Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Create threats.yaml for Container Registry #527

Merged
merged 9 commits into from
Jan 20, 2025
Merged

Create threats.yaml for Container Registry #527

Changes from 2 commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
b9ab914
Create threats.yaml for Container Registry
kazmik23 Nov 11, 2024
47f99a7
Update and renamed threats.yaml
kazmik23 Nov 14, 2024
f8371ec
Updated threats.yaml for ContReg
kazmik23 Nov 19, 2024
c39cc31
Merge branch 'main' into patch-29
damienjburks Nov 25, 2024
b2dd1e1
Merge branch 'main' into patch-29
eddie-knight Jan 20, 2025
0779acf
Update services/devtools/ContainerReg/threats.yaml
eddie-knight Jan 20, 2025
c2ef236
Update services/devtools/ContainerReg/threats.yaml
eddie-knight Jan 20, 2025
a87ce95
Update services/devtools/ContainerReg/threats.yaml
eddie-knight Jan 20, 2025
b048405
Merge branch 'main' into patch-29
eddie-knight Jan 20, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
41 changes: 41 additions & 0 deletions services/devtools/ContainerReg/threats.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
common_threats:
- CCC.TH01 # Access control is misconfigured
- CCC.TH02 # Data is intercepted in transit
- CCC.TH03 # Deployment region network is untrusted
- CCC.TH04 # Data is replicated to untrusted or external locations
- CCC.TH05 # Data is corrupted during replication
- CCC.TH06 # Data is lost or corrupted
- CCC.TH07 # Logs are Tampered With or Deleted
- CCC.TH09 # Logs or Monitoring Data are Read by Unauthorized Users
- CCC.TH11 # Event Notifications are Incorrectly Triggered
- CCC.TH12 # Resource constraints are exhausted
- CCC.TH14 # Older Resource Versions Are Exploited
- CCC.TH15 # Automated Enumeration and Reconnaissance by Non-Human Entities
- CCC.TH16 # Non-compliance with encryption key management policies

threats:
- id: CCC.ContReg.TH01 # Vulnerabilities in Artifacts are Exploited
title: Vulnerabilities in Artifacts are Exploited
description: |
Attackers exploit known vulnerabilities in container images or artifacts stored in the registry, leading to unauthorized access, data breaches, or system compromise.
eddie-knight marked this conversation as resolved.
Show resolved Hide resolved
features:
- CCC.ContReg.F04 # Vulnerability Scanning Integration
controls:

Check failure on line 23 in services/devtools/ContainerReg/threats.yaml

View workflow job for this annotation

GitHub Actions / yaml-checker / yaml-check

Property controls is not allowed. yaml-schema: file:///schemas/threats-schema.json. 

Property controls is not allowed.
kazmik23 marked this conversation as resolved.
Show resolved Hide resolved
- CCC.ContReg.C01 # Implement Vulnerability Scanning for Artifacts
- CCC.C04 # Log all access and changes
mitre_technique:
- T1190 # Exploit Public-Facing Application
- T1195 # Supply Chain Compromise

- id: CCC.ContReg.TH02 # Accumulation of Unused Artifacts
title: Accumulation of Unused Artifacts
description: |
The registry accumulates outdated or unused artifacts, increasing storage costs and the risk of deploying vulnerable or untested versions.
eddie-knight marked this conversation as resolved.
Show resolved Hide resolved
features:
- CCC.ContReg.F06 # Cleanup Policies
- CCC.F18 # Versioning
controls:

Check failure on line 37 in services/devtools/ContainerReg/threats.yaml

View workflow job for this annotation

GitHub Actions / yaml-checker / yaml-check

Property controls is not allowed. yaml-schema: file:///schemas/threats-schema.json. 

Property controls is not allowed.
kazmik23 marked this conversation as resolved.
Show resolved Hide resolved
- CCC.ContReg.C02 # Implement Cleanup Policies for Artifacts
mitre_technique:
- T1490 # Inhibit System Recovery
- T1485 # Data Destruction
Loading