[Extension]: Update Security Review

[DyanGalih]

Extension ID

security-review

Extension Name

Security Review

Version

1.5.3

Description

Full-project secure-by-design security audits plus staged, branch/PR, plan, task, follow-up, and apply reviews.

Author

Spec-Kit Security Team

Repository URL

https://github.com/DyanGalih/spec-kit-security-review

Download URL

https://github.com/DyanGalih/spec-kit-security-review/archive/refs/tags/v1.5.3.zip

License

MIT

Homepage

https://github.com/DyanGalih/spec-kit-security-review

Documentation URL

https://github.com/DyanGalih/spec-kit-security-review/blob/main/README.md

Changelog URL

https://github.com/DyanGalih/spec-kit-security-review/blob/main/CHANGELOG.md

Required Spec Kit Version

=0.1.0

Required Tools

• specify CLI

Number of Commands

9

Number of Hooks

3

Tags

security, devsecops, audit, owasp, compliance

Key Features

• Full-project security audit command
• Staged, branch, plan, tasks, follow-up, apply, and export review commands
• Optional hooks after plan, tasks, and implement phases
• Structured findings with OWASP and remediation guidance
• Durable security governance workflow for Spec Kit projects

Testing Checklist

• Extension installs successfully via download URL
• All commands execute without errors
• Documentation is complete and accurate
• No security vulnerabilities identified
• Tested on at least one real project

Testing Details

I created an isolated temporary Spec Kit project with specify init --here --ai codex --no-git --force, then installed the extension from the tagged archive URL above. The install completed successfully and specify reported the provided command set. I did not run an exhaustive command-by-command execution pass in this session.

Submission Requirements

• Valid extension.yml manifest included
• README.md with installation and usage instructions
• LICENSE file included
• GitHub release created with version tag
• All command files exist and are properly formatted
• Extension ID follows naming conventions (lowercase-with-hyphens)

Example Usage

specify extension add --from https://github.com/DyanGalih/spec-kit-security-review/archive/refs/tags/v1.5.3.zip
/speckit.security-review.audit

Proposed Catalog Entry

{
"security-review": {
"name": "Security Review",
"id": "security-review",
"description": "Full-project secure-by-design security audits plus staged, branch/PR, plan, task, follow-up, and apply reviews",
"author": "Spec-Kit Security Team",
"version": "1.5.3",
"download_url": "https://github.com/DyanGalih/spec-kit-security-review/archive/refs/tags/v1.5.3.zip",
"repository": "https://github.com/DyanGalih/spec-kit-security-review",
"homepage": "https://github.com/DyanGalih/spec-kit-security-review",
"license": "MIT",
"requires": {
"speckit_version": ">=0.1.0"
},
"provides": {
"commands": 9
},
"tags": ["security", "devsecops", "audit", "owasp", "compliance"],
"verified": false,
"downloads": 0,
"stars": 0,
"created_at": "2026-06-05T00:00:00Z",
"updated_at": "2026-06-05T00:00:00Z"
}
}