II.
Workflow JSON
Structured · liveworkflow:penetration-testing-cycle
Penetration Testing Cycle json
Inspect the normalized record payload exactly as the atlas UI reads it.
{
"id": "workflow:penetration-testing-cycle",
"_kind": "Workflow",
"_file": "domain/workflows/workflows-security.yaml",
"_cluster": "domain",
"attributes": {
"displayName": "Penetration Testing Cycle",
"description": "Semi-annual workflow where authorised security professionals attempt to compromise\nproduction or staging systems to identify exploitable vulnerabilities before malicious\nactors do. The cycle begins with scoping — defining targets, rules of engagement, and\nsuccess criteria with security and legal stakeholders. An external penetration testing\nfirm or internal red team conducts the test over a defined window using agreed\nmethodologies. Findings are documented in a penetration test report with severity\nratings, proof-of-concept evidence, and remediation guidance. Engineering teams\nprioritise and remediate findings, and a retest validates critical fixes. Results\ninform the vulnerability management programme and security roadmap.\n",
"workflowKind": "security",
"triggerType": "scheduled",
"typicalCadence": "semi-annual",
"complexity": "complex"
},
"outgoingEdges": [
{
"from": "workflow:penetration-testing-cycle",
"to": "role:security-engineer",
"kind": "involves_role"
},
{
"from": "workflow:penetration-testing-cycle",
"to": "role:compliance-officer",
"kind": "involves_role"
},
{
"from": "workflow:penetration-testing-cycle",
"to": "role:engineering-manager",
"kind": "involves_role"
},
{
"from": "workflow:penetration-testing-cycle",
"to": "role:legal-counsel",
"kind": "involves_role"
},
{
"from": "workflow:penetration-testing-cycle",
"to": "role:audit-analyst",
"kind": "involves_role"
},
{
"from": "workflow:penetration-testing-cycle",
"to": "domain:cybersecurity",
"kind": "applies_to_domain"
},
{
"from": "workflow:penetration-testing-cycle",
"to": "domain:networking",
"kind": "applies_to_domain"
},
{
"from": "workflow:penetration-testing-cycle",
"to": "responsibility:security-audit",
"kind": "triggers_responsibility"
},
{
"from": "workflow:penetration-testing-cycle",
"to": "responsibility:risk-assessment",
"kind": "triggers_responsibility"
},
{
"from": "workflow:penetration-testing-cycle",
"to": "responsibility:compliance-monitoring",
"kind": "triggers_responsibility"
},
{
"from": "workflow:penetration-testing-cycle",
"to": "responsibility:vendor-evaluation",
"kind": "triggers_responsibility"
}
],
"incomingEdges": [
{
"from": "lib-agent:security-research--cloud-security-researcher",
"to": "workflow:penetration-testing-cycle",
"kind": "lib_implements_workflow",
"attributes": {
"weight": 1
}
},
{
"from": "lib-agent:security-research--ctf-creator",
"to": "workflow:penetration-testing-cycle",
"kind": "lib_implements_workflow",
"attributes": {
"weight": 1
}
},
{
"from": "lib-agent:security-research--exploit-developer",
"to": "workflow:penetration-testing-cycle",
"kind": "lib_implements_workflow",
"attributes": {
"weight": 1
}
},
{
"from": "lib-agent:security-research--fuzzing-engineer",
"to": "workflow:penetration-testing-cycle",
"kind": "lib_implements_workflow",
"attributes": {
"weight": 1
}
},
{
"from": "lib-agent:security-research--hardware-security-researcher",
"to": "workflow:penetration-testing-cycle",
"kind": "lib_implements_workflow",
"attributes": {
"weight": 1
}
},
{
"from": "lib-agent:security-research--malware-analyst",
"to": "workflow:penetration-testing-cycle",
"kind": "lib_implements_workflow",
"attributes": {
"weight": 0.7
}
},
{
"from": "lib-agent:security-research--mobile-researcher",
"to": "workflow:penetration-testing-cycle",
"kind": "lib_implements_workflow",
"attributes": {
"weight": 1
}
},
{
"from": "lib-agent:security-research--purple-team-coordinator",
"to": "workflow:penetration-testing-cycle",
"kind": "lib_implements_workflow",
"attributes": {
"weight": 1
}
},
{
"from": "lib-agent:security-research--red-team-operator",
"to": "workflow:penetration-testing-cycle",
"kind": "lib_implements_workflow",
"attributes": {
"weight": 1
}
},
{
"from": "lib-agent:security-research--reverse-engineer",
"to": "workflow:penetration-testing-cycle",
"kind": "lib_implements_workflow",
"attributes": {
"weight": 1
}
},
{
"from": "lib-agent:security-research--security-report-writer",
"to": "workflow:penetration-testing-cycle",
"kind": "lib_implements_workflow",
"attributes": {
"weight": 0.7
}
},
{
"from": "lib-agent:security-research--smart-contract-auditor",
"to": "workflow:penetration-testing-cycle",
"kind": "lib_implements_workflow",
"attributes": {
"weight": 1
}
},
{
"from": "lib-agent:security-research--threat-intel-analyst",
"to": "workflow:penetration-testing-cycle",
"kind": "lib_implements_workflow",
"attributes": {
"weight": 0.7
}
},
{
"from": "lib-agent:security-research--vuln-researcher",
"to": "workflow:penetration-testing-cycle",
"kind": "lib_implements_workflow",
"attributes": {
"weight": 0.7
}
},
{
"from": "lib-agent:security-research--web-security-researcher",
"to": "workflow:penetration-testing-cycle",
"kind": "lib_implements_workflow",
"attributes": {
"weight": 1
}
},
{
"from": "lib-skill:security-research--aiml-security",
"to": "workflow:penetration-testing-cycle",
"kind": "lib_implements_workflow",
"attributes": {
"weight": 1
}
},
{
"from": "lib-skill:security-research--binary-exploitation",
"to": "workflow:penetration-testing-cycle",
"kind": "lib_implements_workflow",
"attributes": {
"weight": 1
}
},
{
"from": "lib-skill:security-research--burp-websec",
"to": "workflow:penetration-testing-cycle",
"kind": "lib_implements_workflow",
"attributes": {
"weight": 1
}
},
{
"from": "lib-skill:security-research--cloud-security-testing",
"to": "workflow:penetration-testing-cycle",
"kind": "lib_implements_workflow",
"attributes": {
"weight": 1
}
},
{
"from": "lib-skill:security-research--debugger-integration",
"to": "workflow:penetration-testing-cycle",
"kind": "lib_implements_workflow",
"attributes": {
"weight": 1
}
},
{
"from": "lib-skill:security-research--fuzzing-ops",
"to": "workflow:penetration-testing-cycle",
"kind": "lib_implements_workflow",
"attributes": {
"weight": 1
}
},
{
"from": "lib-skill:security-research--ghidra-ida-re",
"to": "workflow:penetration-testing-cycle",
"kind": "lib_implements_workflow",
"attributes": {
"weight": 1
}
},
{
"from": "lib-skill:security-research--hardware-security",
"to": "workflow:penetration-testing-cycle",
"kind": "lib_implements_workflow",
"attributes": {
"weight": 1
}
},
{
"from": "lib-skill:security-research--incident-forensics",
"to": "workflow:penetration-testing-cycle",
"kind": "lib_implements_workflow",
"attributes": {
"weight": 0.7
}
},
{
"from": "lib-skill:security-research--mitre-attack",
"to": "workflow:penetration-testing-cycle",
"kind": "lib_implements_workflow",
"attributes": {
"weight": 1
}
},
{
"from": "lib-skill:security-research--mobile-security",
"to": "workflow:penetration-testing-cycle",
"kind": "lib_implements_workflow",
"attributes": {
"weight": 1
}
},
{
"from": "lib-skill:security-research--offensive-security",
"to": "workflow:penetration-testing-cycle",
"kind": "lib_implements_workflow",
"attributes": {
"weight": 1
}
},
{
"from": "lib-skill:security-research--protocol-analysis",
"to": "workflow:penetration-testing-cycle",
"kind": "lib_implements_workflow",
"attributes": {
"weight": 1
}
},
{
"from": "lib-skill:security-research--pwntools-exploit",
"to": "workflow:penetration-testing-cycle",
"kind": "lib_implements_workflow",
"attributes": {
"weight": 1
}
},
{
"from": "lib-skill:security-research--security-sandbox",
"to": "workflow:penetration-testing-cycle",
"kind": "lib_implements_workflow",
"attributes": {
"weight": 1
}
},
{
"from": "lib-skill:security-research--smart-contract-analysis",
"to": "workflow:penetration-testing-cycle",
"kind": "lib_implements_workflow",
"attributes": {
"weight": 1
}
},
{
"from": "lib-skill:security-research--static-analysis-tools",
"to": "workflow:penetration-testing-cycle",
"kind": "lib_implements_workflow",
"attributes": {
"weight": 1
}
},
{
"from": "lib-skill:security-research--stix-taxii",
"to": "workflow:penetration-testing-cycle",
"kind": "lib_implements_workflow",
"attributes": {
"weight": 0.7
}
},
{
"from": "lib-skill:security-research--yara-rules",
"to": "workflow:penetration-testing-cycle",
"kind": "lib_implements_workflow",
"attributes": {
"weight": 0.7
}
}
]
}