Skip to content
Matter Design
BrandFoundationsTypeSurfacesComponentsPatternsUsage
TestingLayersLayersSecurity — OWASP

Security — OWASP

The core question

Did we introduce a vulnerability or leak?

Philosophy

Security-shaped gates probe the codebase + dependencies + emitted artifacts for known vulnerability classes. Defense-in-depth: catch dependency CVEs, committed secrets, and web vulnerabilities (OWASP top 10).

How Matter uses it

Every PR runs bun audit against the dependency graph + scans tracked files for Matter-specific key prefixes (sk_live_, sk_test_, pk_*, tok_*) + canonical credentials (AWS, GitHub, Anthropic, OpenAI, private keys).

Common modes

static, synthetic (for ZAP-shaped probes on preview deployments).

Production gates today

dependency-audit, secret-scan. Future: OWASP ZAP against preview deployments; per-route auth gate.

Industry inspiration

Inspired by OWASP top 10 + GitHub Advanced Security's secret scanning + Stripe's defense-in-depth posture on credentials.

See also

Edit on GitHub

Anthropic — Eval

Does the AI still produce the expected behavior?

Gates catalog

Every registered gate, auto-listed from a build-time scan of *.gate.ts files across the monorepo.

On this page

The core questionPhilosophyHow Matter uses itCommon modesProduction gates todayIndustry inspirationSee also