CtrlK
BlogDocsLog inGet started
Tessl Logo

tessl-labs/springboot-security-basics

Security defaults that belong in every Spring Boot application from day one.

88

1.79x
Quality

83%

Does it follow best practices?

Impact

97%

1.79x

Average score across 5 eval scenarios

SecuritybySnyk

Passed

No known issues

Overview
Quality
Evals
Security
Files

security-headers.jsonverifiers/

{
  "instruction": "Configure security headers via HttpSecurity headers()",
  "relevant_when": "Agent creates or modifies a Spring Boot application with Spring Security",
  "context": "Configure security headers through HttpSecurity.headers() in the SecurityFilterChain. At minimum: X-Frame-Options DENY (prevents clickjacking), X-Content-Type-Options nosniff, HSTS with includeSubDomains. For apps serving HTML, add Content-Security-Policy. Never disable all default headers.",
  "sources": [
    {
      "type": "file",
      "filename": "skills/springboot-security-basics/SKILL.md",
      "tile": "tessl-labs/springboot-security-basics@0.2.0"
    }
  ],
  "checklist": [
    {
      "name": "frame-options-deny",
      "rule": "Agent configures frameOptions to deny in the SecurityFilterChain headers configuration",
      "relevant_when": "Agent creates Spring Security configuration"
    },
    {
      "name": "hsts-configured",
      "rule": "Agent configures HTTP Strict Transport Security with includeSubDomains and a maxAge of at least one year",
      "relevant_when": "Agent creates Spring Security configuration"
    },
    {
      "name": "headers-not-disabled",
      "rule": "Agent does not call headers.defaultsDisabled() or remove all default security headers",
      "relevant_when": "Agent configures security headers"
    }
  ]
}

verifiers

cors-configured.json

csrf-handling.json

input-validation.json

password-encoder.json

rate-limiting.json

security-filter-chain.json

security-headers.json

tile.json