Security is not optional; it’s a baseline. Every plugin in the Lerian ecosystem must be designed with security, compliance, and regulatory obligations in mind. These requirements protect end-users, maintain trust, and ensure interoperability across environments. This section covers mandatory standards for secure development, audits, data protection, and regulatory alignment.Documentation Index
Fetch the complete documentation index at: https://docs.lerian.studio/llms.txt
Use this file to discover all available pages before exploring further.
Plugins that fail to meet these security and compliance standards will not be approved for publication in the Lerian Marketplace.
Security by design
All plugins must comply with:
- OWASP ASVS Level 3
- CIS Benchmarks for container, K8s, and OS hardening
- Integration with secret managers like Vault or AWS Secrets Manager
Pentests and security audits
A pentest is mandatory before publication and must be repeated at least every 6–12 months or whenever major changes are introduced.
Data protection and LGPD
All plugins must fully comply with the LGPD and equivalent data protection laws.
- Personal data must be encrypted at rest and in transit.
- No exceptions are allowed.
Regulatory compliance
Your plugin must follow all applicable regulations, including:
- BACEN circulars
- Other relevant governing bodies