github.com/gemaraproj/gemara@v1.3.0

docs/tutorials/controls/capabilities.yaml raw

 1# Scope-specific capabilities for SEC.SLAM.CM (CapabilityCatalog).
 2# Referenced from threat-catalog.yaml via mapping-references id SEC.SLAM.CM.CAP.
 3# See threat-assessment-guide.md.
 4
 5title: Container Management Tool Security Capability Catalog
 6
 7metadata:
 8  id: SEC.SLAM.CM.CAP
 9  type: CapabilityCatalog
10  gemara-version: "1.2.0"
11  description: |
12    Capabilities unique to the container management tool scope; referenced by
13    threats in the SEC.SLAM.CM threat catalog.
14  version: 1.0.0
15  author:
16    id: example
17    name: Example
18    type: Human
19
20groups:
21  - id: SEC.SLAM.CM.CAPGRP01
22    title: Image retrieval and resolution
23    description: |
24      How the tool retrieves images and resolves references to artifacts.
25
26capabilities:
27  - id: SEC.SLAM.CM.CAP01
28    title: Image Retrieval by Tag
29    description: |
30      Ability to retrieve container images from registries using mutable tag names
31      (e.g., 'latest', 'v1.0').
32    group: SEC.SLAM.CM.CAPGRP01
33  - id: SEC.SLAM.CM.CAP02
34    title: Image Reference Lookup
35    description: |
36      The container management tool determines which artifact an image reference
37      (e.g. tag, URL) refers to via network requests; that determination may occur
38      at a different time than use, and references may be mutable.
39    group: SEC.SLAM.CM.CAPGRP01