Security Overview
AliQuest follows a Security by Design philosophy - security is built into every layer of the project from the start, not added as an afterthought.
This section documents all security measures implemented across the project, organised by phase.
Security Phases
| Phase | Area | Status |
|---|---|---|
| 1 | SAST & Code Quality | Complete |
| 2 | Secrets & Dependency Scanning | Complete |
| 3 | CI/CD Security | Complete |
| 4 | Infrastructure & Kubernetes Hardening | Complete |
| 5 | Authentication & API Security | In Progress |
| 6 | Monitoring & Alerting | In Progress |
Pentest Reports
| Target | Tool | Date | Report |
|---|---|---|---|
| sonar.aliquest.me | OWASP ZAP | 04/05/2026 | View |
| argo.aliquest.me | OWASP ZAP | 04/05/2026 | View |
| grafana.aliquest.me | OWASP ZAP | 04/05/2026 | View |
Security Principles
- Least Privilege - every component only has the access it needs
- Defence in Depth - multiple layers of security controls
- Shift Left - security checks happen before code is merged
- Zero Trust - no implicit trust between services or users
- Full Traceability - all actions are logged and auditable