD-008 | Coverage | (compliance) | — | Frameworks: OWASP LLM, EU AI Act, NSM |
|
|
| PRD-009 | Coverage | (gate) | — | Pre-deploy run by: ci/release.yml |
|
|
| PRD-010 | Coverage | (history) | — | 4 prior pre-deploy runs in last 90 days, all PASS |
|
|
|
|
---
|
|
|
|
## Conditions to Resolve
|
|
|
|
1. **PRD-001 (medium):** Wire logging aggregator before deployment. Owner: platform-ops. Blocker.
|
|
2. **PRD-002 (medium):** Receive Datatilsynet ack OR document silent-period acceptance. Owner: privacy-officer. Blocker until 2026-05-08.
|
|
|
|
---
|
|
|
|
## Approvals
|
|
|
|
| Role | Approver | Date | Notes |
|
|
|------|----------|------|-------|
|
|
| Security Lead | (pending) | — | After PRD-001 resolved |
|
|
| Privacy Officer | (pending) | — | After PRD-002 resolved |
|
|
| Platform Owner | A. Nilsen | 2026-05-04 | Signed off subject to conditions |
|
|
|
|
---
|
|
|
|
## Recommendations
|
|
|
|
1. **Immediate:** Resolve PRD-001 (logging aggregator) before deploying.
|
|
2. **High:** Confirm Datatilsynet ack OR escalate silent-period exception (PRD-002).
|
|
3. **Medium:** Document SLA in SECURITY.md (PRD-003) post-deploy — non-blocking.
|
|
4. **Medium:** Add rollback section to RUNBOOK.md (PRD-004) post-deploy.
|
|
|
|
---
|
|
|
|
*Pre-deploy complete. 13 categories, 1 FAIL pending wire-up, conditional GO.*
|