-
Notifications
You must be signed in to change notification settings - Fork 0
fix(docs): resolve markdownlint errors #8
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merged
Merged
Changes from all commits
Commits
Show all changes
10 commits
Select commit
Hold shift + click to select a range
efe37a3
chore(sdlc): configure dependabot, codeowners, and templates
Aitomates a354de6
chore(sdlc): configure pre-commit, pr linters, and stale issue automa…
Aitomates 85893d9
chore(sync): snapshot local changes
Aitomates f68504a
chore(sdlc): harden ci/cd safety nets
Aitomates ec8b663
ci: add codeql sast scanning
Aitomates ce4c383
docs: setup mkdocs pages and health badges
Aitomates 5bffc96
gsd:quick docs: enforce ADR architecture
Aitomates c7b1ab3
gsd:quick ui: inject elite mkdocs material configuration
Aitomates 8b002d4
gsd:docs generate bespoke architecture and diagrams
Aitomates acaedd5
fix(docs): resolve markdownlint errors and line lengths
Aitomates File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| * @Coding-Autopilot-System/core |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,10 @@ | ||
| version: 2 | ||
| updates: | ||
| - package-ecosystem: "github-actions" | ||
| directory: "/" | ||
| schedule: | ||
| interval: "weekly" | ||
| groups: | ||
| github-actions: | ||
| patterns: | ||
| - "*" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,7 +1,8 @@ | ||
| # Summary | ||
| ## Description | ||
| <!-- Describe your changes --> | ||
|
|
||
| ## Checklist | ||
| - [ ] Docs updated | ||
| - [ ] Diagrams updated | ||
| - [ ] Evidence links updated | ||
| - [ ] Security impact assessed | ||
| ## SDLC Verification | ||
| - [ ] Code follows CAS architecture (`AGENTS.md`) | ||
| - [ ] Tested via `gsd-verify-work` | ||
| - [ ] No embedded secrets or credentials | ||
| - [ ] Passed `gsd-code-review` |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,29 @@ | ||
| name: "CodeQL" | ||
| on: | ||
| push: | ||
| branches: [ "main", "master" ] | ||
| pull_request: | ||
| branches: [ "main", "master" ] | ||
| jobs: | ||
| analyze: | ||
| name: Analyze | ||
| runs-on: ubuntu-latest | ||
| permissions: | ||
| actions: read | ||
| contents: read | ||
| security-events: write | ||
| strategy: | ||
| fail-fast: false | ||
| matrix: | ||
| language: [ 'javascript' ] | ||
| steps: | ||
| - name: Checkout repository | ||
| uses: actions/checkout@v4 | ||
| - name: Initialize CodeQL | ||
| uses: github/codeql-action/init@v3 | ||
| with: | ||
| languages: ${{ matrix.language }} | ||
| - name: Autobuild | ||
| uses: github/codeql-action/autobuild@v3 | ||
| - name: Perform CodeQL Analysis | ||
| uses: github/codeql-action/analyze@v3 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,36 @@ | ||
| name: Deploy Pages | ||
| on: | ||
| push: | ||
| branches: | ||
| - main | ||
| - master | ||
| permissions: | ||
| contents: read | ||
| pages: write | ||
| id-token: write | ||
| concurrency: | ||
| group: "pages" | ||
| cancel-in-progress: false | ||
| jobs: | ||
| build: | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| - uses: actions/setup-python@v5 | ||
| with: | ||
| python-version: 3.x | ||
| - run: pip install mkdocs-material | ||
| - run: mkdocs build | ||
| - uses: actions/upload-pages-artifact@v3 | ||
| with: | ||
| path: ./site | ||
| deploy: | ||
| environment: | ||
| name: github-pages | ||
| url: ${{ steps.deployment.outputs.page_url }} | ||
| runs-on: ubuntu-latest | ||
| needs: build | ||
| steps: | ||
| - name: Deploy to GitHub Pages | ||
| id: deployment | ||
| uses: actions/deploy-pages@v4 | ||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,15 @@ | ||
| name: "PR Lint" | ||
| on: | ||
| pull_request_target: | ||
| types: | ||
| - opened | ||
| - edited | ||
| - synchronize | ||
| jobs: | ||
| main: | ||
| name: Validate PR title | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: amannn/action-semantic-pull-request@v5 | ||
| env: | ||
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,15 @@ | ||
| name: "Close stale issues and PRs" | ||
| on: | ||
| schedule: | ||
| - cron: "30 1 * * *" | ||
| jobs: | ||
| stale: | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: actions/stale@v8 | ||
| with: | ||
| days-before-stale: 60 | ||
| days-before-close: 7 | ||
| stale-issue-message: "This issue is stale because it has been open 60 days with no activity." | ||
| stale-pr-message: "This PR is stale because it has been open 60 days with no activity." | ||
| operations-per-run: 50 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,14 @@ | ||
| repos: | ||
| - repo: https://github.com/pre-commit/pre-commit-hooks | ||
| rev: v4.5.0 | ||
| hooks: | ||
| - id: trailing-whitespace | ||
| - id: end-of-file-fixer | ||
| - id: check-merge-conflict | ||
| - id: check-yaml | ||
| - id: check-json | ||
| - id: check-added-large-files | ||
| - repo: https://github.com/gitleaks/gitleaks | ||
| rev: v8.18.2 | ||
| hooks: | ||
| - id: gitleaks |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,3 @@ | ||
| # Context | ||
|
|
||
| See the root workspace [AGENTS.md](../../AGENTS.md). |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,33 @@ | ||
| # cloud-security-service-model | ||
|
|
||
| Enterprise cloud security operating model documentation — a comprehensive, audit-ready security framework for Azure hybrid environments. This is a **docs-only repo** (Markdown, Mermaid diagrams, HTML). No application code. | ||
|
|
||
| ## What's Here | ||
|
|
||
| | Directory | Content | | ||
| |---|---| | ||
| | `docs/01–19` | Core service model docs: definition, catalog, architecture principles, governance, metrics, operating model, incident response, vulnerability management, access management, data protection, DevSecOps | | ||
| | `docs/20-runbooks/` | Operational runbooks (incident triage, vuln response, policy drift, break-glass access, Sentinel tuning) | | ||
| | `docs/21-templates/` | Reusable templates (change request, exception, incident report, postmortem, KPI dashboard) | | ||
| | `docs/22-diagrams/` | Mermaid source files for all architecture and process diagrams | | ||
| | `agile/` | Sprint ceremonies, backlog, OKRs, KPI cadence | | ||
| | `impl/azure/sentinel/` | Sentinel playbook examples | | ||
|
|
||
| ## Conventions | ||
|
|
||
| - All diagrams are Mermaid (`.mmd` files in `docs/22-diagrams/`) — they render natively in GitHub | ||
| - Template files use `template-` prefix in `docs/21-templates/` | ||
| - Runbook files use `rbk-NNN-` prefix | ||
| - No code, no builds, no test suites — pure documentation | ||
| - `.editorconfig` enforces consistent whitespace | ||
|
|
||
| ## Editing Rules | ||
|
|
||
| - Keep docs enterprise-grade in tone — no toy/demo language | ||
| - Update diagrams alongside prose when process flows change | ||
| - Run markdownlint (`npx markdownlint-cli docs/`) before committing | ||
| - All PRs should use `.github/pull_request_template.md` | ||
|
|
||
| ## GSD Workflow | ||
|
|
||
| Use `/gsd:quick` for doc edits. For large restructures, use `/gsd:plan-phase`. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -11,6 +11,7 @@ | |
| ## What didn’t go well | ||
|
|
||
| ## Action items | ||
|
|
||
| | Action | Owner | Due date | Status | | ||
| | --- | --- | --- | --- | | ||
|
|
||
Binary file not shown.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,81 @@ | ||
| # Cloud Security Service Architecture | ||
|
|
||
| The Cloud Security Service is designed to provide a comprehensive, scalable, and measurable security posture across Azure and hybrid environments. It leverages cloud-native capabilities integrated with enterprise governance processes. | ||
|
|
||
| ## High-Level Architecture | ||
|
|
||
| The following diagram illustrates the core components and workflow of the Cloud Security Service, showing how platform engineering, security operations, and application teams interact with the controls-as-code foundation. | ||
|
|
||
| ```mermaid | ||
| graph TD | ||
| %% Define Styles | ||
| classDef consumers fill:#e1f5fe,stroke:#0288d1,stroke-width:2px,color:#000; | ||
| classDef core fill:#fff3e0,stroke:#f57c00,stroke-width:2px,color:#000; | ||
| classDef governance fill:#e8f5e9,stroke:#388e3c,stroke-width:2px,color:#000; | ||
| classDef external fill:#f3e5f5,stroke:#7b1fa2,stroke-width:2px,color:#000; | ||
|
|
||
| %% Consumers | ||
| subgraph Consumers | ||
| AppTeams[Application Teams]:::consumers | ||
| PlatformEng[Platform Engineering]:::consumers | ||
| RiskComp[Risk & Compliance]:::consumers | ||
| end | ||
|
|
||
| %% Core Services | ||
| subgraph CloudSecurityService[Cloud Security Service] | ||
| PolicyEngine[Policy Engine<br/>Azure Policy / OPA]:::core | ||
| IdentityAccess[Identity & Access<br/>Entra ID / RBAC]:::core | ||
| ThreatDetection[Threat Detection<br/>Defender for Cloud]:::core | ||
| SIEM[SIEM & Logging<br/>Microsoft Sentinel]:::core | ||
| end | ||
|
|
||
| %% Governance & Ops | ||
| subgraph OperationsAndGovernance[Operations & Governance] | ||
| SecOps[Security Operations / SOC]:::governance | ||
| IncidentResponse[Incident Response]:::governance | ||
| AuditEvidence[Audit & Evidence]:::governance | ||
| end | ||
|
|
||
| %% External Interfaces | ||
| ITSM[ITSM / ServiceNow]:::external | ||
|
|
||
| %% Relationships | ||
| AppTeams -->|Consume Standards &<br/>Deploy Workloads| PolicyEngine | ||
| PlatformEng -->|Build Landing Zones| PolicyEngine | ||
| PlatformEng -->|Configure Baselines| IdentityAccess | ||
|
|
||
| PolicyEngine -->|Enforce & Audit| AppTeams | ||
| IdentityAccess -->|Authenticate & Authorize| AppTeams | ||
|
|
||
| AppTeams -->|Logs & Telemetry| SIEM | ||
| PolicyEngine -->|Compliance Data| ThreatDetection | ||
| ThreatDetection -->|Alerts| SIEM | ||
|
|
||
| SIEM -->|Triage & Investigate| SecOps | ||
| SecOps -->|Escalate| IncidentResponse | ||
| IncidentResponse -->|Tickets / Workflows| ITSM | ||
|
|
||
| PolicyEngine -->|Compliance Reports| AuditEvidence | ||
| AuditEvidence -->|Review & Attest| RiskComp | ||
| ``` | ||
|
|
||
| ## Component Details | ||
|
|
||
| ### 1. Policy Engine (Controls-as-Code) | ||
| The policy engine acts as the governance guardrail, continuously evaluating resource configurations against defined security standards (e.g., Azure Policy, OPA). It provides both preventative (deny) and detective (audit) controls. | ||
|
|
||
| ### 2. Identity & Access | ||
| Centralized identity management ensures least privilege access. This includes RBAC definitions, conditional access policies, and identity protection mechanisms. | ||
|
|
||
| ### 3. Threat Detection | ||
| Continuous monitoring of cloud workloads to identify suspicious activities or vulnerabilities. Findings are aggregated and prioritized based on risk context. | ||
|
|
||
| ### 4. SIEM & Logging | ||
| A centralized repository for security logs and telemetry. It correlates events across the environment to surface high-fidelity alerts to the Security Operations Center (SOC). | ||
|
|
||
| ## Feedback Loops | ||
|
|
||
| The architecture incorporates continuous feedback loops: | ||
| - **Detection Tuning**: SecOps feedback refines SIEM rules and threat detection thresholds to reduce false positives. | ||
| - **Policy Refinement**: Application team feedback on policy friction leads to exception management or policy adjustments. | ||
| - **Automated Remediation**: Where possible, alerts trigger automated playbooks to remediate common misconfigurations. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,27 @@ | ||
| # Cloud Security Service Model | ||
|
|
||
| Welcome to the Cloud Security Service Model documentation. This repository defines an | ||
| enterprise-grade cloud security operating model for Azure and hybrid environments. | ||
| It outlines service scope, governance, controls-as-code, metrics, and measurable outcomes. | ||
|
|
||
| ## Getting Started for Developers | ||
|
|
||
| As a developer or platform engineer, you interact with the Cloud Security Service primarily through: | ||
| - **Landing Zones & Policies**: Standardized environments governed by policy-as-code. | ||
| - **Identity & Access**: Baseline identity configurations for robust authentication. | ||
| - **Monitoring & Logging**: Centralized logging for auditing and incident response. | ||
|
|
||
| ### Quick Links | ||
|
|
||
| - [Architecture Overview](architecture.md) - High-level architecture and logic. | ||
| - [Executive Overview](00-executive-overview.md) - Business value and context. | ||
| - [Service Definition](01-service-definition.md) - Mission, scope, and interfaces. | ||
| - [Operating Model](05-operating-model.md) - How we operate day-to-day. | ||
| - [Metrics & KPIs](07-metrics-and-kpis.md) - How we measure success. | ||
|
|
||
| ## Core Principles | ||
|
|
||
| 1. **Security as a Service**: We provide security capabilities as consumable services, not just blockers. | ||
| 2. **Controls-as-Code**: Policies, alerts, and configurations are managed as code for reproducibility and auditability. | ||
| 3. **Shared Responsibility**: Clear boundaries between what the security service owns and what application teams own. | ||
| 4. **Audit-Ready by Design**: Continuous compliance monitoring and automated evidence collection. |
Oops, something went wrong.
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
On
main, this new workflow is triggered by the same event as the existing Pages workflow in.github/workflows/static.yml, and both upload/deploy to thegithub-pagesenvironment with the samepagesconcurrency group. When a push lands, whichever workflow runs last can overwrite the other artifact (docsvs./site), so the published site can flip between the old static HTML and the MkDocs build; remove or retarget one of the deploy workflows.Useful? React with 👍 / 👎.