Erich Blume
69737dc915
Deletes the CC how-to and explanation docs, and the orphan changelog fragments describing CC reviews. Updates security.md and read-compliance-reports.md to describe muting in terms of the mutelist files only. Adds the branch changelog fragment. Mutelist YAML files, the Prowler CronJobs, and the review-compliance-reports task all stay — they're updated in the next commit.
510 B
510 B
Ripped out the compensating-controls (CC) framework: deleted compensating-controls.yaml, the review-compensating-controls mise task, and the associated how-to / explanation docs. Prowler and Kingfisher continue to run weekly and produce reports; the Prowler mutelist YAML files remain in place but no longer carry CC: <id> prefixes — each entry just keeps a free-form Description of why the finding is muted. The CC review cadence proved to be more overhead than this single-operator homelab needed.