Security Onboarding Checklist — Lantern

Use this checklist to onboard developers and vendors securely.

• [ ] 2FA/MFA enabled on GitHub and admin consoles
• [ ] Access granted via least-privilege roles; request through an access ticket
• [ ] Developer has completed security training / read the security docs
• [ ] Secrets: no local secrets or service account keys stored in repo
• [ ] Developer set up with PR process that includes SAST/SCA checks
• [ ] Developer invited to incident Slack channel and informed of on-call rotation

---

Add this checklist to the onboarding flow and require sign-off by a security reviewer for new contributors to production infrastructure.