Add security architecture pattern infospace

This commit is contained in:
2026-05-19 07:12:07 +02:00
parent 3ca891de4a
commit 5bb4b40b86
81 changed files with 6836 additions and 0 deletions

View File

@@ -0,0 +1,42 @@
# Pattern: Dependency Update Bot
Status: seed
Readiness target: RL2 private beta
Primary owners: product repos
Genesis family: Supply chain
## Problem
Dependency updates become stale, risky, and manual when there is no
repeatable intake and test path.
## Context
Use this pattern for application dependencies, container base images,
GitHub Actions, Helm charts, Terraform providers, and platform tools.
## Forces
- Automated updates reduce known-vulnerability exposure.
- Update noise can overwhelm reviewers.
- Security updates need prioritization.
- Tests must catch compatibility breakage.
## Solution
Use automated dependency update pull requests with grouping rules,
security prioritization, test gates, review ownership, and release notes.
## Verification
- Dependency inventory is covered by update automation.
- Security updates are surfaced with priority.
- Update PRs run relevant tests.
- Deferred updates have owner and reason.
## Related Patterns
- Protected Main Branch.
- SBOM-per-Release.
- Quarantined Build Runner.
- Supply-Chain Provenance.