Weekly Security Review
Frequency: Every Monday | SLA: Complete by Friday EOD
Each weekly GitHub Issue is auto-populated with real compliance data by weekly_review.py before it is assigned for review. The issue contains pre-pulled compliance state, incident counts, Dependabot alert totals, and CrowdStrike detection summaries — reviewers read the issue rather than visiting each dashboard.
Tracked as a GitHub Issue using the Weekly Security Review template.
Data Sources
Section titled “Data Sources”| System | What It Provides |
|---|---|
| Nightly Verification | Compliance state across all 12 systems — auto-pulled into issue |
| GCP Cloud Monitoring | Alert policies, uptime check status, notification channel health — auto-pulled into issue |
| CrowdStrike | Endpoint detections, prevention events — summary auto-pulled into issue |
| Google Workspace | Admin audit log, login anomalies, DLP violations — evidence/logs/google-workspace/ |
| 1Password | Watchtower findings, sign-in events — evidence/logs/1password/ |
| GitHub | Dependabot alert counts, secret scanning alerts — auto-pulled into issue |
| Backblaze / Supabase | Backup status — evidence-external.yml and evidence-supabase.yml workflow runs |
Review Steps
Section titled “Review Steps”| # | Area | Action |
|---|---|---|
| 1 | Compliance state | Read the auto-populated compliance state in the issue. Open dashboards only for items flagged as FAIL or ERROR. |
| 2 | Uptime and incidents | Review GCP Cloud Monitoring alert summary in the issue. Investigate any flagged uptime check failures or alert policy firings. |
| 3 | Dependency vulnerabilities | Review the Dependabot alert count in the issue. Escalate critical/high findings as vulnerability remediation issues. |
| 4 | Endpoint protection | Review the CrowdStrike detection summary in the issue. Open falcon.crowdstrike.com only if detections are flagged. |
| 5 | Workflow health | Confirm all evidence and verify workflows completed successfully. Check #security-alerts for any failures. |
Completion
Section titled “Completion”Most checklist items are pre-populated in the issue. Add comments for any findings that require follow-up, link remediation issues, then close the review issue. Remediation items are tracked as separate issues.
Related Documents
Section titled “Related Documents”Meridian Seven — Confidential