Skip to content

Commit

Permalink
Create threats.yaml for Container Registry
Browse files Browse the repository at this point in the history
  • Loading branch information
@kazmik23
kazmik23 authored Nov 11, 2024
1 parent d9dd47c commit b9ab914
Showing 1 changed file with 41 additions and 0 deletions.
41 changes: 41 additions & 0 deletions services/devtools/containerRegistry/threats.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
common_threats:
- CCC.TH01 # Access control is misconfigured
- CCC.TH02 # Data is intercepted in transit
- CCC.TH03 # Deployment region network is untrusted
- CCC.TH04 # Data is replicated to untrusted or external locations
- CCC.TH05 # Data is corrupted during replication
- CCC.TH06 # Data is lost or corrupted
- CCC.TH07 # Logs are Tampered With or Deleted
- CCC.TH09 # Logs or Monitoring Data are Read by Unauthorized Users
- CCC.TH11 # Event Notifications are Incorrectly Triggered
- CCC.TH12 # Resource constraints are exhausted
- CCC.TH14 # Older Resource Versions Are Exploited
- CCC.TH15 # Automated Enumeration and Reconnaissance by Non-Human Entities
- CCC.TH16 # Non-compliance with encryption key management policies

threats:
- id: CCC.ContainReg.TH01 # Vulnerabilities in Artifacts are Exploited

Check failure on line 17 in services/devtools/containerRegistry/threats.yaml

View workflow job for this annotation

GitHub Actions / yaml-checker / yaml-check

String does not match the pattern of "^((CCC\.TH\d{2,8})|(CCC\.\w{1,8}\.TH\d{2,8}))$". yaml-schema: file:///schemas/threats-schema.json. 

String does not match the pattern of "^((CCC\.TH\d{2,8})|(CCC\.\w{1,8}\.TH\d{2,8}))$".

Threat ID in the format <category-id>.TH##

Source: threats-schema.json (schemas/threats-schema.json)
title: Vulnerabilities in Artifacts are Exploited
description: |
Attackers exploit known vulnerabilities in container images or artifacts stored in the registry, leading to unauthorized access, data breaches, or system compromise.
features:
- CCC.ContainReg.F04 # Vulnerability Scanning Integration
controls:

Check failure on line 23 in services/devtools/containerRegistry/threats.yaml

View workflow job for this annotation

GitHub Actions / yaml-checker / yaml-check

Property controls is not allowed. yaml-schema: file:///schemas/threats-schema.json. 

Property controls is not allowed.
- CCC.ContainReg.C01 # Implement Vulnerability Scanning for Artifacts
- CCC.C04 # Log all access and changes
mitre_technique:
- T1190 # Exploit Public-Facing Application
- T1195 # Supply Chain Compromise

- id: CCC.ContainReg.TH02 # Accumulation of Unused Artifacts

Check failure on line 30 in services/devtools/containerRegistry/threats.yaml

View workflow job for this annotation

GitHub Actions / yaml-checker / yaml-check

String does not match the pattern of "^((CCC\.TH\d{2,8})|(CCC\.\w{1,8}\.TH\d{2,8}))$". yaml-schema: file:///schemas/threats-schema.json. 

String does not match the pattern of "^((CCC\.TH\d{2,8})|(CCC\.\w{1,8}\.TH\d{2,8}))$".

Threat ID in the format <category-id>.TH##

Source: threats-schema.json (schemas/threats-schema.json)
title: Accumulation of Unused Artifacts
description: |
The registry accumulates outdated or unused artifacts, increasing storage costs and the risk of deploying vulnerable or untested versions.
features:
- CCC.ContainReg.F06 # Cleanup Policies
- CCC.F18 # Versioning
controls:

Check failure on line 37 in services/devtools/containerRegistry/threats.yaml

View workflow job for this annotation

GitHub Actions / yaml-checker / yaml-check

Property controls is not allowed. yaml-schema: file:///schemas/threats-schema.json. 

Property controls is not allowed.
- CCC.ContainReg.C02 # Implement Cleanup Policies for Artifacts
mitre_technique:
- T1490 # Inhibit System Recovery
- T1485 # Data Destruction

0 comments on commit b9ab914

Please sign in to comment.