-
Notifications
You must be signed in to change notification settings - Fork 2
/
schema.cue
118 lines (104 loc) · 2.66 KB
/
schema.cue
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
namespace: [X=string]: {
name: X
description?: !=""
metadata?: {
labels?: [...string]
}
}
application: [X=string]: {
name: X
description: !=""
app_type: "webapp" | "api" | "mobileapp"
hosting: "cloud" | "on_prem" | "saas" | "hybrid"
compute: "vm" | "container" | "faas"
technologies: [...string]
namespace: string
metadata?: {
labels?: [...string]
}
}
datastore: [X=string]: {
name: X
type: "database" | "file_store" | "object_store" | "queue"
hosting: "cloud" | "on_prem" | "baas" | "hybrid"
application: string
metadata?: {
labels?: [...string]
}
}
//
component: [X=string]: {
name: X
component_type: "external_api" | "middleware" | "executable" | "internal_app"
nature: "communication" | "data_processing" | "access_control"
description?: !=""
in_trust_boundary: bool | false
primary_security_trait: "authentication" | "authorization" | "availability" | "integrity" | "auditability"
connected_to?: [...string]
depends_on?: [...string]
application: string
}
user_story: [X=string]: {
name: X
description: !=""
stride: {
spoofing?: bool | false
tampering?: bool | false
repudiation?: bool | false
information_disclosure?: bool | false
denial_of_service?: bool | false
elevation_of_privs?: bool | false
}
primary_security_trait: "authentication" | "authorization" | "availability" | "integrity" | "auditability"
component?: [...string]
depends_on?: [...string]
epic?: string
application: string
metadata?: {
labels?: [...string]
}
}
abuser_story: [X=string]: {
name: X
description: !=""
user_stories: [...string]
metadata?: {
labels?: [...string]
}
}
threat_scenario: [X=string]: {
name: X
description: !=""
user_stories?: [...string]
abuser_stories?: [...string]
cwe: int
metadata?: {
actor?: string
observation?: string
labels?: string
}
impact: "critical" | "high" | "medium" | "low" | "negligible"
}
security_test_case: [X=string]: {
name: X
description: !=""
type: "automated_vul_scan" | "manual" | "sast" | "sca_sbom"
objective?: != ""
metadata?: {
labels?: [...string]
}
source: "manual" | "capec" | "other"
threat_scenarios: [...string]
}
mitigation: [X=string]: {
name: X
description: !=""
orientation: "preventive" | "detective" | "corrective"
source: "manual" | "cis" | "asvs" | "other"
metadata?: {
labels?: [...string]
id?: string
}
threat_scenario?: [...string]
user_stories?: [...string]
}