/
Security and Non-Functional Requirements

Security and Non-Functional Requirements

•Authentication: Use OIDC for Authentication and OAuth2 for authorization.

•Data Encryption: Encrypt data at rest (MySQL) and in transit (HTTPS/TLS).

•Access Control: Implement RBAC in Kubernetes to restrict access based on roles.

•Vulnerability Remediation: Integrate vulnerability detection tools for identifying and remediating vulnerabilities as part of CI/CD pipelines.

•Secure Communication: Ensure all microservices communicate via HTTPS/TLS.

•Redundancy: Set up database replication and Kubernetes failover mechanisms.

•Monitoring: Use centralized logging (ELK Stack, Prometheus/Grafana).

•Development: Integrate security into agile development including secure coding, use plugins like sonarlint for Realtime code analysis.