Repository Guidelines

Project Structure & Module Organization #

This repository focuses on SSDLC policy documentation. The root README.md outlines the ISO 27001 baseline. Add detailed guidance in docs/ with one Markdown file per control (e.g. docs/a.8.28-secure-programming.md). Store reusable templates in templates/ and evidence screenshots in assets/; keep filenames lowercase with hyphens.

Build, Test, and Development Commands #

No compilation is required. Validate Markdown after each edit. Run npx markdownlint-cli2 "**/*.md" to lint the entire workspace. Use your editor preview or run open README.md (macOS) to confirm headings, tables, and checklists render correctly.

Coding Style & Naming Conventions #

Document policy content in concise German and switch to English for technical instructions, as in README.md. Wrap text at 120 characters, use - for unordered lists, and prefer fenced blocks with language hints for commands. Reference ISO controls explicitly (e.g. **A.8.29**) and write introductions in sentence case. Preserve German special characters; do not replace ä, ö, ü, or ß with ASCII substitutes.

Testing Guidelines #

Treat every contribution as an auditable artifact. Cross-check new text against ISO 27001 Annex A and cite supporting files or tickets. Raise a peer review issue whenever you add process diagrams or checklists so another contributor can validate accuracy before merging.

Commit & Pull Request Guidelines #

Write imperative commit messages that mention the affected controls, for example Add training checklist for A.8.28. Group related documentation updates into a single commit for audit traceability. In pull requests, summarise impacted controls, link risk assessments or incidents, and attach screenshots or files for new templates.

Security & Compliance Notes #

Never store production secrets or personal data in this repository. Link to secured systems instead. Mask any sample data and mark placeholders clearly (e.g. <internal-link>). Flag urgent compliance risks in the PR description so reviewers can escalate quickly.

Background #

The company operates self-hosted GitLab, Jira, and Confluence instances for source control and collaboration.

Previous Leitfaden Scans in CI/CD Next
Ändere dieses Dokument in GitLab.