mirror of
https://github.com/KeygraphHQ/shannon.git
synced 2026-06-06 23:43:57 +02:00
Varun Sivamani
4a12918448
Add new docs pages and LLM context files, and remove the legacy SHANNON-PRO.md file.
24 lines
1.0 KiB
Markdown
24 lines
1.0 KiB
Markdown
# Coverage and Roadmap
|
|
|
|
Shannon Lite focuses on exploitable findings that can be validated against a running application.
|
|
|
|
## Current Shannon Lite Coverage
|
|
|
|
- Broken Authentication
|
|
- Broken Authorization
|
|
- Injection
|
|
- Cross-Site Scripting
|
|
- Server-Side Request Forgery
|
|
|
|
## Reporting Philosophy
|
|
|
|
Shannon Lite follows a proof-by-exploitation model. Findings that cannot be demonstrated with a working proof of concept are not included in the final report.
|
|
|
|
This reduces speculative noise, but it also means Shannon Lite does not aim to report every possible security issue in a repository. In particular, many dependency, policy, configuration, and broad static-analysis findings are outside the core Shannon Lite workflow.
|
|
|
|
## Roadmap Direction
|
|
|
|
Planned coverage areas should continue to live in the repository's canonical roadmap document if one exists. The README should link to that document rather than carrying detailed roadmap history inline.
|
|
|
|
For organizations that need broader static and organizational coverage now, see [Shannon Pro](shannon-pro.md).
|