sboulahtit/orion
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
0c6d8409c77246529dd68bf336b04a329ea923d4
orion/.security-rules/cryptography.yaml
Samir Boulahtit 26b3dc9e3b feat: add unified code quality dashboard with multiple validators 
- Add validator_type field to scans and violations (architecture,
  security, performance)
- Create security validator with SEC-xxx rules
- Create performance validator with PERF-xxx rules
- Add base validator class for shared functionality
- Add validate_all.py script to run all validators
- Update code quality service with validator type filtering
- Add validator type tabs to dashboard UI
- Add validator type filter to violations list
- Update stats response with per-validator breakdown
- Add security and performance rules documentation
- Add chat-bubble icons to icon library

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2025-12-21 20:57:47 +01:00

73 lines
1.9 KiB
YAML
Raw Blame History

# Cryptography Rules
# ==================
cryptography_rules:
- id: SEC-041
name: Strong hashing algorithms
severity: error
description: >
Use bcrypt, argon2, scrypt for passwords.
Use SHA-256 or stronger for general hashing.
Never use MD5 or SHA1.
- id: SEC-042
name: Secure random generation
severity: error
description: >
Use the secrets module for security-sensitive randomness.
Never use random module for tokens or keys.
- id: SEC-043
name: No hardcoded encryption keys
severity: error
description: >
Encryption keys must come from environment variables
or secret management services.
- id: SEC-044
name: Strong encryption algorithms
severity: error
description: >
Use AES-256 or ChaCha20. Never use DES, 3DES, or RC4.
- id: SEC-045
name: Proper IV/nonce usage
severity: error
description: >
Encryption IVs and nonces must be randomly generated
and unique per encryption.
- id: SEC-046
name: TLS version requirements
severity: warning
description: >
Enforce TLS 1.2 or higher.
Disable SSLv2, SSLv3, TLS 1.0, TLS 1.1.
- id: SEC-047
name: Certificate verification
severity: error
description: >
Always verify SSL certificates.
Never disable verification in production.
- id: SEC-048
name: Key derivation for passwords
severity: warning
description: >
When deriving encryption keys from passwords,
use PBKDF2 with 100K+ iterations, Argon2, or scrypt.
- id: SEC-049
name: Secure key storage
severity: info
description: >
Encryption keys should be stored in environment variables,
secret management, or HSMs.
- id: SEC-050
name: Key rotation support
severity: info
description: >
Implement key rotation with multiple key versions.
Reference in New Issue View Git Blame Copy Permalink