2.0 KiB
2.0 KiB
| description | argument-hint | allowed-tools |
|---|---|---|
| Remediate security audit findings | <feature-slug> | Bash, Read, Write, Edit, Glob, Grep, Task |
Remediate audit findings for feature: $ARGUMENTS
Instructions
1. Load Audit Findings
Read .sdlc/features/$ARGUMENTS/audit.md to get the full security audit report.
2. Parse Findings by Severity
Collect all security findings:
- CRITICAL -- immediate risk, must fix before any progress
- HIGH -- significant risk, must fix before merge
- MEDIUM -- moderate risk, should fix
- LOW -- minor risk, fix if straightforward
3. Fix Critical Findings
For each critical finding:
- Read the affected code
- Understand the vulnerability and attack vector
- Apply the proper remediation (input validation, auth check, etc.)
- Verify the fix addresses the root cause, not just the symptom
4. Fix High Findings
After all critical findings are resolved, address high severity issues using the same disciplined approach.
5. Fix Medium and Low Findings
Address remaining findings in priority order.
6. Run Security Checks
Re-run the checks that originally found the issues:
go vet ./... 2>/dev/null || true
grep -rn "password\|secret\|token\|api_key" --include="*.go" [feature files] || true
7. Update Audit Report
Update .sdlc/features/$ARGUMENTS/audit.md with remediation notes:
## Remediation Log
| Finding | Severity | Status | Resolution |
|---------|----------|--------|------------|
| [description] | CRITICAL | REMEDIATED | [what was done] |
8. Report
Summarize: findings remediated by severity, remaining items, verification results.
Critical Rules
- ALWAYS fix all critical findings -- no exceptions
- NEVER leave high-severity security issues unresolved
- ALWAYS run security checks after applying fixes
- NEVER fix security issues with workarounds -- address root causes
- ALWAYS update the audit report with remediation details
- NEVER remove security findings from the report -- mark them as remediated