1metadata:
 2  id: EXAMPLE-VECTOR-CATALOG
 3  type: VectorCatalog
 4  gemara-version: "0.20.0"
 5  version: "1.0.0"
 6  description: Example Vector Catalog
 7  author:
 8    id: security-team
 9    name: Security Team
10    type: Human
11  applicability-groups:
12    - id: containerized-systems
13      title: Containerized Systems
14      description: Systems running containerized applications
15title: Example Attack Vector Catalog
16
17groups:
18  - id: software-supply-chain
19    title: Software Supply Chain
20    description: Vectors related to the software supply chain, including dependencies and base images
21  - id: runtime-exploitation
22    title: Runtime Exploitation
23    description: Vectors related to exploiting runtime environments and configurations
24
25vectors:
26  - id: VEC-001
27    title: Container Image Vulnerabilities
28    description: Container images containing known vulnerabilities in base images or dependencies can be exploited by attackers.
29    group: software-supply-chain
30    applicability:
31      - containerized-systems
32
33  - id: VEC-002
34    title: Container Escape
35    description: Attackers exploit vulnerabilities in container runtime or misconfigurations to escape container isolation and access the host system.
36    group: runtime-exploitation
37    applicability:
38      - containerized-systems