security.json?security.json is the core artifact from _spartan. After you answer a few questions about your app, _spartan will generate this JSON file reflecting the security policy of your application based upon your answers.
Each policy addresses security concerns in the following security domains:
policy metadata
_spartan generates and populates some additional metadata about the policy itself to allow for easier tracking, auditing and to pre-configure some fields:
"policyId": "01801687b51f06a49f22cd0357711144",
"applicationType": "Web",
"internetFacing": true,
"hostname": "localhost",
"deployment": "locally hosted",
"integrityService": [
"openssl",
"shasum"
],
... // the rest of the policy
| Name | Description | Type | Allowed Values | Default |
|---|---|---|---|---|
| policyId | 32-digit randomly generated value; new for each policy | String | 32-digit string value | N/A |
| applicationType | application type | String | “Web”, “Desktop”, “IoT”, “Mobile”, “API” | “Web” |
| internetFacing | describes if the application will be accessible over the Internet | Boolean | true, false | true |
| hostname | [Domain] name assigned for the system where the application resides | String | Any string value | “localhost” |
| deployment | How the application is accessed/deployment service (e.g. ‘Heroku’) | String | Any string value | “locally hosted” |
| integrity service | How SHA-384 sums are generated for _spartan artifacts | String Array | [“openssl”, “shasum”] | “shasum” |