risks.json is incomplete (compared to risks.xlsx) #96
Comments
|
dunno the intention here but from code perspective that's 2 different branches of code to get the data which needs to be written into Excel or Json |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
When I generate the report, I see more information in the
risks.xlsxthan in therisks.jsonfile.For example, the Excel sheet has a column
CWE, but risks in the JSON file do not contain this (useful) information.Is this intentional?
Example:
{ "category": "missing-build-infrastructure", "risk_status": "unchecked", "severity": "medium", "exploitation_likelihood": "unlikely", "exploitation_impact": "medium", "title": "\u003cb\u003eMissing Build Infrastructure\u003c/b\u003e in the threat model (referencing asset \u003cb\u003eMy Server\u003c/b\u003e as an example)", "synthetic_id": "missing-build-infrastructure@my-server", "most_relevant_data_asset": "", "most_relevant_technical_asset": "my-server", "most_relevant_trust_boundary": "", "most_relevant_shared_runtime": "", "most_relevant_communication_link": "", "data_breach_probability": "improbable", "data_breach_technical_assets": [] },The text was updated successfully, but these errors were encountered: