CtrlK
BlogDocsLog inGet started
Tessl Logo

tessl-labs/springboot-security-basics

Security defaults that belong in every Spring Boot application from day one.

88

1.79x
Quality

83%

Does it follow best practices?

Impact

97%

1.79x

Average score across 5 eval scenarios

SecuritybySnyk

Passed

No known issues

Overview
Quality
Evals
Security
Files

security-filter-chain.jsonverifiers/

{
  "instruction": "Use SecurityFilterChain bean, not deprecated WebSecurityConfigurerAdapter",
  "relevant_when": "Agent creates or modifies a Spring Boot application with Spring Security",
  "context": "Since Spring Security 5.7 / Spring Boot 3.x, WebSecurityConfigurerAdapter is deprecated and removed. Always define security as a SecurityFilterChain @Bean method using the lambda DSL. Never extend WebSecurityConfigurerAdapter or use the deprecated chaining style (.csrf().disable()).",
  "sources": [
    {
      "type": "file",
      "filename": "skills/springboot-security-basics/SKILL.md",
      "tile": "tessl-labs/springboot-security-basics@0.2.0"
    }
  ],
  "checklist": [
    {
      "name": "security-filter-chain-bean",
      "rule": "Agent defines a @Bean method returning SecurityFilterChain rather than extending WebSecurityConfigurerAdapter",
      "relevant_when": "Agent creates or modifies Spring Security configuration"
    },
    {
      "name": "lambda-dsl-used",
      "rule": "Agent uses lambda DSL style (e.g., csrf(csrf -> csrf.disable())) rather than deprecated chaining style (e.g., .csrf().disable())",
      "relevant_when": "Agent configures HttpSecurity"
    }
  ]
}

verifiers

cors-configured.json

csrf-handling.json

input-validation.json

password-encoder.json

rate-limiting.json

security-filter-chain.json

security-headers.json

tile.json