From ceea352343c637b47ea3526f1c54af85273237fb Mon Sep 17 00:00:00 2001 From: Karsten Klein Date: Mon, 9 Sep 2024 20:41:11 +0200 Subject: [PATCH] review: formatted security policy for readability --- advisors/security-policy-dashboard.json | 195 +++++++++++++++++++++++- 1 file changed, 189 insertions(+), 6 deletions(-) diff --git a/advisors/security-policy-dashboard.json b/advisors/security-policy-dashboard.json index ab25462..ef5869b 100644 --- a/advisors/security-policy-dashboard.json +++ b/advisors/security-policy-dashboard.json @@ -2,18 +2,201 @@ "insignificantThreshold": 7.0, "includeScoreThreshold": -1.0, "includeVulnerabilitiesWithAdvisoryProviders": [ - {"name": "all", "implementation": "all"} + { + "name": "all", + "implementation": "all" + } ], "includeAdvisoryProviders": [ - {"name": "all", "implementation": "all"} + { + "name": "all", + "implementation": "all" + } + ], + "includeAdvisoryTypes": [ + "all" ], - "includeAdvisoryTypes": ["all"], "vulnerabilityStatusDisplayMapperName": "abstracted", "cvssSeverityRanges": "None:pastel-gray::0.0,Low:strong-yellow:0.1:3.9,Medium:strong-light-orange:4.0:6.9,High:strong-dark-orange:7.0:8.9,Critical:strong-red:9.0:", "priorityScoreSeverityRanges": "escalate:strong-red:9.0:,due:strong-dark-orange:7.0:8.9,elevated:strong-light-orange::6.9", - "cvssVersionSelectionPolicy": ["LATEST"], - "initialCvssSelector": {"stats":[],"rules":[{"method":"ALL","stats":[],"selector":[{"host":["NVD"],"issuerRole":["CNA"],"issuer":["NVD"]},{"host":["Microsoft Corporation"],"issuerRole":["*"],"issuer":["*"]},{"host":["NVD"],"issuerRole":["CNA"],"issuer":["Microsoft Corporation"]},{"host":["GitHub, Inc."],"issuerRole":["*"],"issuer":["*"]},{"host":["NVD"],"issuerRole":["CNA"],"issuer":["GitHub, Inc."]},{"host":["NVD"],"issuerRole":["*"],"issuer":["*"]},{"host":["CERT-SEI"],"issuerRole":["*"],"issuer":["*"]},{"host":["not:Assessment"],"issuerRole":["*"],"issuer":["*"]}],"vectorEval":[]}],"vectorEval":[]}, - "contextCvssSelector": {"stats":[{"comparator":"EQUAL","action":"RETURN_NULL","attribute":"assessment","value":0}],"rules":[{"method":"ALL","stats":[],"selector":[{"host":["NVD"],"issuerRole":["CNA"],"issuer":["NVD"]},{"host":["Microsoft Corporation"],"issuerRole":["*"],"issuer":["*"]},{"host":["NVD"],"issuerRole":["CNA"],"issuer":["Microsoft Corporation"]},{"host":["GitHub, Inc."],"issuerRole":["*"],"issuer":["*"]},{"host":["NVD"],"issuerRole":["CNA"],"issuer":["GitHub, Inc."]},{"host":["NVD"],"issuerRole":["*"],"issuer":["*"]},{"host":["CERT-SEI"],"issuerRole":["*"],"issuer":["*"]},{"host":["not:Assessment"],"issuerRole":["*"],"issuer":["*"]}],"vectorEval":[]},{"method":"ALL","stats":[{"provider":"PRESENCE","attribute":"assessment","setType":"ADD"}],"selector":[{"host":["Assessment"],"issuerRole":["*"],"issuer":["all"]}],"vectorEval":[]},{"method":"LOWER","stats":[{"provider":"PRESENCE","attribute":"assessment","setType":"ADD"}],"selector":[{"host":["Assessment"],"issuerRole":["*"],"issuer":["lower"]}],"vectorEval":[]},{"method":"HIGHER","stats":[{"provider":"PRESENCE","attribute":"assessment","setType":"ADD"}],"selector":[{"host":["Assessment"],"issuerRole":["*"],"issuer":["higher"]}],"vectorEval":[]}],"vectorEval":[{"and":["not:IS_BASE_FULLY_DEFINED"],"action":"RETURN_NULL"}]}, + "cvssVersionSelectionPolicy": [ + "LATEST" + ], + "initialCvssSelector": { + "stats": [], + "rules": [ + { + "method": "ALL", + "stats": [], + "selector": [ + { + "host": [ "NVD" ], + "issuerRole": [ "CNA" ], + "issuer": [ "NVD" ] + }, + { + "host": [ "Microsoft Corporation" ], + "issuerRole": [ "*" ], + "issuer": [ "*" ] + }, + { + "host": [ "NVD" ], + "issuerRole": [ "CNA" ], + "issuer": [ "Microsoft Corporation" ] + }, + { + "host": [ "GitHub, Inc." ], + "issuerRole": [ "*" ], + "issuer": [ "*" ] + }, + { + "host": [ "NVD" ], + "issuerRole": [ "CNA" ], + "issuer": [ "GitHub, Inc." ] + }, + { + "host": [ "NVD" ], + "issuerRole": [ "*" ], + "issuer": [ "*" ] + }, + { + "host": [ "CERT-SEI" ], + "issuerRole": [ "*" ], + "issuer": [ "*" ] + }, + { + "host": [ "not:Assessment" ], + "issuerRole": [ "*" ], + "issuer": [ "*" ] + } + ], + "vectorEval": [] + } + ], + "vectorEval": [] + }, + "contextCvssSelector": { + "stats": [ + { + "comparator": "EQUAL", + "action": "RETURN_NULL", + "attribute": "assessment", + "value": 0 + } + ], + "rules": [ + { + "method": "ALL", + "stats": [], + "selector": [ + { + "host": [ "NVD" + ], + "issuerRole": [ "CNA" ], + "issuer": [ "NVD" ] + }, + { + "host": [ "Microsoft Corporation" ], + "issuerRole": [ "*" ], + "issuer": [ "*" ] + }, + { + "host": [ "NVD" ], + "issuerRole": [ "CNA" ], + "issuer": [ "Microsoft Corporation" ] + }, + { + "host": [ "GitHub, Inc." ], + "issuerRole": [ "*" ], + "issuer": [ "*" ] + }, + { + "host": [ "NVD" ], + "issuerRole": [ "CNA" ], + "issuer": [ "GitHub, Inc." ] + }, + { + "host": [ "NVD" ], + "issuerRole": [ "*" ], + "issuer": [ "*" ] + }, + { + "host": [ "CERT-SEI" ], + "issuerRole": [ "*" ], + "issuer": [ "*" ] + }, + { + "host": [ "not:Assessment" ], + "issuerRole": [ "*" ], + "issuer": [ "*" ] + } + ], + "vectorEval": [] + }, + { + "method": "ALL", + "stats": [ + { + "provider": "PRESENCE", + "attribute": "assessment", + "setType": "ADD" + } + ], + "selector": [ + { + "host": [ "Assessment" ], + "issuerRole": [ "*" ], + "issuer": [ "all" ] + } + ], + "vectorEval": [] + }, + { + "method": "LOWER", + "stats": [ + { + "provider": "PRESENCE", + "attribute": "assessment", + "setType": "ADD" + } + ], + "selector": [ + { + "host": [ "Assessment" ], + "issuerRole": [ "*" ], + "issuer": [ "lower" ] + } + ], + "vectorEval": [] + }, + { + "method": "HIGHER", + "stats": [ + { + "provider": "PRESENCE", + "attribute": "assessment", + "setType": "ADD" + } + ], + "selector": [ + { + "host": [ "Assessment" ], + "issuerRole": [ "*" ], + "issuer": [ "higher" ] + } + ], + "vectorEval": [] + } + ], + "vectorEval": [ + { + "and": [ + "not:IS_BASE_FULLY_DEFINED" + ], + "action": "RETURN_NULL" + } + ] + }, "priorityScoreConfiguration": { "eol": { "noExtendedSupport": {