Establishes mandatory CI gates with stable check naming, deterministic installs, baseline CodeQL + Dependabot posture, and main-branch enforcement via GitHub Rulesets.
Adopt a lightweight hardening baseline for the Docusaurus-based Portfolio Docs app to reduce supply-chain and content injection risk.
Dependabot, CodeQL, and audit gates for dependencies.
Security posture for the Portfolio App: threat surface, enforceable SDLC controls, and public-safe content and deployment practices.
Plan to harden the Docusaurus-based docs platform with CI audit gates, security headers, and publication safety controls.
Security posture for the Portfolio Docs App: threat surface, enforceable SDLC controls, supply chain hygiene, and public publication safety.
Deterministic workflow to diagnose failing Dependabot pull requests, reproduce failures locally, apply fixes, and push updates back to unblock required checks.
Threat models, secure SDLC controls, supply chain hygiene, and security evidence practices that demonstrate a security-first delivery process.
STRIDE threat model for the Portfolio App (Next.js): trust boundaries, assets, threats, mitigations, and residual risks aligned to enterprise SDLC controls.
Threat model for the Docusaurus documentation platform, focused on supply chain risk, CI integrity, public content safety, and deployment surface controls.