- Original path:
profiles/composite/security-audit.toml
# Security Audit Profile
# Comprehensive security audit combining credentials, malware, and web security
includes = [
"../base/credentials.toml",
"../base/malware.toml",
"../base/web.toml"
]
# Additional patterns specific to security audits
[[patterns]]
name = "Debug Mode Enabled"
pattern = "(?:debug|DEBUG)\\s*[:=]\\s*(?:true|True|1|yes|on)"
case-insensitive = true
type = "regex"
[[patterns]]
name = "Verbose Logging"
pattern = "(?:log.?level|logging)\\s*[:=]\\s*(?:debug|DEBUG|trace|TRACE)"
case-insensitive = true
type = "regex"
[[patterns]]
name = "Development Environment"
pattern = "(?:env|environment)\\s*[:=]\\s*(?:dev|development|local)"
case-insensitive = true
type = "regex"
[[signatures]]
name = "Critical Security Issues"
query = "SELECT sha256, COUNT(*) as issue_count FROM pattern_matches WHERE pattern_name IN ('AWS Access Key', 'Private Key Header', 'SQL Injection Pattern', 'XSS Script Tag', 'Command Injection') GROUP BY sha256 HAVING issue_count > 0"