| dependency-advisory-check | security | fail | blocker | SOC2-CC7.1, ISO-27001-A.12.6.1, NIST-SA-11 | The diff pins `pyyaml==5.1` which is vulnerable to CVE-2020-14343 (critical) and `requests==2.20.0` which is vulnerable to CVE-2018-18074 (high). |
| error-budget-impact-declared | operational | fail | warning | SOC2-CC4.1 | The MR description states the change is for 'compatibility with the legacy reporting service' but does not declare the expected error-budget impact for this service. |
| contract-has-spec-link | contract_spec | pass | warning | CDPD-§3, ISO-27001-A.14.2.1 | MR description includes 'Closes #189' linking to a spec issue. |
| no-commented-out-code | quality | pass | info | SOC2-CC8.1 | No commented-out code blocks were added in the diff. |
| no-secrets-in-diff | security | pass | blocker | SOC2-CC6.1, ISO-27001-A.9.4.3, OWASP-ASVS-V2 | No secret patterns were detected in the diff. |
| no-skipped-tests-introduced | quality | pass | error | SOC2-CC8.1 | No test files were modified or added in the diff. |
| acceptance-criteria-testable | contract_spec | skip | warning | CDPD-§5, SOC2-CC8.1 | This MR modifies dependency versions, not application logic with acceptance criteria. |
| auth-on-new-public-endpoints | security | skip | blocker | SOC2-CC6.1, OWASP-ASVS-V1 | This MR modifies dependency versions and does not introduce new public endpoints. |
| changed-method-coverage | quality | skip | error | SOC2-CC8.1, ISO-27001-A.14.2.8 | The diff modifies a dependency file (requirements.txt), not source code methods. |
| integration-boundaries-explicit | contract_spec | skip | warning | CDPD-§6, ISO-27001-A.14.2.5 | This MR modifies dependency versions and does not introduce or alter integration boundaries. |
| kill-switch-path | contract_spec | skip | warning | CDPD-§9, SOC2-CC7.5 | This MR pins dependency versions and does not introduce new user-facing behavior requiring a feature flag. |
| mutation-resilience-critical-paths | quality | skip | warning | SOC2-CC8.1 | The diff modifies a dependency file (requirements.txt), which is not subject to mutation testing for critical paths. |
| observability-on-new-endpoints | operational | skip | warning | SOC2-CC7.2, ISO-27001-A.12.4.1 | This MR modifies dependency versions and does not introduce new HTTP/gRPC endpoints. |
| rollback-documented-for-migrations | operational | skip | error | SOC2-CC7.5, ISO-27001-A.14.2.2 | This MR modifies dependency versions and does not include database migration files. |
| spec-implementation-match | contract_spec | skip | error | CDPD-§7 | This MR modifies dependency versions, not application logic that would be compared against a detailed spec. |