Skip to content

docs(rules): add false-positive taxonomy#77

Merged
stacknil merged 1 commit into
mainfrom
stacknil/v0.5-false-positive-taxonomy
Jun 30, 2026
Merged

docs(rules): add false-positive taxonomy#77
stacknil merged 1 commit into
mainfrom
stacknil/v0.5-false-positive-taxonomy

Conversation

@stacknil

@stacknil stacknil commented Jun 30, 2026

Copy link
Copy Markdown
Owner

Summary

  • add a standalone false-positive taxonomy for brute-force, multi-user probing, and sudo burst findings
  • distinguish NAT, bastion, internal scanner, lab replay, scheduled admin task, and shared-account contexts
  • document corroborating evidence, residual uncertainty, cross-rule interpretation, and evidence-integrity boundaries
  • link the taxonomy from the rule catalog, case study, reviewer path, README, and changelog

Validation

  • cmake -S . -B build
  • cmake --build build
  • ctest --test-dir build -C Debug --output-on-failure
  • git diff --check
  • custom taxonomy coverage check: 3 rules x 6 sources and 3 verdict boundaries
  • local Markdown link check: 53 links
  • privacy/secret marker scan of changed docs

@stacknil stacknil merged commit 9b00cb7 into main Jun 30, 2026
9 checks passed
@stacknil stacknil deleted the stacknil/v0.5-false-positive-taxonomy branch June 30, 2026 03:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@stacknil