ilia
3415340e26
All checks were successful
CI / skip-ci-check (pull_request) Successful in 1m18s
CI / lint-and-test (pull_request) Successful in 1m21s
CI / ansible-validation (pull_request) Successful in 2m43s
CI / secret-scanning (pull_request) Successful in 1m19s
CI / dependency-scan (pull_request) Successful in 1m23s
CI / sast-scan (pull_request) Successful in 2m28s
CI / license-check (pull_request) Successful in 1m20s
CI / vault-check (pull_request) Successful in 2m21s
CI / playbook-test (pull_request) Successful in 2m19s
CI / container-scan (pull_request) Successful in 1m48s
CI / sonar-analysis (pull_request) Successful in 1m26s
CI / workflow-summary (pull_request) Successful in 1m17s
553 B
553 B
Security reference
Overview
Security in this repo is implemented via:
- hardened SSH + firewall defaults (
roles/ssh/) - baseline system configuration (
roles/base/) - monitoring/intrusion prevention on servers (
roles/monitoring_server/) - secrets handled via Ansible Vault (
inventories/production/group_vars/all/vault.yml)
Recommended execution
# Dry-run first
make check
# Apply security-tagged tasks
make security
Vault
- Vault guide:
docs/guides/vault.md
Canonical standards
project-docs/standards.md