>_

security-baseline

Security requirements, threats, and controls that apply across this system.

$ Instalar

git clone https://github.com/amattas/retail-demo /tmp/retail-demo && cp -r /tmp/retail-demo/.claude/skills/security-baseline ~/.claude/skills/retail-demo

// tip: Run this command in your terminal to install the skill

SKILL.md
View on GitHub →

name: security-baseline description: Security requirements, threats, and controls that apply across this system.

Security Baseline

Threat Model (High Level)

  • Primary users: internal analytics users
  • Assets to protect:
    • Customer PII (anonymized in demo)
    • Event data integrity
    • Connection strings and secrets

Required Controls

Authentication

  • Use Azure AD / Entra ID for Fabric workspace access
  • Service principals for automated pipelines

Authorization

  • Enforce least privilege on Fabric items
  • Separate dev/prod workspaces

Input Validation & Output Encoding

  • Validate all untrusted input at boundaries
  • Sanitize or encode output where appropriate

Secrets Management

  • Store secrets in Azure Key Vault, never in code or config files
  • Use Fabric-managed connections where possible

Logging & Auditing

  • Log security-relevant events
  • Avoid logging sensitive data

Common Vulnerabilities

  • Never embed connection strings in notebooks
  • Validate JSON payloads in streaming pipelines

Repository

amattas
amattas
Author
amattas/retail-demo/.claude/skills/security-baseline
0
Stars
0
Forks
Updated12h ago
Added1w ago

Actions

View on GitHubDownload ZIPReport Issue

Related Skills

skill-writer
pytorch/pytorch
95.4k
docstring
pytorch/pytorch
95.4k
at-dispatch-v2
pytorch/pytorch
95.4k
add-uint-support
pytorch/pytorch
95.4k
skill-creator
openai/codex
54.7k