License compliance
Map MIT, GPL, AGPL, etc., to distribution and source-disclosure duties; scan dependency trees in CI and track obligations—avoid “copy-paste” license traps.
Category · Compliance & privacy
Compliance & privacy
5 skills Category 7 of 20
This category bridges legal asks and engineering: open-source license obligations, GDPR-style processing records, browser security (CSRF, CORS), and redacting PII in logs and LLM prompts. Pair with security to separate “vuln” vs. “compliance” workstreams.
In the hub it follows Security. The five entries match the main hub.
Quick links
In depth
Privacy & GDPR
Legal bases, data-subject rights, transfers, and DPAs; implement consent logs, delete/export APIs, and keep product copy aligned.
CSRF protection
CSRF tokens, SameSite cookies, or double-submit for state-changing requests—watch SPA + cross-site API edge cases.
CORS
Configure `Access-Control-*`, preflight caching, and credentials—avoid overly broad `*` and wildcard subdomains.
PII redaction
Mask or hash emails, IDs, etc., in logs, traces, and LLM prompts—align with data classification, retention, and observability field config.