Security & Compliance¶

Integrated Security · Continuous Evidence

ATLANTYQA integrates security into daily operations — not as an add-on, but as part of the design.

Security Pillars¶

Software Bill of Materials and composition analysis inside CI/CD pipelines. Grype + SBOM artifacts in every release.

Complete audit records in bot-review.yml and outputs/bot-evidence. Minimum 1-year retention.

Non-root containers, read-only filesystem, dropped Linux capabilities, and no-new-privileges.

Sensitive data isolation, encryption in transit and at rest, centralized KMS.

Technical Documentation

See deployment models in deployment-models. Internal hardening details are shared through private/NDA channels.

Need security evidence for a committee or audit?