When to use this
Use this checklist when code, scripts, infrastructure-as-code, tests, or configuration snippets are generated by AI or other automated code-generation tools.
Related controls
Checklist
- Generated code has a human owner.
- Code is reviewed against the applicable secure coding standard.
- Secrets and credentials are checked.
- Dependency choices are reviewed.
- Input/output handling is reviewed.
- Authentication and authorization assumptions are reviewed.
- Tests are written or updated.
- Licence/IP risk is considered where relevant.
- Findings are tracked to closure.
Review record
| Component | Generator/tool | Human reviewer | Risk areas checked | Findings | Accepted? |
|---|---|---|---|---|---|
| TBD | TBD | TBD | TBD | TBD | Yes/No |
- Template
- Iso27001
- Technological controls
- Secure coding
- Ai
Note Metadata
Aliases: Generated Code Security Review
Source: 90 Templates/AI-Generated Code Security Review Checklist.md
Related Notes
- A.8.28 Audit Evidence Pack
- ISO 27001 A.8.28 - Secure Coding
- A.8 Technological Controls MOC
- A.8 Technological Controls Implementation Guide
- A.8 Technological Controls Audit Guide
- A.8 Technological Controls Implementation Audit Risk Mapping
- A.8.28 Audit Checklist
- Secure Code Review Record
- Secure Coding Standard
- Templates MOC