Fixing the linter to take into account subfolders as well

.github/workflows/md-lint.yaml

@@ -14,4 +14,4 @@ jobs:
       continue-on-error: true
       with:
         globs: |
-          src/*.md
+          src/**/*.md

.markdownlint.json

@@ -0,0 +1,16 @@
+{
+  "default": true,
+  "MD013": {
+    "line_length": 120,
+    "code_blocks": false,
+    "tables": false
+  },
+  "MD024": {
+    "siblings_only": true
+  },
+  "MD025": false,
+  "MD033": {
+    "allowed_elements": ["details", "summary", "br", "img", "sup", "sub", "kbd"]
+  },
+  "MD041": false
+}

justfile

@@ -17,4 +17,4 @@ lint:
     @echo "Spell check complete!"
     @echo ""
     @echo "Running markdownlint..."
-    markdownlint-cli2 ./src/*.md
+    markdownlint-cli2 ./src/**/*.md

src/awareness/README.md

@@ -37,4 +37,4 @@ The modern digital landscape is filled with sophisticated attacks, including web
 2. [Understanding Threat Vectors](./understanding-threat-vectors.md) - Comprehensive overview of attack methods, indicators, and preventive measures
 3. [Cultivating a Security-Aware Mindset](./cultivating-a-security-aware-mindset.md) - Behavioral practices and organizational strategies for building a security culture
 4. [Staying Informed & Continuous Learning](./staying-informed-and-continuous-learning.md) - Training frameworks, educational approaches, and information sources
-5. [Resources & Further Reading](./resources-and-further-reading.md) - External tools, references, and resources for ongoing security education
+5. [Resources & Further Reading](./resources-and-further-reading.md) - External tools, references, and resources for ongoing security education

src/awareness/cultivating-a-security-aware-mindset.md

@@ -14,7 +14,7 @@
 
 # 3. Cultivating a Security-Aware Mindset
 
 > 🔑 **Key Takeaway**: Developing a security-aware mindset is about building habits that prioritize caution and verification. By questioning unusual requests, pausing before acting, and leveraging peer support, you transform security from a set of rules into an intuitive approach to daily interactions.
 
 ## 3.1. Behavioral Best Practices
 
@@ -24,17 +24,17 @@
 Always verify any request for sensitive information or financial transactions through a separate communication channel.
 
 - **Pause Before Reacting:**
 Take a moment to think before clicking a link or downloading an attachment. **Example:** If you get an unexpected file from a colleague, call them directly to confirm they sent it.
 
 - **Peer Verification:**
 Leverage your team by asking a colleague's opinion if something seems off.
 
 > **Scenario Example**
 A community manager receives a direct message on Discord that looks like it comes from a well-known project partner, asking for private credentials. Instead of immediately responding, they cross-check the message in a team meeting or via a known contact method.
 
 ## 3.2 Awareness in Community Settings
 
-### Unique Challenges on Social Platforms:
+### Unique Challenges on Social Platforms
 
 - **Platform-Specific Red Flags:**
 Each community platform—Discord, Twitter, Telegram—has its own quirks.
@@ -144,4 +144,4 @@
 **Example:** Acknowledge and thank team members who report potential issues, even if they turn out to be false alarms.
 
 > **Scenario Example**
-A team member notices unusual login attempts to their account. Instead of ignoring it or feeling embarrassed, they immediately report it to the security team, who can then investigate whether this is part of a larger attack pattern affecting other users.
+A team member notices unusual login attempts to their account. Instead of ignoring it or feeling embarrassed, they immediately report it to the security team, who can then investigate whether this is part of a larger attack pattern affecting other users.

src/awareness/resources-and-further-reading.md

@@ -32,7 +32,7 @@ Read detailed incident reports and analysis (available from sources like Verizon
 
 **Example Resources:**
 
-- Personal security checklist: [Digital Defense](https://digital-defense.io) (we are currently developing a version of this based on frameworks, will be available at https://check.frameworks.securityalliance.dev).
+- Personal security checklist: [Digital Defense](https://digital-defense.io) (we are currently developing a version of this based on frameworks, will be available at <https://check.frameworks.securityalliance.dev>).
 - Interactive phishing simulation: [Phishing Dojo](https://phishing.therektgames.com).
 - [SEAL's blog](https://securityalliance.org/news) on frameworks.
 

src/awareness/understanding-threat-vectors.md

@@ -147,4 +147,4 @@ Never sign a transaction unless you are completely sure exactly what you are sig
 
 - **Hardware Wallets for Critical Assets:**
 Use hardware wallets for storing significant cryptocurrency holdings.
-**Scenario Example:** Keeping your long-term investments on a hardware wallet while only maintaining small amounts in hot wallets for daily transactions.
+**Scenario Example:** Keeping your long-term investments on a hardware wallet while only maintaining small amounts in hot wallets for daily transactions.

src/community-management/telegram.md

@@ -153,7 +153,7 @@ If you manage Telegram groups or channels, properly configuring admin permission
 
 ### Passcode Lock
 
-- **Settings > Privacy and Security > Passcode Lock:** This feature adds a passcode to access your Telegram app after a period of inactivity. The default setting is "away for 1 hour." 
+- **Settings > Privacy and Security > Passcode Lock:** This feature adds a passcode to access your Telegram app after a period of inactivity. The default setting is "away for 1 hour."
   - **Recommendations:**
     - **Store Passcode Securely:** Do not lose this passcode—store it offline if needed.
     - **Unique Passcode:** Ensure it is different from your phone's unlock passcode.
@@ -170,8 +170,8 @@ If you manage Telegram groups or channels, properly configuring admin permission
 - **Security Measures:**
   - **SMS Codes:** Telegram sends a code via SMS, which is not secure.
   - **Email Recovery:** Offers email recovery, which is more secure but lacks options for authenticator apps or hardware keys.
-- **Important:** 
-  - **Backup Password:** If you lose this password, access to your account may be compromised. 
+- **Important:**
+  - **Backup Password:** If you lose this password, access to your account may be compromised.
   - **Secure Storage:** Write it down offline and ensure it is not lost.
 
 #### Additional Privacy Settings

src/config/template.md

@@ -16,8 +16,7 @@ contributors:
 
 # {{ Title of this Page }}
 
-
-Key Takeaway prompt: Without removing or modifying anything in the document, just after the heading, describe in a succint way (no more than 40 words), all the key points or tl;dr so that anyone can get a good grasp of the contents just by reading it. Don't add unnecessary sentences that sound like conclusions, like "By ensuring this..." "Doing all these...", "Having these security practinces...". Use the following format > 🔑 **Key Takeaway**: 
+Key Takeaway prompt: Without removing or modifying anything in the document, just after the heading, describe in a succint way (no more than 40 words), all the key points or tl;dr so that anyone can get a good grasp of the contents just by reading it. Don't add unnecessary sentences that sound like conclusions, like "By ensuring this..." "Doing all these...", "Having these security practinces...". Use the following format > 🔑 **Key Takeaway**:
 
 [Context / Problem statement. In this first part, we introduce the topic, in no more than a few paragraphs. For example for Threat Modeling inside Operational Security Framework: "Effective security requires understanding **what you're protecting and who you're protecting it from**. Without a structured threat model, security efforts become unfocused and inefficient. Different entities face different threats based on their assets, visibility, and technological footprint." It can be this short, or it can have more context]
 

src/config/using-contributors.md

@@ -7,6 +7,7 @@ This page demonstrates how to use the centralized contributors database. Instead
 ### Basic Contributors List
 
 In your markdown frontmatter, simply list the contributor IDs:
+
 ```markdown
 ---
 title: Your Page Title
@@ -20,6 +21,7 @@ contributors:
 ### Role-Based Contributors
 
 You can also specify contributors with their roles, which will display them in organized sections:
+
 ```markdown
 ---
 title: Your Page Title

src/contribute/contributing.md

@@ -87,8 +87,6 @@ contributors:
 ---
 ```
 
-
-
 ### Structure and collaboration
 
 The book is supposed to cover all important parts of security for web3 projects.

src/contribute/contributors.md

@@ -1,3 +1,3 @@
 # Contributors
 
-Leave this empty. This page will be filled in by the plugin.
+Leave this empty. This page will be filled in by the plugin.

src/contribute/stewards.md

@@ -1,9 +1,11 @@
 # Stewards
 
 ## What is a Framework Steward?
+
 A framework steward is the champion and caretaker for an individual security framework (most frameworks [here](https://frameworks.securityalliance.org) are currently available for adoption). This role goes beyond casual contribution. It's about taking ownership and helping guide the framework's development through community engagement.
 
 ## The Steward's Role
+
 A framework steward is a project management role, responsible for:
 
 - **Rallying collaborators**: Recruit contributors who share your passion for specific security challenges
@@ -17,23 +19,27 @@ The core SEAL team will support you throughout this journey, helping you focus o
 ## Why Become a Steward?
 
 ### Recognition and Growth
+
 - **Earn achievement badges**: Receive public recognition with roles like Security Framework Ambassador or DAO Safeguards Steward
 - **Build your reputation**: Establish yourself as a thought leader in Web3 security
 - **Develop new skills**: Gain experience in open-source governance, technical writing, and community building
 
 ### Tangible Benefits
+
 - **Access exclusive events**: Receive tickets to security conferences and invite-only Security Alliance gatherings
 - **Showcase your expertise**: Get featured through SEAL's official channels, including our [blog](https://www.securityalliance.org/news) and [social media](https://twitter.com/_SEAL_Org)
 - **Connect with peers**: Build relationships with other security professionals who share your interests
 
 ### Lasting Impact
+
 - **Shape industry standards**: Help develop frameworks that could become foundational to Web3 security
 - **Prevent security incidents**: Your work will directly contribute to a safer ecosystem
 - **Leave a legacy**: Carve your name into the DNA of Web3 security practices for years to come
 
 ## Stewardship in Action: What It Looks Like
 
 ### Time Commitment
+
 Being a steward doesn't mean giving up your day job. We're looking for contributors who can dedicate approximately 3 hours per week to their framework. This might include:
 
 - Reviewing [pull requests](https://github.com/security-alliance/frameworks/pulls) and GitHub issues
@@ -42,6 +48,7 @@ Being a steward doesn't mean giving up your day job. We're looking for contribut
 - Engaging with the community on [Discord](https://discord.gg/securityalliance)
 
 ### Support Structure
+
 You won't be working alone. You will have:
 
 - Access to a dedicated channel on our [Discord server](https://discord.gg/securityalliance)
@@ -50,6 +57,7 @@ You won't be working alone. You will have:
 - Access to technical advisors when needed
 
 ## How to Apply
+
 Ready to become a framework steward? Here's how to get started:
 
 1. Review the proposed frameworks at [frameworks.securityalliance.org](https://frameworks.securityalliance.org) and identify which one aligns with your expertise and interests.
@@ -58,10 +66,11 @@ Ready to become a framework steward? Here's how to get started:
 We're looking for diverse perspectives and experiences, and you don't need to have decades of experience. Passion, dedication, and a willingness to learn are just as important.
 
 ## Join Us in Building a Safer Web3
+
 The "Adopt a Framework" campaign isn't just about improving documentation. You'll be part of a movement where security becomes a shared responsibility across the Web3 ecosystem.
 
 By becoming a steward, you're taking an active role in preventing the next major hack, protecting user funds, and ensuring that innovation can continue without compromising safety.
 
 We're just getting started, and we need your expertise.
 
-Have questions about the stewardship program or ideas for improving it? You can use the [potential stewards Telegram channel](https://t.me/+Yd9OpSt1UvcyMjU5) for that too! 🙂
+Have questions about the stewardship program or ideas for improving it? You can use the [potential stewards Telegram channel](https://t.me/+Yd9OpSt1UvcyMjU5) for that too! 🙂

src/devsecops/README.md

@@ -8,12 +8,12 @@ tags:
 
 # DevSecOps
 
-
 Traditionally, rapid development and deployment is often prioritized at the expense of security considerations. This is generally speaking no different in web3, but it is important to take integrity, confidentiality, and availability into consideration too. To effectively address this without compromising on rapid development and deployment, it is essential to integrate security into the process, which is where devsecops comes into play. By implementing devsecops, projects can not only deploy faster, but also be more secure.
 
 When operating in a devsecops mindset, projects prioritizes automation and collaboration between the development, operations and security teams.
 
 Some of the key areas to consider are:
+
 1. Integrate security measures early in the development process, such as by utilizing security tools such as fuzzing, static and dynamic analysis tools in your CI/CD process, to identify and mitigate vulnerabilities before they turn into critical issues.
 2. Implement automated security testing and monitoring.
-3. Development, Operations and Security teams should be aligned and work closely together.
+3. Development, Operations and Security teams should be aligned and work closely together.

src/devsecops/code-signing.md

@@ -7,11 +7,10 @@ tags:
 
 # Code Signing
 
-
 Code signing ensures that the code has not been tampered with, and verifies the identity of the developer. Here are some best practices that could be followed:
 
 1. Ensure all Pull Requests (PRs) are signed with the user’s GPG key.
 2. Every PR must be reviewed by another core team member before being merged into the stable/main/master branch, with github settings set to reflect this.
 3. Require Multi-Factor Authentication (MFA) for all users where applicable and available. Encourage the use of hardware MFA such as Yubikeys.
 4. Rotate GPG keys regularly to mitigate the risk of key compromise.
-5. Maintain clear documentation on the code signing procedures for your team members.
+5. Maintain clear documentation on the code signing procedures for your team members.

src/devsecops/continuous-integration-continuous-deployment.md

@@ -8,12 +8,11 @@ tags:
 
 # Continuous Integration and Continuous Deployment (CI/CD)
 
-
 Continuous Integration and Continuous Deployment are there to ensure good code quality and create rapid and secure deployments. Some best practices are:
 
 1. Ensure every PR undergoes CI testing (e.g., GitHub Actions) that must pass before merging. CI tests should at least include unit tests, integration tests, and checks for known vulnerabilities in dependencies.
 2. The CI/CD pipeline should check for misconfigurations and leaked credentials.
 3. Produce deterministic builds with a strict set of dependencies and/or a build container that can reliably produce the same results on different machines.
 4. Integrate security scanning tools to detect vulnerabilities in code and dependencies during the CI process.
 5. Use isolated environments for building and testing to prevent contamination between different stages of the pipeline.
-6. Implement strict access controls for CI/CD pipelines to limit who can modify the pipeline configurations.
+6. Implement strict access controls for CI/CD pipelines to limit who can modify the pipeline configurations.

src/devsecops/integrated-development-environments.md

@@ -7,11 +7,10 @@ tags:
 
 # Integrated Development Environments (IDEs)
 
-
 Integrated Development Environments (IDEs) are essential tools for developers, but they also need to be secured. Consider implementing the following best practices:
 
 1. Ensure IDEs are configured securely, with plugins and extensions only installed from trusted sources. Some IDEs have features that allow for automated execution of files in folders. Use restricted mode if you don't fully trust a project.
 2. Keep IDEs and their plugins/extensions up-to-date to protect against vulnerabilities.
 3. Integrate static code analysis tools within the IDE to catch security issues early in the development process.
 4. Configure IDEs to follow the principle of least privilege, limiting access to sensitive information and systems.
-5. Ensure that potential development environments are isolated from production environments.
+5. Ensure that potential development environments are isolated from production environments.

src/devsecops/repository-hardening.md

@@ -7,14 +7,12 @@ tags:
 
 # Repository Hardening
 
-
 If a threat actor obtains access to your repository, it could have very severe consequences. In order to help avoid this, you could consider implementing the following best practices:
 
-
 1. Require Multi-Factor Authentication (MFA) for all repository members.
 2. Enable protected branches to prevent unauthorized changes to critical branches. [Learn more about protected branches](https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches).
 3. Follow the [Security hardening for GitHub Actions](https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions) to avoid token stealing and other vulnerabilities.
 4. Implement strict access controls to limit who can push to critical branches and repositories.
 5. Conduct regular security audits of the repository to identify and mitigate potential vulnerabilities.
 6. Require all commits to be signed to verify the identity of contributors and ensure the integrity of the code.
-7. Regularly update dependencies and use tools to check for and manage vulnerabilities in dependencies.
+7. Regularly update dependencies and use tools to check for and manage vulnerabilities in dependencies.

src/devsecops/security-testing.md

@@ -8,7 +8,6 @@ tags:
 
 # Security Testing
 
-
 Security testing is a crucial part of the DevSecOps process, as it helps identify vulnerabilities early on so that they can be taken care of before they become an issue in production.
 
 1. Integrate SAST tools into the CI/CD pipeline to analyze source code for vulnerabilities.

src/encryption/README.md

@@ -8,7 +8,6 @@ tags:
 
 # Encryption
 
-
 Encryption is a fundamental aspect of securing data, ensuring that sensitive information remains confidential and protected from unauthorized access. This section covers various types of encryption and best practices for implementing them effectively.
 
 ## Contents
@@ -20,4 +19,4 @@ Encryption is a fundamental aspect of securing data, ensuring that sensitive inf
 5. [Email Encryption](./email-encryption.md)
 6. [File Encryption](./file-encryption.md)
 7. [Full Disk Encryption](./full-disk-encryption.md)
-8. [Hardware Encryption](./hardware-encryption.md)
+8. [Hardware Encryption](./hardware-encryption.md)

src/encryption/cloud-data-encryption.md

@@ -8,7 +8,6 @@ tags:
 
 # Cloud Data Encryption
 
-
 You should consider using the best practices below, in order to ensure that data stored in the cloud
 is protected from unauthorized access:
 
@@ -59,4 +58,4 @@ is protected from unauthorized access:
     - Ensure that all encryption-related software is kept up-to-date with the latest security patches.
     - Monitor for vulnerabilities in encryption libraries and apply patches promptly.
 
-By following these best practices and utilizing the recommended tools, you can significantly enhance the security of your data stored in the cloud.
+By following these best practices and utilizing the recommended tools, you can significantly enhance the security of your data stored in the cloud.

src/encryption/communication-encryption.md

@@ -6,7 +6,6 @@ tags:
 
 # Secure Messaging Systems
 
-
 Using secure messaging systems is crucial for protecting the privacy and integrity of your communications. Here are some popular messaging systems that offer end-to-end encryption and those that do not by default.
 
 ## End-to-End Encrypted Messaging Systems
@@ -31,7 +30,6 @@ Using secure messaging systems is crucial for protecting the privacy and integri
    - Open source with a strong focus on privacy.
    - [Wire](https://wire.com/)
 
-
 ## Messaging Systems Without Default End-to-End Encryption
 
 These messaging systems supposedly provides encryption for data in transit and at rest, but not end-to-end encryption for messages.
@@ -56,4 +54,4 @@ These messaging systems supposedly provides encryption for data in transit and a
    - Does not offer end-to-end encryption for messages.
    - [Microsoft Teams](https://www.microsoft.com/en/microsoft-teams/group-chat-software)
 
-For secure communication, it is recommended to use messaging systems that offer end-to-end encryption by default.
+For secure communication, it is recommended to use messaging systems that offer end-to-end encryption by default.