{
  "id": "scope-boundary:blueprint-basic-security.scope",
  "_kind": "ScopeBoundary",
  "_file": "sourceref-scope/scope-boundaries/blueprint-basic-security.yaml",
  "_cluster": "sourceref-scope",
  "attributes": {
    "subjectId": "blueprint:basic-security",
    "inScope": "Baseline application-security checks on a code change — secrets in\nsource, common injection sinks, missing auth/authorization on routes,\noverly permissive CORS / CSP, unsafe deserialization, and outdated\ndependency callouts (advisory, not full SCA).\n",
    "outOfScope": "Penetration testing, dynamic analysis / fuzzing, full SAST tool\nreplacement, threat modeling, cryptographic-primitive review, and\ncompliance attestation (SOC2, ISO 27001, PCI-DSS).\n",
    "outOfScopeReasonIds": [
      "out-of-scope-reason:runtime-only",
      "out-of-scope-reason:future-phase"
    ]
  },
  "outgoingEdges": [
    {
      "from": "scope-boundary:blueprint-basic-security.scope",
      "to": "blueprint:basic-security",
      "kind": "bounds_subject"
    }
  ],
  "incomingEdges": []
}