docs refining security scope

2026-05-15 23:02:05 -06:00
parent 2d246bd95c
commit 43d6ad6d6c
2 changed files with 213 additions and 0 deletions
@@ -113,6 +113,12 @@ If you do not use Infisical, create the `amp-security-pipeline-secrets` secret y
 helm upgrade --install agentguard-ci ./helm -n argo
 ```

+## Scope and boundaries
+
+This repository is intentionally focused on **source, IaC, and dependency scanning** before deployment.
+
+It does **not** try to be the full build-signing, deploy-admission, or runtime-security stack. For the explicit boundary, missing controls, and recommended sibling pipeline responsibilities, read [`docs/security-scope.md`](docs/security-scope.md).
+
 ## DefectDojo integration

 DefectDojo is not installed by this repository.