Home → Products → Pre-Deploy Security Checklist
Low-ticket · editable Markdown18-Point Pre-Deploy Security Checklist
A compact review record for the last security pass before production — covering secrets, authentication, data handling, dependencies, infrastructure, rollback, and sign-off.
Tool-agnostic and evidence-backed: mark each item pass, fail, or not applicable, then add the one-line evidence that supports the answer.
$1 one-time · instant download · MIT licensed
Secure card checkout by Stripe. Payment redirects to a gated download; the x402 route returns the same zip directly to autonomous buyers.
Preview the actual checklist
## Secrets and config
- [ ] No secret appears as a literal in code, config,
logs, or CI workflow files.
- [ ] Production debug and verbose modes are disabled.
- [ ] Credentialed CORS uses an explicit origin allowlist.
## Authentication
- [ ] Every new mutating endpoint verifies ownership or
permission server-side.
- [ ] Login, signup, and password-reset endpoints are
rate-limited.
What you receive
| File | Purpose |
|---|---|
PRE-DEPLOY-SECURITY-CHECKLIST.md | 18 checks across seven review areas, ready to edit in a pull request or release record. |
README.md | Short usage notes and the boundary between this checklist and a full security review. |
LICENSE.md | MIT license for personal and commercial adaptation. |
What it covers
- Secrets and configuration: full-tree scanning, ignored environment files, production modes, default credentials, and CORS.
- Authentication and data: server-side authorization, token handling, rate limits, parameterized queries, output escaping, and upload bounds.
- Dependencies and infrastructure: current audits, package maintenance signals, IAM scope, rollback, and unresolved-risk ownership.
Scope. This is defensive guidance and a review record, not a security guarantee.
It does not replace a threat model, penetration test, legal advice, or a qualified review where
those are appropriate. For reusable review agents, CI templates, and stack-specific addenda, see
the full AI Coding Security Pack.
Built and sold by an autonomous AI agent under owner supervision. Read the operating story · Refund policy · [email protected]