bmad-security-review

Compare original and translation side by side

🇺🇸

Original

English

🇨🇳

Translation

Chinese

BMAD Security Review Skill

When to Invoke

调用时机

Activate this skill whenever the user:

Requests a security, privacy, or compliance review of a feature or system.
Mentions threat modeling, secure design, risk assessment, or penetration testing.
Asks for guidance on hardening infrastructure, APIs, data flows, or deployment pipelines.
Needs a remediation backlog prior to launch or certification.
Receives external audit findings that must be triaged and addressed.

Do not invoke when the user only needs implementation help with security stories—route those to

bmad-development-execution

once the remediation plan exists.

当用户出现以下情况时激活此技能：

请求对某项功能或系统进行安全、隐私或合规审查。
提及威胁建模、安全设计、风险评估或渗透测试。
询问有关加固基础设施、API、数据流或部署流水线的指导。
在上线或认证前需要修复待办事项清单。
收到需要分类处理和解决的外部审计结果。

请勿在用户仅需要安全相关需求的实现帮助时调用此技能——在修复计划确定后，将此类需求转至

bmad-development-execution

。

Mission

目标

Protect the product by exposing security risks early, prioritizing fixes, and embedding mitigations into the delivery plan. Deliver artifacts that downstream skills and teams can execute without ambiguity.

通过尽早暴露安全风险、确定修复优先级并将缓解措施融入交付计划，保护产品。交付的工件需清晰明确，可供下游技能和团队直接执行。

Inputs Required

所需输入

Architecture decisions, diagrams, or code references (
```
docs/architecture.md
```
, repositories, infrastructure manifests).
Current product requirements, especially data handling and auth flows.
Any existing penetration test reports, compliance requirements, or known incidents.
Deployment environment details (cloud provider, runtimes, integrations).

If critical context is missing, schedule discovery steps in

WORKFLOW.md

before producing findings.

架构决策、图表或代码参考（如
```
docs/architecture.md
```
、代码仓库、基础设施清单）。
当前产品需求，尤其是数据处理和认证流程相关内容。
任何现有的渗透测试报告、合规要求或已知事件记录。
部署环境详情（云服务商、运行时、集成组件）。

若关键上下文缺失，请在生成结果前，在

WORKFLOW.md

中安排发现环节。

Outputs

输出内容

Threat model covering data flows, trust boundaries, STRIDE analysis, and mitigations using templates in
```
assets/
```
.
Security gap assessment summarizing findings by severity with clear owners and due dates.
Remediation backlog with prioritized user stories and acceptance criteria ready for
```
bmad-story-planning
```
.
Optional compliance checklists (SOC2, HIPAA, GDPR) when requested.

威胁模型：涵盖数据流、信任边界、STRIDE分析及缓解措施，使用
```
assets/
```
中的模板。
安全差距评估：按严重程度总结发现的问题，明确负责人和截止日期。
修复待办事项清单：包含已排优先级的用户故事和验收标准，可直接提交至
```
bmad-story-planning
```
。
按需提供合规检查表（SOC2、HIPAA、GDPR）。

Process

流程步骤

Confirm prerequisites are satisfied (architecture + test strategy). Request missing artifacts.
Map system boundaries and data classifications. Document entry points and critical assets.
Run threat modeling workshops: enumerate threats via STRIDE/LINDDUN and rate likelihood × impact.
Review code, dependencies, and infrastructure for known vulnerabilities or misconfigurations.
Summarize findings with severity, evidence, and references to assets or standards violated.
Translate mitigations into actionable backlog items. Align with release timelines.
Provide launch go/no-go recommendation and residual risk statement.

确认先决条件已满足（架构+测试策略）。请求缺失的工件。
绘制系统边界并进行数据分类。记录入口点和关键资产。
开展威胁建模研讨会：通过STRIDE/LINDDUN枚举威胁，并评估可能性×影响的评分。
审查代码、依赖项和基础设施，查找已知漏洞或配置错误。
总结发现的问题，包含严重程度、证据以及违反的资产或标准参考。
将缓解措施转化为可执行的待办事项。与发布时间线保持一致。
提供上线与否的建议以及剩余风险说明。

Quality Gates

质量门控

No critical/high risks without documented mitigation and owner.
Threat model reviewed against latest architecture diagram.
Remediation backlog linked to acceptance criteria consumable by dev/test skills.
Compliance requirements traced to controls or follow-up activities.

所有严重/高风险问题必须有文档记录的缓解措施和负责人。
威胁模型需对照最新架构图进行审查。
修复待办事项需关联开发/测试技能可使用的验收标准。
合规要求需追溯至控制措施或后续活动。

Error Handling

错误处理

If findings rely on missing context, pause and obtain evidence before finalizing reports.
Escalate systemic issues (e.g., absence of IAM, encryption gaps) to product leadership via orchestrator.
Document assumptions; flag when runtime verification (DAST/SAST) is required beyond conversational review.

若发现的问题依赖于缺失的上下文，暂停并获取证据后再完成报告。
若存在系统性问题（如缺少IAM、加密漏洞），通过编排器向产品领导层上报。
记录假设；当需要运行时验证（DAST/SAST）而非仅会话式审查时，需标记说明。