1// Schema lifecycle: experimental | stable | deprecated
 2@status("experimental")
 3package gemara
 4
 5@go(gemara)
 6
 7// ThreatCatalog describes a set of topically-associated threats
 8#ThreatCatalog: {
 9	#Catalog
10	metadata: type: "ThreatCatalog"
11
12	// threats is a list of threats defined by this catalog
13	threats?: [#Threat, ...#Threat] @go(Threats)
14
15	if threats != _|_ {
16		_uniqueThreatIds: {for i, t in threats {(t.id): i}}
17		groups: [#Group, ...#Group]
18	}
19}
20
21// Threat describes a specifically-scoped opportunity for a negative impact to the organization
22#Threat: {
23	// id allows this entry to be referenced by other elements
24	id: string
25
26	// title describes this threat at a glance
27	title: string
28
29	// description provides a detailed explanation of an opportunity for negative impact
30	description: string
31
32	// group references by id a catalog group that this threat belongs to
33	group: string @go(Group)
34
35	// capabilities documents the relationship between this threat and a system capability
36	capabilities: [#MultiEntryMapping, ...#MultiEntryMapping]
37
38	// vectors documents the relationship between this threat and one or more vectors
39	vectors?: [#MultiEntryMapping, ...#MultiEntryMapping] @go(Vectors)
40
41	// actors describes the relevant internal or external threat actors
42	actors?: [#Actor, ...#Actor]
43}