MetaCredo.
View Source
Detects authentication/authorization code without telemetry or audit logging. Auth operations should be instrumented for security auditing, compliance, and incident response.
Category: Observability / Priority: high
Configuration
Accepts the following parameters via .metacredo.exs:
auth_indicators- Function/module name fragments indicating auth context (default:{:sigil_W, [delimiter: "[", line: 7, column: 9], [{:<<>>, [line: 7, column: 9], ["auth authenticate authorize permission verify check validate token session login logout sign_in sign_out"]}, []]})telemetry_indicators- Function name fragments indicating telemetry/audit calls (default:{:sigil_W, [delimiter: "[", line: 8, column: 29], [{:<<>>, [line: 8, column: 29], ["telemetry emit log audit trace metric record"]}, []]})