Varun Sivamani
4a12918448
Add new docs pages and LLM context files, and remove the legacy SHANNON-PRO.md file.
1.0 KiB
Coverage and Roadmap
Shannon Lite focuses on exploitable findings that can be validated against a running application.
Current Shannon Lite Coverage
- Broken Authentication
- Broken Authorization
- Injection
- Cross-Site Scripting
- Server-Side Request Forgery
Reporting Philosophy
Shannon Lite follows a proof-by-exploitation model. Findings that cannot be demonstrated with a working proof of concept are not included in the final report.
This reduces speculative noise, but it also means Shannon Lite does not aim to report every possible security issue in a repository. In particular, many dependency, policy, configuration, and broad static-analysis findings are outside the core Shannon Lite workflow.
Roadmap Direction
Planned coverage areas should continue to live in the repository's canonical roadmap document if one exists. The README should link to that document rather than carrying detailed roadmap history inline.
For organizations that need broader static and organizational coverage now, see Shannon Pro.