Goal
Independently verify one existing CWE mapping to either SOC 2 or ISO/IEC 27001 and move it from maintainer-policy-reviewed to community-verified.
This is evidence work, not a request to claim certification or compliance.
Acceptance criteria
- Choose one mapping currently documented in
docs/COMPLIANCE-RATIONALE.md.
- Cite an authoritative control source that contributors can legally reference.
- Explain the relationship between the finding and the control objective, including any limitation or indirectness.
- Preserve the standing disclaimer: CodeInspectus provides code-visible evidence only and does not establish organizational compliance.
- Update the mapping state and aggregate verification count consistently.
- Use the compliance-mapping PR template.
- Do not change detection behavior in this contribution.
Goal
Independently verify one existing CWE mapping to either SOC 2 or ISO/IEC 27001 and move it from
maintainer-policy-reviewedtocommunity-verified.This is evidence work, not a request to claim certification or compliance.
Acceptance criteria
docs/COMPLIANCE-RATIONALE.md.