Thanks for helping improve GRITS.
- Control catalog extensions: new controls for emerging agent architectures, with normative expectations
- Compliance crosswalk extensions: DORA, SOC 2, HIPAA, EU AI Act, FedRAMP mappings
- Lifecycle model extensions: multi-agent systems, hierarchical agent fleets, inter-agent trust
- Domain-specific profile templates: sector overlays beyond the base agent and LLM app templates
- Security findings from real deployments that reveal gaps in the current control catalog
For contributions to scoring, checklists, hardening scripts, or apply guides, see grits-agent-scanner.
- Fork the repo
- Create a branch for your change
- Describe the problem your change solves
- State which audience benefits (operators, builders, governance teams)
- Include concrete examples when possible
- Submit a pull request
- Practical over theoretical
- Specific over vague
- Deny-by-default over permissive
- Evidence over assertions
- Ship now, improve later
- Turning GRITS into a product spec
- Adding vendor-specific lock-in
- Adding philosophy without operational consequence
- Overfitting to one runtime as if it were universal