Skip to content

Commit 3909b05

Browse files
committed
Update role analysis, coding, and documentation rules to always apply. Adjust documentation links for consistency across planning tasks. These changes enhance the reliability of role applications and improve documentation clarity for users.
1 parent c5f6026 commit 3909b05

11 files changed

Lines changed: 40 additions & 57 deletions

File tree

.cursor/rules/role_analysis_planning.mdc

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
---
22
description:
33
globs:
4-
alwaysApply: false
4+
alwaysApply: true
55
---
66
# role_analysis_planning.mdc
77

.cursor/rules/role_coding_phase.mdc

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
---
22
description:
33
globs:
4-
alwaysApply: false
4+
alwaysApply: true
55
---
66
# role_coding_phase.mdc
77

.cursor/rules/role_documentation.mdc

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
---
22
description:
33
globs:
4-
alwaysApply: false
4+
alwaysApply: true
55
---
66
# role_documentation.mdc
77

@@ -14,7 +14,7 @@ alwaysApply: false
1414
- Always active; responsible for all documentation quality and structure.
1515

1616
**Core Principle:**
17-
Documentation is a first-class citizen. It must be clear, up-to-date, and easy to navigate for all users and contributors.
17+
Documentation is a first-class citizen. It must be clear, up-to-date, and easy to navigate for all users and contributors. English only.
1818

1919
**Workflow / Key Responsibilities:**
2020
1. Maintain a central documentation index (INDEX.md)

docs/plan/task_1.md

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,12 +1,12 @@
11
# Task List: Phase 1 – Preparation & Planning
22

33
- [x] Write project objectives and scope in README.md
4-
- [x] List and justify tech stack in doc/plan/detailed_plan.md
5-
- [x] Draw and describe architecture in doc/plan/detailed_plan.md
6-
- [x] Specify folder/file structure in doc/plan/detailed_plan.md
7-
- [x] Draft implementation plan in doc/plan/detailed_plan.md
4+
- [x] List and justify tech stack in docs/plan/detailed_plan.md
5+
- [x] Draw and describe architecture in docs/plan/detailed_plan.md
6+
- [x] Specify folder/file structure in docs/plan/detailed_plan.md
7+
- [x] Draft implementation plan in docs/plan/detailed_plan.md
88
- [x] Draft sequenced, atomic task lists in task_1.md–task_5.md
99
- [x] Write initial README.md (overview, features, usage, architecture, roadmap)
1010
- [x] Write LICENSE (MIT)
11-
- [x] Write extension/contribution guidelines in doc/EXTENDING.md
11+
- [x] Write extension/contribution guidelines in docs/EXTENDING.md
1212
- [x] Review and finalize all planning docs

docs/plan/task_2.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@
44
- [x] Create /zap/ directory for ZAP configs
55
- [x] Create /trivy/ directory for Trivy configs
66
- [x] Create /scripts/ directory for automation scripts
7-
- [x] Create /doc/plan/ directory for planning docs
7+
- [x] Create /docs/plan/ directory for planning docs
88
- [x] Create .github/workflows/ directory for GitHub Actions
99
- [x] Create .vscode/ directory for editor settings (if not present)
1010
- [x] Place README.md and LICENSE in root

docs/plan/task_4.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -7,5 +7,5 @@
77
- [x] Write trivy/config.yaml (dependency/container scan config)
88
- [x] Place all rules/configs in correct folders
99
- [x] Test each rule/config with scripts/security-check.sh
10-
- [x] Document each rule/config in README.md and doc/EXTENDING.md
10+
- [x] Document each rule/config in README.md and docs/EXTENDING.md
1111
- [x] Refine based on test results

docs/plan/task_5.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,6 @@
55
- [x] Test both CI configs on a sample repo
66
- [x] Validate that results appear in CI logs and as artifacts
77
- [x] Finalize and polish README.md (add CI badges, usage, troubleshooting)
8-
- [x] Finalize doc/EXTENDING.md (how to add rules, tools, outputs)
8+
- [x] Finalize docs/EXTENDING.md (how to add rules, tools, outputs)
99
- [x] Review and update all planning and documentation files
1010
- [x] Mark project as ready for coding phase exit

docs/plan/task_6.md

Lines changed: 11 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -1,12 +1,12 @@
1-
# Task List: Phase 6 – Automatisierte Auswertung, Reporting & API-Security
1+
# Task List: Phase 6 – Automated Analysis, Reporting & API Security
22

3-
- [x] Script zur Auswertung aller Scan-Resultate (ZAP, Semgrep, Trivy)
4-
- [x] Findings nach Schweregrad sortieren und zusammenfassen
5-
- [x] "Alles okay"-Abschnitte explizit ausgeben
6-
- [ ] To-Do-Liste für Entwickler generieren
7-
- [ ] Optional: HTML-Report erzeugen
8-
- [ ] Optional: Slack/Teams/Email-Benachrichtigung bei kritischen Findings
9-
- [ ] Semgrep-Regeln für API-Absicherung (Auth, CORS, Rate Limiting)
10-
- [ ] ZAP-Policy für API-Endpoints anpassen
11-
- [ ] Weitere Semgrep-Regeln für LLM/AI-Security
12-
- [ ] Doku im README ergänzen
3+
- [x] Script to analyze all scan results (ZAP, Semgrep, Trivy)
4+
- [x] Sort and summarize findings by severity
5+
- [x] Explicitly output "All OK" sections
6+
- [ ] Generate to-do list for developers
7+
- [ ] Optionally: Generate HTML report
8+
- [ ] Optionally: Slack/Teams/Email notification for critical findings
9+
- [ ] Semgrep rules for API security (Auth, CORS, Rate Limiting)
10+
- [ ] Adjust ZAP policy for API endpoints
11+
- [ ] More Semgrep rules for LLM/AI security
12+
- [ ] Update documentation!

docs/plan/task_7.md

Lines changed: 12 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -1,14 +1,14 @@
11
# Task List: Phase 7 – Advanced Automation, Integration & Developer Experience
22

3-
- [ ] Automatisches Mapping aller Findings auf OWASP Top 10, DSGVO, NIST, etc.
4-
- [ ] Compliance-Report generieren
5-
- [ ] Plug-in-System für neue Tools/Checks
6-
- [ ] Auto-Fix-Vorschläge für triviale Findings
7-
- [ ] False-Positive-Handling (Whitelist, Suppression)
8-
- [ ] Historie/Trend-Analyse der Findings
9-
- [ ] Dashboard für Security-Status und Trends
10-
- [ ] Automatische Erkennung des Tech-Stacks und Anpassung der Checks
11-
- [ ] Ticket-Erstellung bei kritischen Findings (Jira, GitHub Issues)
12-
- [ ] PDF-Export des Reports
13-
- [ ] Troubleshooting/FAQ und Beispiel-Output in der Doku
14-
- [ ] Video/Screen-Demo für Onboarding
3+
- [ ] Automatic mapping of all findings to OWASP Top 10, GDPR, NIST, etc.
4+
- [ ] Generate compliance report
5+
- [ ] Plug-in system for new tools/checks
6+
- [ ] Auto-fix suggestions for trivial findings
7+
- [ ] False-positive handling (whitelist, suppression)
8+
- [ ] History/trend analysis of findings
9+
- [ ] Dashboard for security status and trends
10+
- [ ] Automatic detection of tech stack and adjustment of checks
11+
- [ ] Ticket creation for critical findings (Jira, GitHub Issues)
12+
- [ ] PDF export of the report
13+
- [ ] Troubleshooting/FAQ and example output in the documentation
14+
- [ ] Video/screen demo for onboarding

docs/plan/task_8.md

Lines changed: 0 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -24,20 +24,3 @@ Enhance the SecuLite dashboard to provide a robust, interactive, and user-friend
2424
- [ ] Test all dashboard features (scan trigger, status, auto-refresh, error handling)
2525
- [ ] Validate user experience and accessibility
2626

27-
## Dependencies
28-
- Backend API (Flask: `/scan`, `/status`)
29-
- `scripts/webui.js`
30-
- `results/security-summary.html`
31-
32-
## Success Criteria
33-
- User can trigger scan via button
34-
- Status is displayed and updated correctly
35-
- Dashboard auto-refreshes after scan completion
36-
- Errors are clearly shown to the user
37-
- UI is clear, accessible, and user-friendly
38-
- Documentation and screenshots are up to date
39-
40-
## IST-Stand
41-
- Scan button and status display are implemented
42-
- Auto-refresh, error handling, and UI feedback are missing
43-
- Documentation/screenshots not updated

0 commit comments

Comments
 (0)