tessl-labs/springboot-security-basics
Security defaults that belong in every Spring Boot application from day one.
88
1.79x
Quality
83%
Does it follow best practices?
Impact
97%
1.79xAverage score across 5 eval scenarios
Securityby
Passed
No known issues
password-encoder.jsonverifiers/
{
"instruction": "Use BCryptPasswordEncoder for all password storage",
"relevant_when": "Agent creates or modifies a Spring Boot application that handles user passwords",
"context": "Never store passwords in plain text or use weak hashing (MD5, SHA-256 without salt). Define a PasswordEncoder bean returning BCryptPasswordEncoder and inject it into services. Never instantiate BCryptPasswordEncoder directly in service code -- use dependency injection. Always use passwordEncoder.encode() for storing and passwordEncoder.matches() for verifying.",
"sources": [
{
"type": "file",
"filename": "skills/springboot-security-basics/SKILL.md",
"tile": "tessl-labs/springboot-security-basics@0.2.0"
}
],
"checklist": [
{
"name": "password-encoder-bean",
"rule": "Agent defines a @Bean method returning PasswordEncoder (BCryptPasswordEncoder) in a configuration class",
"relevant_when": "Agent creates a Spring Boot app that stores passwords"
},
{
"name": "passwords-encoded",
"rule": "Agent uses passwordEncoder.encode() when storing passwords and passwordEncoder.matches() when verifying, never stores plain text",
"relevant_when": "Agent implements user registration or authentication"
},
{
"name": "no-weak-hashing",
"rule": "Agent does not use MD5, SHA-1, or SHA-256 for password hashing",
"relevant_when": "Agent implements password storage"
}
]
}evals
scenario-1
scenario-2
scenario-3
scenario-4
scenario-5
skills
springboot-security-basics
verifiers