Risks
SDLC-RISK-0001:
Supply Chain Compromise
SDLC-RISK-0002:
Insider Threat
SDLC-RISK-0003:
Unauthorised Deployment
SDLC-RISK-0004:
Credential and Secret Exposure
SDLC-RISK-0005:
Vulnerable Software in Production
SDLC-RISK-0006:
Audit and Compliance Failure
SDLC-RISK-0007:
Unauthorised System Access
SDLC-RISK-0008:
Configuration Drift
SDLC-RISK-0009:
Environment Breach
Controls
Build Controls
SDLC-CTRL-0001:
Version Control
SDLC-CTRL-0002:
Artifact Binary Provenance
SDLC-CTRL-0003:
Controlled Build Environment
SDLC-CTRL-0004:
Dependency Management
SDLC-CTRL-0005:
Infrastructure and Configuration Management
SDLC-CTRL-0006:
Secrets Scanning
Release Controls
SDLC-CTRL-0007:
Code Review
SDLC-CTRL-0008:
Quality Assurance
SDLC-CTRL-0009:
Security Vulnerability Scanning
SDLC-CTRL-0010:
Deployment Approvals
SDLC-CTRL-0011:
Service ownership
Runtime Controls
SDLC-CTRL-0012:
Change Records
SDLC-CTRL-0013:
Deployment Controls
SDLC-CTRL-0014:
Secrets Management
SDLC-CTRL-0015:
System Access Controls
SDLC-CTRL-0016:
Runtime Workload Monitoring