diff --git a/Dockerfile b/Dockerfile index 2f715d0..d1f992a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -6,6 +6,7 @@ WORKDIR /app RUN mkdir /app/yaml-templates && chown 1000:1000 /app/yaml-templates +COPY --chown=1000:1000 requirements.txt /app/ COPY --chown=1000:1000 build_data_assets.py /app/ COPY --chown=1000:1000 build_tech_assets.py /app/ COPY --chown=1000:1000 dfe_threagile.py /app/ @@ -22,6 +23,6 @@ RUN python3 -m ensurepip RUN pip3 install --no-cache --upgrade pip setuptools -RUN pip3 install jinja2 +RUN pip3 install -r requirements.txt USER 1000:1000 diff --git a/dfe_threagile.py b/dfe_threagile.py index ffdde78..96ee57e 100644 --- a/dfe_threagile.py +++ b/dfe_threagile.py @@ -2,6 +2,7 @@ import argparse import os import sys +import yaml from jinja2 import Template @@ -122,6 +123,52 @@ def produce_assets() -> list: return yaml_list, all_tech_tags +def data_assets_ssphp_yaml(file: str) -> list: + dicts = [] + with open(file, "r") as yaml_file: + file_contents = yaml_file.read() + data_assets_yaml = yaml.load(file_contents, Loader=yaml.Loader) + + if "teacher_pii" in data_assets_yaml["data_types"]: + if data_assets_yaml["data_types"]["teacher_pii"]: + print(data_assets_yaml["data_types"]["teacher_pii"]) + dicts.append(dict(name="teacher-pii", present=data_assets_yaml["data_types"]["teacher_pii"])) + + if "student_pii" in data_assets_yaml["data_types"]: + if data_assets_yaml["data_types"]["student_pii"]: + dicts.append(dict(name="student-pii", present=data_assets_yaml["data_types"]["student_pii"])) + + if "client_app_code" in data_assets_yaml["data_types"]: + if data_assets_yaml["data_types"]["client_app_code"]: + dicts.append(dict(name="client-application-code", present=data_assets_yaml["data_types"]["client_app_code"])) + + if "server_app_code" in data_assets_yaml["data_types"]: + if data_assets_yaml["data_types"]["server_app_code"]: + dicts.append(dict(name="server-application-code", present=data_assets_yaml["data_types"]["server_app_code"])) + + if "vulnerable_children_data" in data_assets_yaml["data_types"]: + if data_assets_yaml["data_types"]["vulnerable_children_data"]: + dicts.append(dict(name="vulnerable-children-data", present=data_assets_yaml["data_types"]["vulnerable_children_data"])) + + if "job_information" in data_assets_yaml["data_types"]: + if data_assets_yaml["data_types"]["job_information"]: + dicts.append(dict(name="job-information", present=data_assets_yaml["data_types"]["job_information"])) + + if "school_data" in data_assets_yaml["data_types"]: + if data_assets_yaml["data_types"]["school_data"]: + dicts.append(dict(name="school-data", present=data_assets_yaml["data_types"]["school_data"])) + + if "payment_details" in data_assets_yaml["data_types"]: + if data_assets_yaml["data_types"]["payment_details"]: + dicts.append(dict(name="payment-details", present=data_assets_yaml["data_types"]["payment_details"])) + + if "secrets_and_keys" in data_assets_yaml["data_types"]: + if data_assets_yaml["data_types"]["secrets_and_keys"]: + dicts.append(dict(name="secrets-and-api-keys", present=data_assets_yaml["data_types"]["secrets_and_keys"])) + + return dicts + + def data_assets() -> list: answers = ["y", "n"] dicts = [] @@ -253,7 +300,7 @@ def template_inject( ) -> str: with open("yaml-templates/threagile-example-model-template.yaml") as template_file: template_str = template_file.read() - tech_asset_template = Template(template_str, autoescape=True) + tech_asset_template = Template(template_str, autoescape=autoescape) final_yaml = tech_asset_template.render( yaml_list=yaml_list, data_list=data_list, all_tags=all_tags, risks=risks @@ -327,10 +374,13 @@ def produce_data_assets(chosen_data_asset_dicts: list) -> list: return built_data_assets, all_data_tags -def produce_asset_lists() -> tuple: +def produce_asset_lists(ssphp_yaml=None) -> tuple: yaml_list, all_tech_tags = produce_assets() - chosen_data_assets_dicts = data_assets() + if ssphp_yaml is not None: + chosen_data_assets_dicts = data_assets_ssphp_yaml(ssphp_yaml) + else: + chosen_data_assets_dicts = data_assets() data_list, all_data_tags = produce_data_assets(chosen_data_assets_dicts) @@ -355,7 +405,13 @@ def produce_asset_lists() -> tuple: "--risks-json", nargs="?", default="output/risks.json", - help="The file path for you risks json file.", + help="The file path for your risks json file.", + ) + parser.add_argument( + "--ssphp-yaml", + nargs="?", + default="yaml-templates/ssphp_test.yaml", + help="The file path for the Continuous Assurance yaml file.", ) args = parser.parse_args() @@ -367,10 +423,13 @@ def produce_asset_lists() -> tuple: else: # Writes initial threat model and produces risks.json + if args.ssphp_yaml: + ssphp_yaml = args.ssphp_yaml + yaml_list, data_list, all_tags = produce_asset_lists(ssphp_yaml) + else: + yaml_list, data_list, all_tags = produce_asset_lists() - yaml_list, data_list, all_tags = produce_asset_lists() - - final_yaml = template_inject(yaml_list, data_list, all_tags) + final_yaml = template_inject(yaml_list, data_list, all_tags, autoescape=False) print(final_yaml) diff --git a/output/report.pdf b/output/report.pdf index c3fdea6..b0f484c 100644 Binary files a/output/report.pdf and b/output/report.pdf differ diff --git a/output/risks.json b/output/risks.json index 3f3cd5d..c8e51d8 100644 --- a/output/risks.json +++ b/output/risks.json @@ -1 +1 @@ -[{"category":"unnecessary-data-asset","risk_status":"unchecked","severity":"low","exploitation_likelihood":"unlikely","exploitation_impact":"low","title":"\u003cb\u003eUnnecessary Data Asset\u003c/b\u003e named \u003cb\u003eclient-application-code\u003c/b\u003e","synthetic_id":"unnecessary-data-asset@client-application-code","most_relevant_data_asset":"client-application-code","most_relevant_technical_asset":"","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"","data_breach_probability":"improbable","data_breach_technical_assets":["client-application-code"]},{"category":"unnecessary-data-asset","risk_status":"unchecked","severity":"low","exploitation_likelihood":"unlikely","exploitation_impact":"low","title":"\u003cb\u003eUnnecessary Data Asset\u003c/b\u003e named \u003cb\u003ejob-information\u003c/b\u003e","synthetic_id":"unnecessary-data-asset@job-information","most_relevant_data_asset":"job-information","most_relevant_technical_asset":"","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"","data_breach_probability":"improbable","data_breach_technical_assets":["job-information"]},{"category":"unnecessary-data-asset","risk_status":"unchecked","severity":"low","exploitation_likelihood":"unlikely","exploitation_impact":"low","title":"\u003cb\u003eUnnecessary Data Asset\u003c/b\u003e named \u003cb\u003epayment-details\u003c/b\u003e","synthetic_id":"unnecessary-data-asset@payment-details","most_relevant_data_asset":"payment-details","most_relevant_technical_asset":"","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"","data_breach_probability":"improbable","data_breach_technical_assets":["payment-details"]},{"category":"unnecessary-data-asset","risk_status":"unchecked","severity":"low","exploitation_likelihood":"unlikely","exploitation_impact":"low","title":"\u003cb\u003eUnnecessary Data Asset\u003c/b\u003e named \u003cb\u003eschool-data\u003c/b\u003e","synthetic_id":"unnecessary-data-asset@school-data","most_relevant_data_asset":"school-data","most_relevant_technical_asset":"","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"","data_breach_probability":"improbable","data_breach_technical_assets":["school-data"]},{"category":"unnecessary-data-asset","risk_status":"unchecked","severity":"low","exploitation_likelihood":"unlikely","exploitation_impact":"low","title":"\u003cb\u003eUnnecessary Data Asset\u003c/b\u003e named \u003cb\u003esecrets-and-api-keys\u003c/b\u003e","synthetic_id":"unnecessary-data-asset@secrets-and-api-keys","most_relevant_data_asset":"secrets-and-api-keys","most_relevant_technical_asset":"","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"","data_breach_probability":"improbable","data_breach_technical_assets":["secrets-and-api-keys"]},{"category":"unnecessary-data-asset","risk_status":"unchecked","severity":"low","exploitation_likelihood":"unlikely","exploitation_impact":"low","title":"\u003cb\u003eUnnecessary Data Asset\u003c/b\u003e named \u003cb\u003eserver-application-code\u003c/b\u003e","synthetic_id":"unnecessary-data-asset@server-application-code","most_relevant_data_asset":"server-application-code","most_relevant_technical_asset":"","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"","data_breach_probability":"improbable","data_breach_technical_assets":["server-application-code"]},{"category":"unnecessary-data-asset","risk_status":"unchecked","severity":"low","exploitation_likelihood":"unlikely","exploitation_impact":"low","title":"\u003cb\u003eUnnecessary Data Asset\u003c/b\u003e named \u003cb\u003estudent-pii\u003c/b\u003e","synthetic_id":"unnecessary-data-asset@student-pii","most_relevant_data_asset":"student-pii","most_relevant_technical_asset":"","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"","data_breach_probability":"improbable","data_breach_technical_assets":["student-pii"]},{"category":"unnecessary-data-asset","risk_status":"unchecked","severity":"low","exploitation_likelihood":"unlikely","exploitation_impact":"low","title":"\u003cb\u003eUnnecessary Data Asset\u003c/b\u003e named \u003cb\u003eteacher-pii\u003c/b\u003e","synthetic_id":"unnecessary-data-asset@teacher-pii","most_relevant_data_asset":"teacher-pii","most_relevant_technical_asset":"","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"","data_breach_probability":"improbable","data_breach_technical_assets":["teacher-pii"]},{"category":"unnecessary-data-asset","risk_status":"unchecked","severity":"low","exploitation_likelihood":"unlikely","exploitation_impact":"low","title":"\u003cb\u003eUnnecessary Data Asset\u003c/b\u003e named \u003cb\u003evulnerable-children-data\u003c/b\u003e","synthetic_id":"unnecessary-data-asset@vulnerable-children-data","most_relevant_data_asset":"vulnerable-children-data","most_relevant_technical_asset":"","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"","data_breach_probability":"improbable","data_breach_technical_assets":["vulnerable-children-data"]},{"category":"cross-site-scripting","risk_status":"unchecked","severity":"elevated","exploitation_likelihood":"likely","exploitation_impact":"medium","title":"\u003cb\u003eCross-Site Scripting (XSS)\u003c/b\u003e risk at \u003cb\u003es184d01-comp-complete-app-worker\u003c/b\u003e","synthetic_id":"cross-site-scripting@s184d01-comp-complete-app-worker","most_relevant_data_asset":"","most_relevant_technical_asset":"s184d01-comp-complete-app-worker","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"","data_breach_probability":"possible","data_breach_technical_assets":["s184d01-comp-complete-app-worker"]},{"category":"cross-site-scripting","risk_status":"unchecked","severity":"elevated","exploitation_likelihood":"likely","exploitation_impact":"medium","title":"\u003cb\u003eCross-Site Scripting (XSS)\u003c/b\u003e risk at \u003cb\u003es184d01-comp-complete-app\u003c/b\u003e","synthetic_id":"cross-site-scripting@s184d01-comp-complete-app","most_relevant_data_asset":"","most_relevant_technical_asset":"s184d01-comp-complete-app","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"","data_breach_probability":"possible","data_breach_technical_assets":["s184d01-comp-complete-app"]},{"category":"missing-cloud-hardening","risk_status":"unchecked","severity":"medium","exploitation_likelihood":"unlikely","exploitation_impact":"high","title":"\u003cb\u003eMissing Cloud Hardening (Azure)\u003c/b\u003e risk at \u003cb\u003es184d01-comp-complete-app\u003c/b\u003e: \u003cu\u003eCIS Benchmark for Microsoft Azure\u003c/u\u003e","synthetic_id":"missing-cloud-hardening@s184d01-comp-complete-app","most_relevant_data_asset":"","most_relevant_technical_asset":"s184d01-comp-complete-app","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"","data_breach_probability":"probable","data_breach_technical_assets":["s184d01-comp-complete-app"]},{"category":"missing-hardening","risk_status":"unchecked","severity":"medium","exploitation_likelihood":"likely","exploitation_impact":"low","title":"\u003cb\u003eMissing Hardening\u003c/b\u003e risk at \u003cb\u003es184d01-comp-tfvars\u003c/b\u003e","synthetic_id":"missing-hardening@s184d01-comp-tfvars","most_relevant_data_asset":"","most_relevant_technical_asset":"s184d01-comp-tfvars","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"","data_breach_probability":"improbable","data_breach_technical_assets":["s184d01-comp-tfvars"]},{"category":"missing-hardening","risk_status":"unchecked","severity":"medium","exploitation_likelihood":"likely","exploitation_impact":"low","title":"\u003cb\u003eMissing Hardening\u003c/b\u003e risk at \u003cb\u003essphp-metrics\u003c/b\u003e","synthetic_id":"missing-hardening@ssphp-metrics","most_relevant_data_asset":"","most_relevant_technical_asset":"ssphp-metrics","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"","data_breach_probability":"improbable","data_breach_technical_assets":["ssphp-metrics"]},{"category":"container-baseimage-backdooring","risk_status":"unchecked","severity":"medium","exploitation_likelihood":"unlikely","exploitation_impact":"medium","title":"\u003cb\u003eContainer Base Image Backdooring\u003c/b\u003e risk at \u003cb\u003es184d01-comp-complete-app-worker\u003c/b\u003e","synthetic_id":"container-baseimage-backdooring@s184d01-comp-complete-app-worker","most_relevant_data_asset":"","most_relevant_technical_asset":"s184d01-comp-complete-app-worker","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"","data_breach_probability":"probable","data_breach_technical_assets":["s184d01-comp-complete-app-worker"]},{"category":"container-baseimage-backdooring","risk_status":"unchecked","severity":"medium","exploitation_likelihood":"unlikely","exploitation_impact":"medium","title":"\u003cb\u003eContainer Base Image Backdooring\u003c/b\u003e risk at \u003cb\u003es184d01-comp-complete-app\u003c/b\u003e","synthetic_id":"container-baseimage-backdooring@s184d01-comp-complete-app","most_relevant_data_asset":"","most_relevant_technical_asset":"s184d01-comp-complete-app","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"","data_breach_probability":"probable","data_breach_technical_assets":["s184d01-comp-complete-app"]},{"category":"unencrypted-asset","risk_status":"unchecked","severity":"medium","exploitation_likelihood":"unlikely","exploitation_impact":"medium","title":"\u003cb\u003eUnencrypted Technical Asset\u003c/b\u003e named \u003cb\u003es184d01-comp-complete-app-worker\u003c/b\u003e","synthetic_id":"unencrypted-asset@s184d01-comp-complete-app-worker","most_relevant_data_asset":"","most_relevant_technical_asset":"s184d01-comp-complete-app-worker","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"","data_breach_probability":"improbable","data_breach_technical_assets":["s184d01-comp-complete-app-worker"]},{"category":"unencrypted-asset","risk_status":"unchecked","severity":"medium","exploitation_likelihood":"unlikely","exploitation_impact":"medium","title":"\u003cb\u003eUnencrypted Technical Asset\u003c/b\u003e named \u003cb\u003es184d01-comp-complete-app\u003c/b\u003e","synthetic_id":"unencrypted-asset@s184d01-comp-complete-app","most_relevant_data_asset":"","most_relevant_technical_asset":"s184d01-comp-complete-app","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"","data_breach_probability":"improbable","data_breach_technical_assets":["s184d01-comp-complete-app"]},{"category":"unencrypted-asset","risk_status":"unchecked","severity":"medium","exploitation_likelihood":"unlikely","exploitation_impact":"medium","title":"\u003cb\u003eUnencrypted Technical Asset\u003c/b\u003e named \u003cb\u003es184d01-comp-tfvars\u003c/b\u003e","synthetic_id":"unencrypted-asset@s184d01-comp-tfvars","most_relevant_data_asset":"","most_relevant_technical_asset":"s184d01-comp-tfvars","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"","data_breach_probability":"improbable","data_breach_technical_assets":["s184d01-comp-tfvars"]},{"category":"unencrypted-asset","risk_status":"unchecked","severity":"medium","exploitation_likelihood":"unlikely","exploitation_impact":"medium","title":"\u003cb\u003eUnencrypted Technical Asset\u003c/b\u003e named \u003cb\u003es184d01-compdefault\u003c/b\u003e","synthetic_id":"unencrypted-asset@s184d01-compdefault","most_relevant_data_asset":"","most_relevant_technical_asset":"s184d01-compdefault","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"","data_breach_probability":"improbable","data_breach_technical_assets":["s184d01-compdefault"]},{"category":"unencrypted-asset","risk_status":"unchecked","severity":"medium","exploitation_likelihood":"unlikely","exploitation_impact":"medium","title":"\u003cb\u003eUnencrypted Technical Asset\u003c/b\u003e named \u003cb\u003essphp-metrics-rust-p3sha\u003c/b\u003e","synthetic_id":"unencrypted-asset@ssphp-metrics-rust-p3sha","most_relevant_data_asset":"","most_relevant_technical_asset":"ssphp-metrics-rust-p3sha","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"","data_breach_probability":"improbable","data_breach_technical_assets":["ssphp-metrics-rust-p3sha"]},{"category":"unencrypted-asset","risk_status":"unchecked","severity":"medium","exploitation_likelihood":"unlikely","exploitation_impact":"medium","title":"\u003cb\u003eUnencrypted Technical Asset\u003c/b\u003e named \u003cb\u003essphp-metrics\u003c/b\u003e","synthetic_id":"unencrypted-asset@ssphp-metrics","most_relevant_data_asset":"","most_relevant_technical_asset":"ssphp-metrics","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"","data_breach_probability":"improbable","data_breach_technical_assets":["ssphp-metrics"]},{"category":"unencrypted-asset","risk_status":"unchecked","severity":"medium","exploitation_likelihood":"unlikely","exploitation_impact":"medium","title":"\u003cb\u003eUnencrypted Technical Asset\u003c/b\u003e named \u003cb\u003etfstatel95cd\u003c/b\u003e","synthetic_id":"unencrypted-asset@tfstatel95cd","most_relevant_data_asset":"","most_relevant_technical_asset":"tfstatel95cd","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"","data_breach_probability":"improbable","data_breach_technical_assets":["tfstatel95cd"]},{"category":"unencrypted-asset","risk_status":"unchecked","severity":"medium","exploitation_likelihood":"unlikely","exploitation_impact":"medium","title":"\u003cb\u003eUnencrypted Technical Asset\u003c/b\u003e named \u003cb\u003etfstatep3sha\u003c/b\u003e","synthetic_id":"unencrypted-asset@tfstatep3sha","most_relevant_data_asset":"","most_relevant_technical_asset":"tfstatep3sha","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"","data_breach_probability":"improbable","data_breach_technical_assets":["tfstatep3sha"]},{"category":"missing-network-segmentation","risk_status":"unchecked","severity":"low","exploitation_likelihood":"unlikely","exploitation_impact":"low","title":"\u003cb\u003eMissing Network Segmentation\u003c/b\u003e to further encapsulate and protect \u003cb\u003es184d01-comp-tfvars\u003c/b\u003e against unrelated lower protected assets in the same network segment, which might be easier to compromise by attackers","synthetic_id":"missing-network-segmentation@s184d01-comp-tfvars","most_relevant_data_asset":"","most_relevant_technical_asset":"s184d01-comp-tfvars","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"","data_breach_probability":"improbable","data_breach_technical_assets":["s184d01-comp-tfvars"]},{"category":"missing-network-segmentation","risk_status":"unchecked","severity":"low","exploitation_likelihood":"unlikely","exploitation_impact":"low","title":"\u003cb\u003eMissing Network Segmentation\u003c/b\u003e to further encapsulate and protect \u003cb\u003essphp-metrics\u003c/b\u003e against unrelated lower protected assets in the same network segment, which might be easier to compromise by attackers","synthetic_id":"missing-network-segmentation@ssphp-metrics","most_relevant_data_asset":"","most_relevant_technical_asset":"ssphp-metrics","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"","data_breach_probability":"improbable","data_breach_technical_assets":["ssphp-metrics"]},{"category":"unnecessary-technical-asset","risk_status":"unchecked","severity":"low","exploitation_likelihood":"unlikely","exploitation_impact":"low","title":"\u003cb\u003eUnnecessary Technical Asset\u003c/b\u003e named \u003cb\u003es184d01-comp-complete-app-worker\u003c/b\u003e","synthetic_id":"unnecessary-technical-asset@s184d01-comp-complete-app-worker","most_relevant_data_asset":"","most_relevant_technical_asset":"s184d01-comp-complete-app-worker","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"","data_breach_probability":"improbable","data_breach_technical_assets":["s184d01-comp-complete-app-worker"]},{"category":"unnecessary-technical-asset","risk_status":"unchecked","severity":"low","exploitation_likelihood":"unlikely","exploitation_impact":"low","title":"\u003cb\u003eUnnecessary Technical Asset\u003c/b\u003e named \u003cb\u003es184d01-comp-complete-app\u003c/b\u003e","synthetic_id":"unnecessary-technical-asset@s184d01-comp-complete-app","most_relevant_data_asset":"","most_relevant_technical_asset":"s184d01-comp-complete-app","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"","data_breach_probability":"improbable","data_breach_technical_assets":["s184d01-comp-complete-app"]},{"category":"unnecessary-technical-asset","risk_status":"unchecked","severity":"low","exploitation_likelihood":"unlikely","exploitation_impact":"low","title":"\u003cb\u003eUnnecessary Technical Asset\u003c/b\u003e named \u003cb\u003es184d01-comp-tfvars\u003c/b\u003e","synthetic_id":"unnecessary-technical-asset@s184d01-comp-tfvars","most_relevant_data_asset":"","most_relevant_technical_asset":"s184d01-comp-tfvars","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"","data_breach_probability":"improbable","data_breach_technical_assets":["s184d01-comp-tfvars"]},{"category":"unnecessary-technical-asset","risk_status":"unchecked","severity":"low","exploitation_likelihood":"unlikely","exploitation_impact":"low","title":"\u003cb\u003eUnnecessary Technical Asset\u003c/b\u003e named \u003cb\u003es184d01-compdefault\u003c/b\u003e","synthetic_id":"unnecessary-technical-asset@s184d01-compdefault","most_relevant_data_asset":"","most_relevant_technical_asset":"s184d01-compdefault","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"","data_breach_probability":"improbable","data_breach_technical_assets":["s184d01-compdefault"]},{"category":"unnecessary-technical-asset","risk_status":"unchecked","severity":"low","exploitation_likelihood":"unlikely","exploitation_impact":"low","title":"\u003cb\u003eUnnecessary Technical Asset\u003c/b\u003e named \u003cb\u003essphp-metrics-rust-p3sha\u003c/b\u003e","synthetic_id":"unnecessary-technical-asset@ssphp-metrics-rust-p3sha","most_relevant_data_asset":"","most_relevant_technical_asset":"ssphp-metrics-rust-p3sha","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"","data_breach_probability":"improbable","data_breach_technical_assets":["ssphp-metrics-rust-p3sha"]},{"category":"unnecessary-technical-asset","risk_status":"unchecked","severity":"low","exploitation_likelihood":"unlikely","exploitation_impact":"low","title":"\u003cb\u003eUnnecessary Technical Asset\u003c/b\u003e named \u003cb\u003essphp-metrics\u003c/b\u003e","synthetic_id":"unnecessary-technical-asset@ssphp-metrics","most_relevant_data_asset":"","most_relevant_technical_asset":"ssphp-metrics","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"","data_breach_probability":"improbable","data_breach_technical_assets":["ssphp-metrics"]},{"category":"unnecessary-technical-asset","risk_status":"unchecked","severity":"low","exploitation_likelihood":"unlikely","exploitation_impact":"low","title":"\u003cb\u003eUnnecessary Technical Asset\u003c/b\u003e named \u003cb\u003etfstatel95cd\u003c/b\u003e","synthetic_id":"unnecessary-technical-asset@tfstatel95cd","most_relevant_data_asset":"","most_relevant_technical_asset":"tfstatel95cd","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"","data_breach_probability":"improbable","data_breach_technical_assets":["tfstatel95cd"]},{"category":"unnecessary-technical-asset","risk_status":"unchecked","severity":"low","exploitation_likelihood":"unlikely","exploitation_impact":"low","title":"\u003cb\u003eUnnecessary Technical Asset\u003c/b\u003e named \u003cb\u003etfstatep3sha\u003c/b\u003e","synthetic_id":"unnecessary-technical-asset@tfstatep3sha","most_relevant_data_asset":"","most_relevant_technical_asset":"tfstatep3sha","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"","data_breach_probability":"improbable","data_breach_technical_assets":["tfstatep3sha"]},{"category":"missing-vault-isolation","risk_status":"unchecked","severity":"medium","exploitation_likelihood":"unlikely","exploitation_impact":"medium","title":"\u003cb\u003eMissing Vault Isolation\u003c/b\u003e to further encapsulate and protect vault-related asset \u003cb\u003es184d01-comp-tfvars\u003c/b\u003e against unrelated lower protected assets \u003cb\u003ein the same network segment\u003c/b\u003e, which might be easier to compromise by attackers","synthetic_id":"missing-vault-isolation@s184d01-comp-tfvars","most_relevant_data_asset":"","most_relevant_technical_asset":"s184d01-comp-tfvars","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"","data_breach_probability":"improbable","data_breach_technical_assets":["s184d01-comp-tfvars"]},{"category":"missing-vault-isolation","risk_status":"unchecked","severity":"medium","exploitation_likelihood":"unlikely","exploitation_impact":"medium","title":"\u003cb\u003eMissing Vault Isolation\u003c/b\u003e to further encapsulate and protect vault-related asset \u003cb\u003essphp-metrics\u003c/b\u003e against unrelated lower protected assets \u003cb\u003ein the same network segment\u003c/b\u003e, which might be easier to compromise by attackers","synthetic_id":"missing-vault-isolation@ssphp-metrics","most_relevant_data_asset":"","most_relevant_technical_asset":"ssphp-metrics","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"","data_breach_probability":"improbable","data_breach_technical_assets":["ssphp-metrics"]}] \ No newline at end of file +[{"category":"unencrypted-asset","risk_status":"unchecked","severity":"medium","exploitation_likelihood":"unlikely","exploitation_impact":"medium","title":"\u003cb\u003eUnencrypted Technical Asset\u003c/b\u003e named \u003cb\u003es184d01-comp-complete-app-worker\u003c/b\u003e","synthetic_id":"unencrypted-asset@s184d01-comp-complete-app-worker","most_relevant_data_asset":"","most_relevant_technical_asset":"s184d01-comp-complete-app-worker","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"","data_breach_probability":"improbable","data_breach_technical_assets":["s184d01-comp-complete-app-worker"]},{"category":"unencrypted-asset","risk_status":"unchecked","severity":"medium","exploitation_likelihood":"unlikely","exploitation_impact":"medium","title":"\u003cb\u003eUnencrypted Technical Asset\u003c/b\u003e named \u003cb\u003es184d01-comp-complete-app\u003c/b\u003e","synthetic_id":"unencrypted-asset@s184d01-comp-complete-app","most_relevant_data_asset":"","most_relevant_technical_asset":"s184d01-comp-complete-app","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"","data_breach_probability":"improbable","data_breach_technical_assets":["s184d01-comp-complete-app"]},{"category":"unencrypted-asset","risk_status":"unchecked","severity":"medium","exploitation_likelihood":"unlikely","exploitation_impact":"medium","title":"\u003cb\u003eUnencrypted Technical Asset\u003c/b\u003e named \u003cb\u003es184d01-comp-tfvars\u003c/b\u003e","synthetic_id":"unencrypted-asset@s184d01-comp-tfvars","most_relevant_data_asset":"","most_relevant_technical_asset":"s184d01-comp-tfvars","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"","data_breach_probability":"improbable","data_breach_technical_assets":["s184d01-comp-tfvars"]},{"category":"unencrypted-asset","risk_status":"unchecked","severity":"medium","exploitation_likelihood":"unlikely","exploitation_impact":"medium","title":"\u003cb\u003eUnencrypted Technical Asset\u003c/b\u003e named \u003cb\u003es184d01-compdefault\u003c/b\u003e","synthetic_id":"unencrypted-asset@s184d01-compdefault","most_relevant_data_asset":"","most_relevant_technical_asset":"s184d01-compdefault","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"","data_breach_probability":"improbable","data_breach_technical_assets":["s184d01-compdefault"]},{"category":"unencrypted-asset","risk_status":"unchecked","severity":"medium","exploitation_likelihood":"unlikely","exploitation_impact":"medium","title":"\u003cb\u003eUnencrypted Technical Asset\u003c/b\u003e named \u003cb\u003essphp-metrics-rust-p3sha\u003c/b\u003e","synthetic_id":"unencrypted-asset@ssphp-metrics-rust-p3sha","most_relevant_data_asset":"","most_relevant_technical_asset":"ssphp-metrics-rust-p3sha","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"","data_breach_probability":"improbable","data_breach_technical_assets":["ssphp-metrics-rust-p3sha"]},{"category":"unencrypted-asset","risk_status":"unchecked","severity":"medium","exploitation_likelihood":"unlikely","exploitation_impact":"medium","title":"\u003cb\u003eUnencrypted Technical Asset\u003c/b\u003e named \u003cb\u003essphp-metrics\u003c/b\u003e","synthetic_id":"unencrypted-asset@ssphp-metrics","most_relevant_data_asset":"","most_relevant_technical_asset":"ssphp-metrics","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"","data_breach_probability":"improbable","data_breach_technical_assets":["ssphp-metrics"]},{"category":"unencrypted-asset","risk_status":"unchecked","severity":"medium","exploitation_likelihood":"unlikely","exploitation_impact":"medium","title":"\u003cb\u003eUnencrypted Technical Asset\u003c/b\u003e named \u003cb\u003etfstatel95cd\u003c/b\u003e","synthetic_id":"unencrypted-asset@tfstatel95cd","most_relevant_data_asset":"","most_relevant_technical_asset":"tfstatel95cd","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"","data_breach_probability":"improbable","data_breach_technical_assets":["tfstatel95cd"]},{"category":"unencrypted-asset","risk_status":"unchecked","severity":"medium","exploitation_likelihood":"unlikely","exploitation_impact":"medium","title":"\u003cb\u003eUnencrypted Technical Asset\u003c/b\u003e named \u003cb\u003etfstatep3sha\u003c/b\u003e","synthetic_id":"unencrypted-asset@tfstatep3sha","most_relevant_data_asset":"","most_relevant_technical_asset":"tfstatep3sha","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"","data_breach_probability":"improbable","data_breach_technical_assets":["tfstatep3sha"]},{"category":"unnecessary-technical-asset","risk_status":"unchecked","severity":"low","exploitation_likelihood":"unlikely","exploitation_impact":"low","title":"\u003cb\u003eUnnecessary Technical Asset\u003c/b\u003e named \u003cb\u003es184d01-comp-complete-app-worker\u003c/b\u003e","synthetic_id":"unnecessary-technical-asset@s184d01-comp-complete-app-worker","most_relevant_data_asset":"","most_relevant_technical_asset":"s184d01-comp-complete-app-worker","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"","data_breach_probability":"improbable","data_breach_technical_assets":["s184d01-comp-complete-app-worker"]},{"category":"unnecessary-technical-asset","risk_status":"unchecked","severity":"low","exploitation_likelihood":"unlikely","exploitation_impact":"low","title":"\u003cb\u003eUnnecessary Technical Asset\u003c/b\u003e named \u003cb\u003es184d01-comp-complete-app\u003c/b\u003e","synthetic_id":"unnecessary-technical-asset@s184d01-comp-complete-app","most_relevant_data_asset":"","most_relevant_technical_asset":"s184d01-comp-complete-app","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"","data_breach_probability":"improbable","data_breach_technical_assets":["s184d01-comp-complete-app"]},{"category":"unnecessary-technical-asset","risk_status":"unchecked","severity":"low","exploitation_likelihood":"unlikely","exploitation_impact":"low","title":"\u003cb\u003eUnnecessary Technical Asset\u003c/b\u003e named \u003cb\u003es184d01-comp-tfvars\u003c/b\u003e","synthetic_id":"unnecessary-technical-asset@s184d01-comp-tfvars","most_relevant_data_asset":"","most_relevant_technical_asset":"s184d01-comp-tfvars","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"","data_breach_probability":"improbable","data_breach_technical_assets":["s184d01-comp-tfvars"]},{"category":"unnecessary-technical-asset","risk_status":"unchecked","severity":"low","exploitation_likelihood":"unlikely","exploitation_impact":"low","title":"\u003cb\u003eUnnecessary Technical Asset\u003c/b\u003e named \u003cb\u003es184d01-compdefault\u003c/b\u003e","synthetic_id":"unnecessary-technical-asset@s184d01-compdefault","most_relevant_data_asset":"","most_relevant_technical_asset":"s184d01-compdefault","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"","data_breach_probability":"improbable","data_breach_technical_assets":["s184d01-compdefault"]},{"category":"unnecessary-technical-asset","risk_status":"unchecked","severity":"low","exploitation_likelihood":"unlikely","exploitation_impact":"low","title":"\u003cb\u003eUnnecessary Technical Asset\u003c/b\u003e named \u003cb\u003essphp-metrics-rust-p3sha\u003c/b\u003e","synthetic_id":"unnecessary-technical-asset@ssphp-metrics-rust-p3sha","most_relevant_data_asset":"","most_relevant_technical_asset":"ssphp-metrics-rust-p3sha","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"","data_breach_probability":"improbable","data_breach_technical_assets":["ssphp-metrics-rust-p3sha"]},{"category":"unnecessary-technical-asset","risk_status":"unchecked","severity":"low","exploitation_likelihood":"unlikely","exploitation_impact":"low","title":"\u003cb\u003eUnnecessary Technical Asset\u003c/b\u003e named \u003cb\u003essphp-metrics\u003c/b\u003e","synthetic_id":"unnecessary-technical-asset@ssphp-metrics","most_relevant_data_asset":"","most_relevant_technical_asset":"ssphp-metrics","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"","data_breach_probability":"improbable","data_breach_technical_assets":["ssphp-metrics"]},{"category":"unnecessary-technical-asset","risk_status":"unchecked","severity":"low","exploitation_likelihood":"unlikely","exploitation_impact":"low","title":"\u003cb\u003eUnnecessary Technical Asset\u003c/b\u003e named \u003cb\u003etfstatel95cd\u003c/b\u003e","synthetic_id":"unnecessary-technical-asset@tfstatel95cd","most_relevant_data_asset":"","most_relevant_technical_asset":"tfstatel95cd","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"","data_breach_probability":"improbable","data_breach_technical_assets":["tfstatel95cd"]},{"category":"unnecessary-technical-asset","risk_status":"unchecked","severity":"low","exploitation_likelihood":"unlikely","exploitation_impact":"low","title":"\u003cb\u003eUnnecessary Technical Asset\u003c/b\u003e named \u003cb\u003etfstatep3sha\u003c/b\u003e","synthetic_id":"unnecessary-technical-asset@tfstatep3sha","most_relevant_data_asset":"","most_relevant_technical_asset":"tfstatep3sha","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"","data_breach_probability":"improbable","data_breach_technical_assets":["tfstatep3sha"]},{"category":"unnecessary-data-asset","risk_status":"unchecked","severity":"low","exploitation_likelihood":"unlikely","exploitation_impact":"low","title":"\u003cb\u003eUnnecessary Data Asset\u003c/b\u003e named \u003cb\u003eclient-application-code\u003c/b\u003e","synthetic_id":"unnecessary-data-asset@client-application-code","most_relevant_data_asset":"client-application-code","most_relevant_technical_asset":"","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"","data_breach_probability":"improbable","data_breach_technical_assets":["client-application-code"]},{"category":"unnecessary-data-asset","risk_status":"unchecked","severity":"low","exploitation_likelihood":"unlikely","exploitation_impact":"low","title":"\u003cb\u003eUnnecessary Data Asset\u003c/b\u003e named \u003cb\u003ejob-information\u003c/b\u003e","synthetic_id":"unnecessary-data-asset@job-information","most_relevant_data_asset":"job-information","most_relevant_technical_asset":"","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"","data_breach_probability":"improbable","data_breach_technical_assets":["job-information"]},{"category":"unnecessary-data-asset","risk_status":"unchecked","severity":"low","exploitation_likelihood":"unlikely","exploitation_impact":"low","title":"\u003cb\u003eUnnecessary Data Asset\u003c/b\u003e named \u003cb\u003epayment-details\u003c/b\u003e","synthetic_id":"unnecessary-data-asset@payment-details","most_relevant_data_asset":"payment-details","most_relevant_technical_asset":"","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"","data_breach_probability":"improbable","data_breach_technical_assets":["payment-details"]},{"category":"unnecessary-data-asset","risk_status":"unchecked","severity":"low","exploitation_likelihood":"unlikely","exploitation_impact":"low","title":"\u003cb\u003eUnnecessary Data Asset\u003c/b\u003e named \u003cb\u003eschool-data\u003c/b\u003e","synthetic_id":"unnecessary-data-asset@school-data","most_relevant_data_asset":"school-data","most_relevant_technical_asset":"","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"","data_breach_probability":"improbable","data_breach_technical_assets":["school-data"]},{"category":"unnecessary-data-asset","risk_status":"unchecked","severity":"low","exploitation_likelihood":"unlikely","exploitation_impact":"low","title":"\u003cb\u003eUnnecessary Data Asset\u003c/b\u003e named \u003cb\u003esecrets-and-api-keys\u003c/b\u003e","synthetic_id":"unnecessary-data-asset@secrets-and-api-keys","most_relevant_data_asset":"secrets-and-api-keys","most_relevant_technical_asset":"","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"","data_breach_probability":"improbable","data_breach_technical_assets":["secrets-and-api-keys"]},{"category":"unnecessary-data-asset","risk_status":"unchecked","severity":"low","exploitation_likelihood":"unlikely","exploitation_impact":"low","title":"\u003cb\u003eUnnecessary Data Asset\u003c/b\u003e named \u003cb\u003eserver-application-code\u003c/b\u003e","synthetic_id":"unnecessary-data-asset@server-application-code","most_relevant_data_asset":"server-application-code","most_relevant_technical_asset":"","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"","data_breach_probability":"improbable","data_breach_technical_assets":["server-application-code"]},{"category":"unnecessary-data-asset","risk_status":"unchecked","severity":"low","exploitation_likelihood":"unlikely","exploitation_impact":"low","title":"\u003cb\u003eUnnecessary Data Asset\u003c/b\u003e named \u003cb\u003estudent-pii\u003c/b\u003e","synthetic_id":"unnecessary-data-asset@student-pii","most_relevant_data_asset":"student-pii","most_relevant_technical_asset":"","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"","data_breach_probability":"improbable","data_breach_technical_assets":["student-pii"]},{"category":"unnecessary-data-asset","risk_status":"unchecked","severity":"low","exploitation_likelihood":"unlikely","exploitation_impact":"low","title":"\u003cb\u003eUnnecessary Data Asset\u003c/b\u003e named \u003cb\u003eteacher-pii\u003c/b\u003e","synthetic_id":"unnecessary-data-asset@teacher-pii","most_relevant_data_asset":"teacher-pii","most_relevant_technical_asset":"","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"","data_breach_probability":"improbable","data_breach_technical_assets":["teacher-pii"]},{"category":"unnecessary-data-asset","risk_status":"unchecked","severity":"low","exploitation_likelihood":"unlikely","exploitation_impact":"low","title":"\u003cb\u003eUnnecessary Data Asset\u003c/b\u003e named \u003cb\u003evulnerable-children-data\u003c/b\u003e","synthetic_id":"unnecessary-data-asset@vulnerable-children-data","most_relevant_data_asset":"vulnerable-children-data","most_relevant_technical_asset":"","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"","data_breach_probability":"improbable","data_breach_technical_assets":["vulnerable-children-data"]},{"category":"cross-site-scripting","risk_status":"unchecked","severity":"elevated","exploitation_likelihood":"likely","exploitation_impact":"medium","title":"\u003cb\u003eCross-Site Scripting (XSS)\u003c/b\u003e risk at \u003cb\u003es184d01-comp-complete-app-worker\u003c/b\u003e","synthetic_id":"cross-site-scripting@s184d01-comp-complete-app-worker","most_relevant_data_asset":"","most_relevant_technical_asset":"s184d01-comp-complete-app-worker","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"","data_breach_probability":"possible","data_breach_technical_assets":["s184d01-comp-complete-app-worker"]},{"category":"cross-site-scripting","risk_status":"unchecked","severity":"elevated","exploitation_likelihood":"likely","exploitation_impact":"medium","title":"\u003cb\u003eCross-Site Scripting (XSS)\u003c/b\u003e risk at \u003cb\u003es184d01-comp-complete-app\u003c/b\u003e","synthetic_id":"cross-site-scripting@s184d01-comp-complete-app","most_relevant_data_asset":"","most_relevant_technical_asset":"s184d01-comp-complete-app","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"","data_breach_probability":"possible","data_breach_technical_assets":["s184d01-comp-complete-app"]},{"category":"missing-cloud-hardening","risk_status":"unchecked","severity":"medium","exploitation_likelihood":"unlikely","exploitation_impact":"high","title":"\u003cb\u003eMissing Cloud Hardening (Azure)\u003c/b\u003e risk at \u003cb\u003es184d01-comp-complete-app\u003c/b\u003e: \u003cu\u003eCIS Benchmark for Microsoft Azure\u003c/u\u003e","synthetic_id":"missing-cloud-hardening@s184d01-comp-complete-app","most_relevant_data_asset":"","most_relevant_technical_asset":"s184d01-comp-complete-app","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"","data_breach_probability":"probable","data_breach_technical_assets":["s184d01-comp-complete-app"]},{"category":"missing-hardening","risk_status":"unchecked","severity":"medium","exploitation_likelihood":"likely","exploitation_impact":"low","title":"\u003cb\u003eMissing Hardening\u003c/b\u003e risk at \u003cb\u003es184d01-comp-tfvars\u003c/b\u003e","synthetic_id":"missing-hardening@s184d01-comp-tfvars","most_relevant_data_asset":"","most_relevant_technical_asset":"s184d01-comp-tfvars","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"","data_breach_probability":"improbable","data_breach_technical_assets":["s184d01-comp-tfvars"]},{"category":"missing-hardening","risk_status":"unchecked","severity":"medium","exploitation_likelihood":"likely","exploitation_impact":"low","title":"\u003cb\u003eMissing Hardening\u003c/b\u003e risk at \u003cb\u003essphp-metrics\u003c/b\u003e","synthetic_id":"missing-hardening@ssphp-metrics","most_relevant_data_asset":"","most_relevant_technical_asset":"ssphp-metrics","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"","data_breach_probability":"improbable","data_breach_technical_assets":["ssphp-metrics"]},{"category":"container-baseimage-backdooring","risk_status":"unchecked","severity":"medium","exploitation_likelihood":"unlikely","exploitation_impact":"medium","title":"\u003cb\u003eContainer Base Image Backdooring\u003c/b\u003e risk at \u003cb\u003es184d01-comp-complete-app-worker\u003c/b\u003e","synthetic_id":"container-baseimage-backdooring@s184d01-comp-complete-app-worker","most_relevant_data_asset":"","most_relevant_technical_asset":"s184d01-comp-complete-app-worker","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"","data_breach_probability":"probable","data_breach_technical_assets":["s184d01-comp-complete-app-worker"]},{"category":"container-baseimage-backdooring","risk_status":"unchecked","severity":"medium","exploitation_likelihood":"unlikely","exploitation_impact":"medium","title":"\u003cb\u003eContainer Base Image Backdooring\u003c/b\u003e risk at \u003cb\u003es184d01-comp-complete-app\u003c/b\u003e","synthetic_id":"container-baseimage-backdooring@s184d01-comp-complete-app","most_relevant_data_asset":"","most_relevant_technical_asset":"s184d01-comp-complete-app","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"","data_breach_probability":"probable","data_breach_technical_assets":["s184d01-comp-complete-app"]},{"category":"missing-vault-isolation","risk_status":"unchecked","severity":"medium","exploitation_likelihood":"unlikely","exploitation_impact":"medium","title":"\u003cb\u003eMissing Vault Isolation\u003c/b\u003e to further encapsulate and protect vault-related asset \u003cb\u003es184d01-comp-tfvars\u003c/b\u003e against unrelated lower protected assets \u003cb\u003ein the same network segment\u003c/b\u003e, which might be easier to compromise by attackers","synthetic_id":"missing-vault-isolation@s184d01-comp-tfvars","most_relevant_data_asset":"","most_relevant_technical_asset":"s184d01-comp-tfvars","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"","data_breach_probability":"improbable","data_breach_technical_assets":["s184d01-comp-tfvars"]},{"category":"missing-vault-isolation","risk_status":"unchecked","severity":"medium","exploitation_likelihood":"unlikely","exploitation_impact":"medium","title":"\u003cb\u003eMissing Vault Isolation\u003c/b\u003e to further encapsulate and protect vault-related asset \u003cb\u003essphp-metrics\u003c/b\u003e against unrelated lower protected assets \u003cb\u003ein the same network segment\u003c/b\u003e, which might be easier to compromise by attackers","synthetic_id":"missing-vault-isolation@ssphp-metrics","most_relevant_data_asset":"","most_relevant_technical_asset":"ssphp-metrics","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"","data_breach_probability":"improbable","data_breach_technical_assets":["ssphp-metrics"]},{"category":"missing-network-segmentation","risk_status":"unchecked","severity":"low","exploitation_likelihood":"unlikely","exploitation_impact":"low","title":"\u003cb\u003eMissing Network Segmentation\u003c/b\u003e to further encapsulate and protect \u003cb\u003es184d01-comp-tfvars\u003c/b\u003e against unrelated lower protected assets in the same network segment, which might be easier to compromise by attackers","synthetic_id":"missing-network-segmentation@s184d01-comp-tfvars","most_relevant_data_asset":"","most_relevant_technical_asset":"s184d01-comp-tfvars","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"","data_breach_probability":"improbable","data_breach_technical_assets":["s184d01-comp-tfvars"]},{"category":"missing-network-segmentation","risk_status":"unchecked","severity":"low","exploitation_likelihood":"unlikely","exploitation_impact":"low","title":"\u003cb\u003eMissing Network Segmentation\u003c/b\u003e to further encapsulate and protect \u003cb\u003essphp-metrics\u003c/b\u003e against unrelated lower protected assets in the same network segment, which might be easier to compromise by attackers","synthetic_id":"missing-network-segmentation@ssphp-metrics","most_relevant_data_asset":"","most_relevant_technical_asset":"ssphp-metrics","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"","data_breach_probability":"improbable","data_breach_technical_assets":["ssphp-metrics"]}] \ No newline at end of file diff --git a/output/risks.xlsx b/output/risks.xlsx index 282bedc..26785fd 100755 Binary files a/output/risks.xlsx and b/output/risks.xlsx differ diff --git a/output/tags.xlsx b/output/tags.xlsx index 1581a26..8de5d11 100755 Binary files a/output/tags.xlsx and b/output/tags.xlsx differ diff --git a/requirements.txt b/requirements.txt index 62def1f..0520ab4 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1 +1,2 @@ -Jinja2==3.1.4 \ No newline at end of file +Jinja2==3.1.4 +PyYAML==6.0.1 \ No newline at end of file diff --git a/yaml-templates/dfe-threagile-final.yaml b/yaml-templates/dfe-threagile-final.yaml index 7c88025..260cd98 100644 --- a/yaml-templates/dfe-threagile-final.yaml +++ b/yaml-templates/dfe-threagile-final.yaml @@ -267,7 +267,7 @@ data_assets: integrity: important # values: archive, operational, important, critical, mission-critical availability: operational # values: archive, operational, important, critical, mission-critical justification_cia_rating: > - Job information is important but is public information in it's nature. + Job information is important but is public information in it's nature. school-data: name: school-data @@ -913,256 +913,256 @@ individual_risk_categories: # used for adding custom manually identified risks risk_tracking: - container-baseimage-backdooring@s184d01-comp-complete-app-worker: # wildcards "*" between the @ characters are possible + missing-cloud-hardening@s184d01-comp-complete-app: # wildcards "*" between the @ characters are possible status: unchecked # values: unchecked, in-discussion, accepted, in-progress, mitigated, false-positive justification: Enter justification here. ticket: Enter ticket number relating to your risk and mitigations here. - date: 2024-05-17 + date: 2024-05-21 checked_by: Enter name of owner/ reviewer here. - container-baseimage-backdooring@s184d01-comp-complete-app: # wildcards "*" between the @ characters are possible + container-baseimage-backdooring@s184d01-comp-complete-app-worker: # wildcards "*" between the @ characters are possible status: unchecked # values: unchecked, in-discussion, accepted, in-progress, mitigated, false-positive justification: Enter justification here. ticket: Enter ticket number relating to your risk and mitigations here. - date: 2024-05-17 + date: 2024-05-21 checked_by: Enter name of owner/ reviewer here. - missing-vault-isolation@s184d01-comp-tfvars: # wildcards "*" between the @ characters are possible + container-baseimage-backdooring@s184d01-comp-complete-app: # wildcards "*" between the @ characters are possible status: unchecked # values: unchecked, in-discussion, accepted, in-progress, mitigated, false-positive justification: Enter justification here. ticket: Enter ticket number relating to your risk and mitigations here. - date: 2024-05-17 + date: 2024-05-21 checked_by: Enter name of owner/ reviewer here. - missing-vault-isolation@ssphp-metrics: # wildcards "*" between the @ characters are possible + unencrypted-asset@s184d01-comp-complete-app-worker: # wildcards "*" between the @ characters are possible status: unchecked # values: unchecked, in-discussion, accepted, in-progress, mitigated, false-positive justification: Enter justification here. ticket: Enter ticket number relating to your risk and mitigations here. - date: 2024-05-17 + date: 2024-05-21 checked_by: Enter name of owner/ reviewer here. - unencrypted-asset@s184d01-comp-complete-app-worker: # wildcards "*" between the @ characters are possible + unencrypted-asset@s184d01-comp-complete-app: # wildcards "*" between the @ characters are possible status: unchecked # values: unchecked, in-discussion, accepted, in-progress, mitigated, false-positive justification: Enter justification here. ticket: Enter ticket number relating to your risk and mitigations here. - date: 2024-05-17 + date: 2024-05-21 checked_by: Enter name of owner/ reviewer here. - unencrypted-asset@s184d01-comp-complete-app: # wildcards "*" between the @ characters are possible + unencrypted-asset@s184d01-comp-tfvars: # wildcards "*" between the @ characters are possible status: unchecked # values: unchecked, in-discussion, accepted, in-progress, mitigated, false-positive justification: Enter justification here. ticket: Enter ticket number relating to your risk and mitigations here. - date: 2024-05-17 + date: 2024-05-21 checked_by: Enter name of owner/ reviewer here. - unencrypted-asset@s184d01-comp-tfvars: # wildcards "*" between the @ characters are possible + unencrypted-asset@s184d01-compdefault: # wildcards "*" between the @ characters are possible status: unchecked # values: unchecked, in-discussion, accepted, in-progress, mitigated, false-positive justification: Enter justification here. ticket: Enter ticket number relating to your risk and mitigations here. - date: 2024-05-17 + date: 2024-05-21 checked_by: Enter name of owner/ reviewer here. - unencrypted-asset@s184d01-compdefault: # wildcards "*" between the @ characters are possible + unencrypted-asset@ssphp-metrics-rust-p3sha: # wildcards "*" between the @ characters are possible status: unchecked # values: unchecked, in-discussion, accepted, in-progress, mitigated, false-positive justification: Enter justification here. ticket: Enter ticket number relating to your risk and mitigations here. - date: 2024-05-17 + date: 2024-05-21 checked_by: Enter name of owner/ reviewer here. - unencrypted-asset@ssphp-metrics-rust-p3sha: # wildcards "*" between the @ characters are possible + unencrypted-asset@ssphp-metrics: # wildcards "*" between the @ characters are possible status: unchecked # values: unchecked, in-discussion, accepted, in-progress, mitigated, false-positive justification: Enter justification here. ticket: Enter ticket number relating to your risk and mitigations here. - date: 2024-05-17 + date: 2024-05-21 checked_by: Enter name of owner/ reviewer here. - unencrypted-asset@ssphp-metrics: # wildcards "*" between the @ characters are possible + unencrypted-asset@tfstatel95cd: # wildcards "*" between the @ characters are possible status: unchecked # values: unchecked, in-discussion, accepted, in-progress, mitigated, false-positive justification: Enter justification here. ticket: Enter ticket number relating to your risk and mitigations here. - date: 2024-05-17 + date: 2024-05-21 checked_by: Enter name of owner/ reviewer here. - unencrypted-asset@tfstatel95cd: # wildcards "*" between the @ characters are possible + unencrypted-asset@tfstatep3sha: # wildcards "*" between the @ characters are possible status: unchecked # values: unchecked, in-discussion, accepted, in-progress, mitigated, false-positive justification: Enter justification here. ticket: Enter ticket number relating to your risk and mitigations here. - date: 2024-05-17 + date: 2024-05-21 checked_by: Enter name of owner/ reviewer here. - unencrypted-asset@tfstatep3sha: # wildcards "*" between the @ characters are possible + missing-network-segmentation@s184d01-comp-tfvars: # wildcards "*" between the @ characters are possible status: unchecked # values: unchecked, in-discussion, accepted, in-progress, mitigated, false-positive justification: Enter justification here. ticket: Enter ticket number relating to your risk and mitigations here. - date: 2024-05-17 + date: 2024-05-21 checked_by: Enter name of owner/ reviewer here. - missing-cloud-hardening@s184d01-comp-complete-app: # wildcards "*" between the @ characters are possible + missing-network-segmentation@ssphp-metrics: # wildcards "*" between the @ characters are possible status: unchecked # values: unchecked, in-discussion, accepted, in-progress, mitigated, false-positive justification: Enter justification here. ticket: Enter ticket number relating to your risk and mitigations here. - date: 2024-05-17 + date: 2024-05-21 checked_by: Enter name of owner/ reviewer here. - unnecessary-data-asset@client-application-code: # wildcards "*" between the @ characters are possible + cross-site-scripting@s184d01-comp-complete-app-worker: # wildcards "*" between the @ characters are possible status: unchecked # values: unchecked, in-discussion, accepted, in-progress, mitigated, false-positive justification: Enter justification here. ticket: Enter ticket number relating to your risk and mitigations here. - date: 2024-05-17 + date: 2024-05-21 checked_by: Enter name of owner/ reviewer here. - unnecessary-data-asset@job-information: # wildcards "*" between the @ characters are possible + cross-site-scripting@s184d01-comp-complete-app: # wildcards "*" between the @ characters are possible status: unchecked # values: unchecked, in-discussion, accepted, in-progress, mitigated, false-positive justification: Enter justification here. ticket: Enter ticket number relating to your risk and mitigations here. - date: 2024-05-17 + date: 2024-05-21 checked_by: Enter name of owner/ reviewer here. - unnecessary-data-asset@payment-details: # wildcards "*" between the @ characters are possible + missing-vault-isolation@s184d01-comp-tfvars: # wildcards "*" between the @ characters are possible status: unchecked # values: unchecked, in-discussion, accepted, in-progress, mitigated, false-positive justification: Enter justification here. ticket: Enter ticket number relating to your risk and mitigations here. - date: 2024-05-17 + date: 2024-05-21 checked_by: Enter name of owner/ reviewer here. - unnecessary-data-asset@school-data: # wildcards "*" between the @ characters are possible + missing-vault-isolation@ssphp-metrics: # wildcards "*" between the @ characters are possible status: unchecked # values: unchecked, in-discussion, accepted, in-progress, mitigated, false-positive justification: Enter justification here. ticket: Enter ticket number relating to your risk and mitigations here. - date: 2024-05-17 + date: 2024-05-21 checked_by: Enter name of owner/ reviewer here. - unnecessary-data-asset@secrets-and-api-keys: # wildcards "*" between the @ characters are possible + unnecessary-technical-asset@s184d01-comp-complete-app-worker: # wildcards "*" between the @ characters are possible status: unchecked # values: unchecked, in-discussion, accepted, in-progress, mitigated, false-positive justification: Enter justification here. ticket: Enter ticket number relating to your risk and mitigations here. - date: 2024-05-17 + date: 2024-05-21 checked_by: Enter name of owner/ reviewer here. - unnecessary-data-asset@server-application-code: # wildcards "*" between the @ characters are possible + unnecessary-technical-asset@s184d01-comp-complete-app: # wildcards "*" between the @ characters are possible status: unchecked # values: unchecked, in-discussion, accepted, in-progress, mitigated, false-positive justification: Enter justification here. ticket: Enter ticket number relating to your risk and mitigations here. - date: 2024-05-17 + date: 2024-05-21 checked_by: Enter name of owner/ reviewer here. - unnecessary-data-asset@student-pii: # wildcards "*" between the @ characters are possible + unnecessary-technical-asset@s184d01-comp-tfvars: # wildcards "*" between the @ characters are possible status: unchecked # values: unchecked, in-discussion, accepted, in-progress, mitigated, false-positive justification: Enter justification here. ticket: Enter ticket number relating to your risk and mitigations here. - date: 2024-05-17 + date: 2024-05-21 checked_by: Enter name of owner/ reviewer here. - unnecessary-data-asset@teacher-pii: # wildcards "*" between the @ characters are possible + unnecessary-technical-asset@s184d01-compdefault: # wildcards "*" between the @ characters are possible status: unchecked # values: unchecked, in-discussion, accepted, in-progress, mitigated, false-positive justification: Enter justification here. ticket: Enter ticket number relating to your risk and mitigations here. - date: 2024-05-17 + date: 2024-05-21 checked_by: Enter name of owner/ reviewer here. - unnecessary-data-asset@vulnerable-children-data: # wildcards "*" between the @ characters are possible + unnecessary-technical-asset@ssphp-metrics-rust-p3sha: # wildcards "*" between the @ characters are possible status: unchecked # values: unchecked, in-discussion, accepted, in-progress, mitigated, false-positive justification: Enter justification here. ticket: Enter ticket number relating to your risk and mitigations here. - date: 2024-05-17 + date: 2024-05-21 checked_by: Enter name of owner/ reviewer here. - cross-site-scripting@s184d01-comp-complete-app-worker: # wildcards "*" between the @ characters are possible + unnecessary-technical-asset@ssphp-metrics: # wildcards "*" between the @ characters are possible status: unchecked # values: unchecked, in-discussion, accepted, in-progress, mitigated, false-positive justification: Enter justification here. ticket: Enter ticket number relating to your risk and mitigations here. - date: 2024-05-17 + date: 2024-05-21 checked_by: Enter name of owner/ reviewer here. - cross-site-scripting@s184d01-comp-complete-app: # wildcards "*" between the @ characters are possible + unnecessary-technical-asset@tfstatel95cd: # wildcards "*" between the @ characters are possible status: unchecked # values: unchecked, in-discussion, accepted, in-progress, mitigated, false-positive justification: Enter justification here. ticket: Enter ticket number relating to your risk and mitigations here. - date: 2024-05-17 + date: 2024-05-21 checked_by: Enter name of owner/ reviewer here. - missing-hardening@s184d01-comp-tfvars: # wildcards "*" between the @ characters are possible + unnecessary-technical-asset@tfstatep3sha: # wildcards "*" between the @ characters are possible status: unchecked # values: unchecked, in-discussion, accepted, in-progress, mitigated, false-positive justification: Enter justification here. ticket: Enter ticket number relating to your risk and mitigations here. - date: 2024-05-17 + date: 2024-05-21 checked_by: Enter name of owner/ reviewer here. - missing-hardening@ssphp-metrics: # wildcards "*" between the @ characters are possible + unnecessary-data-asset@client-application-code: # wildcards "*" between the @ characters are possible status: unchecked # values: unchecked, in-discussion, accepted, in-progress, mitigated, false-positive justification: Enter justification here. ticket: Enter ticket number relating to your risk and mitigations here. - date: 2024-05-17 + date: 2024-05-21 checked_by: Enter name of owner/ reviewer here. - missing-network-segmentation@s184d01-comp-tfvars: # wildcards "*" between the @ characters are possible + unnecessary-data-asset@job-information: # wildcards "*" between the @ characters are possible status: unchecked # values: unchecked, in-discussion, accepted, in-progress, mitigated, false-positive justification: Enter justification here. ticket: Enter ticket number relating to your risk and mitigations here. - date: 2024-05-17 + date: 2024-05-21 checked_by: Enter name of owner/ reviewer here. - missing-network-segmentation@ssphp-metrics: # wildcards "*" between the @ characters are possible + unnecessary-data-asset@payment-details: # wildcards "*" between the @ characters are possible status: unchecked # values: unchecked, in-discussion, accepted, in-progress, mitigated, false-positive justification: Enter justification here. ticket: Enter ticket number relating to your risk and mitigations here. - date: 2024-05-17 + date: 2024-05-21 checked_by: Enter name of owner/ reviewer here. - unnecessary-technical-asset@s184d01-comp-complete-app-worker: # wildcards "*" between the @ characters are possible + unnecessary-data-asset@school-data: # wildcards "*" between the @ characters are possible status: unchecked # values: unchecked, in-discussion, accepted, in-progress, mitigated, false-positive justification: Enter justification here. ticket: Enter ticket number relating to your risk and mitigations here. - date: 2024-05-17 + date: 2024-05-21 checked_by: Enter name of owner/ reviewer here. - unnecessary-technical-asset@s184d01-comp-complete-app: # wildcards "*" between the @ characters are possible + unnecessary-data-asset@secrets-and-api-keys: # wildcards "*" between the @ characters are possible status: unchecked # values: unchecked, in-discussion, accepted, in-progress, mitigated, false-positive justification: Enter justification here. ticket: Enter ticket number relating to your risk and mitigations here. - date: 2024-05-17 + date: 2024-05-21 checked_by: Enter name of owner/ reviewer here. - unnecessary-technical-asset@s184d01-comp-tfvars: # wildcards "*" between the @ characters are possible + unnecessary-data-asset@server-application-code: # wildcards "*" between the @ characters are possible status: unchecked # values: unchecked, in-discussion, accepted, in-progress, mitigated, false-positive justification: Enter justification here. ticket: Enter ticket number relating to your risk and mitigations here. - date: 2024-05-17 + date: 2024-05-21 checked_by: Enter name of owner/ reviewer here. - unnecessary-technical-asset@s184d01-compdefault: # wildcards "*" between the @ characters are possible + unnecessary-data-asset@student-pii: # wildcards "*" between the @ characters are possible status: unchecked # values: unchecked, in-discussion, accepted, in-progress, mitigated, false-positive justification: Enter justification here. ticket: Enter ticket number relating to your risk and mitigations here. - date: 2024-05-17 + date: 2024-05-21 checked_by: Enter name of owner/ reviewer here. - unnecessary-technical-asset@ssphp-metrics-rust-p3sha: # wildcards "*" between the @ characters are possible + unnecessary-data-asset@teacher-pii: # wildcards "*" between the @ characters are possible status: unchecked # values: unchecked, in-discussion, accepted, in-progress, mitigated, false-positive justification: Enter justification here. ticket: Enter ticket number relating to your risk and mitigations here. - date: 2024-05-17 + date: 2024-05-21 checked_by: Enter name of owner/ reviewer here. - unnecessary-technical-asset@ssphp-metrics: # wildcards "*" between the @ characters are possible + unnecessary-data-asset@vulnerable-children-data: # wildcards "*" between the @ characters are possible status: unchecked # values: unchecked, in-discussion, accepted, in-progress, mitigated, false-positive justification: Enter justification here. ticket: Enter ticket number relating to your risk and mitigations here. - date: 2024-05-17 + date: 2024-05-21 checked_by: Enter name of owner/ reviewer here. - unnecessary-technical-asset@tfstatel95cd: # wildcards "*" between the @ characters are possible + missing-hardening@s184d01-comp-tfvars: # wildcards "*" between the @ characters are possible status: unchecked # values: unchecked, in-discussion, accepted, in-progress, mitigated, false-positive justification: Enter justification here. ticket: Enter ticket number relating to your risk and mitigations here. - date: 2024-05-17 + date: 2024-05-21 checked_by: Enter name of owner/ reviewer here. - unnecessary-technical-asset@tfstatep3sha: # wildcards "*" between the @ characters are possible + missing-hardening@ssphp-metrics: # wildcards "*" between the @ characters are possible status: unchecked # values: unchecked, in-discussion, accepted, in-progress, mitigated, false-positive justification: Enter justification here. ticket: Enter ticket number relating to your risk and mitigations here. - date: 2024-05-17 + date: 2024-05-21 checked_by: Enter name of owner/ reviewer here. diff --git a/yaml-templates/ssphp_test.yaml b/yaml-templates/ssphp_test.yaml new file mode 100644 index 0000000..00cf680 --- /dev/null +++ b/yaml-templates/ssphp_test.yaml @@ -0,0 +1,20 @@ +--- +service: + id: S194 + name: S194_CISO_Continuous_Assurance + display_name: CISO Continuous Assurance + group: Digital and Technology + division: CISD + portfolio: Protective Monitoring + risk_profile: 30 + +data_types: + teacher_pii: true + student_pii: true + client_app_code: true + server_app_code: true + vulnerable_children_data: true + job_information: true + school_data: true + payment_details: true + secrets_and_keys: true \ No newline at end of file