adrs
Architecture Decision Records
The decisions behind the projects, written down before they’re defended out loud: context, options considered, what was chosen, and why.
ADR-001: Security Command Center over Third-Party CSPM
Why Security Command Center was chosen over a third-party CSPM such as Prisma Cloud or Wiz.
ADR-002: Event-Driven Ingestion over Polling
Why the pipeline uses SCC Pub/Sub event triggers instead of polling the findings API.
ADR-003: Cloud Functions Gen 2 over Cloud Run over GKE
Why Cloud Functions Gen 2 was chosen over Cloud Run or GKE for the processor.
ADR-004: Severity Classification and Response Matrix
Severity-driven response matrix and why OVER_PRIVILEGED_SA is alert-only.
ADR-005: BigQuery + Firestore over a Single Database
Why operational state lives in Firestore while analytics live in BigQuery.
ADR-006: Brevo Free Tier over PagerDuty / SNS / Slack
Why Brevo free tier was chosen for alerting, with graceful degradation.
ADR-007: Threat Model and Trust Boundaries
Trust boundaries, least-privilege IAM, and the custom remediation role.
ADR-008: Cost Strategy for Continuous Operation Under $20/Month
Cost ceiling of $20/month and the target of under $5/month.