1# Scope-specific capabilities for SEC.SLAM.CM (CapabilityCatalog).
2# Referenced from threat-catalog.yaml via mapping-references id SEC.SLAM.CM.CAP.
3# See threat-assessment-guide.md.
4
5title: Container Management Tool Security Capability Catalog
6
7metadata:
8 id: SEC.SLAM.CM.CAP
9 type: CapabilityCatalog
10 gemara-version: "1.2.0"
11 description: |
12 Capabilities unique to the container management tool scope; referenced by
13 threats in the SEC.SLAM.CM threat catalog.
14 version: 1.0.0
15 author:
16 id: example
17 name: Example
18 type: Human
19
20groups:
21 - id: SEC.SLAM.CM.CAPGRP01
22 title: Image retrieval and resolution
23 description: |
24 How the tool retrieves images and resolves references to artifacts.
25
26capabilities:
27 - id: SEC.SLAM.CM.CAP01
28 title: Image Retrieval by Tag
29 description: |
30 Ability to retrieve container images from registries using mutable tag names
31 (e.g., 'latest', 'v1.0').
32 group: SEC.SLAM.CM.CAPGRP01
33 - id: SEC.SLAM.CM.CAP02
34 title: Image Reference Lookup
35 description: |
36 The container management tool determines which artifact an image reference
37 (e.g. tag, URL) refers to via network requests; that determination may occur
38 at a different time than use, and references may be mutable.
39 group: SEC.SLAM.CM.CAPGRP01