Steering documents that help enforce security best practices, vulnerability prevention, and secure coding patterns.
Security steering documents guide Kiro to write code that follows security best practices and helps prevent common vulnerabilities. These documents focus on practical security patterns that can be applied during code generation.
| Document | Description | Languages | Tags |
|---|---|---|---|
| Coming soon | Input validation and sanitization | Multiple | security, validation |
| Coming soon | Authentication and authorization patterns | Multiple | security, auth |
| Coming soon | Secure API development | Multiple | security, api |
| Coming soon | Dependency security scanning | Multiple | security, dependencies |
Security steering documents will help you:
-
Implement secure coding practices from the start
-
Prevent common vulnerabilities (SQL injection, XSS, etc.)
-
Follow authentication and authorization best practices
-
Handle sensitive data securely
# Copy a security steering document to your project
cp categories/security/input-validation.md .kiro/steering/
-
Apply security steering documents early in development
-
Combine multiple security documents for comprehensive coverage
-
Review generated code for security implications
-
Keep security steering documents updated with latest threats
-
Security steering documents provide guidance but don't replace security audits
-
Always review security-critical code manually
-
Use additional security tools for vulnerability scanning
-
Follow your organization's security policies
-
Code Quality - Code standards that support security
-
Workflows - Security scanning in CI/CD pipelines
-
Frameworks - Framework-specific security patterns
Security contributions are especially valuable to the community. If you have security steering documents to share, please see our contribution guidelines. All security-related contributions undergo additional review.