Add security architecture pattern infospace

This commit is contained in:
2026-05-19 07:12:07 +02:00
parent 3ca891de4a
commit 5bb4b40b86
81 changed files with 6836 additions and 0 deletions

View File

@@ -0,0 +1,44 @@
# Pattern: Protected Main Branch
Status: seed
Readiness target: RL2 private beta
Primary owners: product repos, NetKingdom
Genesis family: Supply chain
## Problem
Production code can be changed without review, tests, or traceable
approval when the main branch is not protected.
## Context
Use this pattern for repositories that produce production services,
platform manifests, policy packages, documentation standards, or release
artifacts.
## Forces
- Teams need fast iteration.
- Production branches need review and checks.
- Emergency fixes need traceable override.
- Branch rules should match artifact criticality.
## Solution
Protect main and release branches with review, required checks, signed
or verified changes where useful, and explicit emergency override
procedures.
## Verification
- Direct pushes to protected branches are blocked.
- Required tests and reviews pass before merge.
- Emergency overrides are logged and reviewed.
- Release artifacts link back to protected branch commits.
## Related Patterns
- GitOps with Guardrails.
- SLSA Build Provenance.
- SBOM-per-Release.
- Supply-Chain Provenance.