# Scope-specific capabilities for SEC.SLAM.CM (CapabilityCatalog). # Referenced from threat-catalog.yaml via mapping-references id SEC.SLAM.CM.CAP. # See threat-assessment-guide.md. title: Container Management Tool Security Capability Catalog metadata: id: SEC.SLAM.CM.CAP type: CapabilityCatalog gemara-version: "1.2.0" description: | Capabilities unique to the container management tool scope; referenced by threats in the SEC.SLAM.CM threat catalog. version: 1.0.0 author: id: example name: Example type: Human groups: - id: SEC.SLAM.CM.CAPGRP01 title: Image retrieval and resolution description: | How the tool retrieves images and resolves references to artifacts. capabilities: - id: SEC.SLAM.CM.CAP01 title: Image Retrieval by Tag description: | Ability to retrieve container images from registries using mutable tag names (e.g., 'latest', 'v1.0'). group: SEC.SLAM.CM.CAPGRP01 - id: SEC.SLAM.CM.CAP02 title: Image Reference Lookup description: | The container management tool determines which artifact an image reference (e.g. tag, URL) refers to via network requests; that determination may occur at a different time than use, and references may be mutable. group: SEC.SLAM.CM.CAPGRP01