github.com/gemaraproj/gemara@v1.3.0

docs/tutorials/mapping/mapping-document.yaml raw

 1# Secure Software Development Guidance to OWASP Top 10 (tutorial example)
 2# Conforms to Gemara #MappingDocument (mappingdocument.cue).
 3# gemara-version: v1.2.0 — https://github.com/gemaraproj/gemara/releases/tag/v1.2.0
 4# Source guidance catalog: ../guidance/guidance-example.yaml (metadata.id ORG.SSD.001)
 5# entry-type on source-reference / target-reference applies to all entries on that side (#TypedMapping).
 6title: Secure Software Development Guidance to OWASP Top 10
 7metadata:
 8  id: SSD-OWASP-MAP-001
 9  type: MappingDocument
10  gemara-version: "1.2.0"
11  description: >
12    Maps Secure Software Development Guidance guidelines to OWASP Top 10
13    categories. Minimal example for tutorials; relationship types are relates-to.
14  version: "1.0.0"
15  author:
16    id: gemara-example
17    name: Gemara Example Author
18    type: Human
19  mapping-references:
20    - id: ORG.SSD.001
21      title: Secure Software Development Guidance
22      version: "1.0.0"
23      url: "file://../guidance/guidance-example.yaml"
24    - id: OWASP
25      title: OWASP Top 10
26      version: "2021"
27      url: "https://owasp.org/Top10"
28
29source-reference:
30  reference-id: ORG.SSD.001
31  entry-type: Guideline
32target-reference:
33  reference-id: OWASP
34  entry-type: Guideline
35remarks: Guidance guidelines ORG.SSD.GL01–GL03 mapped to OWASP for tutorial use.
36
37mappings:
38  - id: GL01-A06
39    source: ORG.SSD.GL01
40    relationship: relates-to
41    targets:
42      - entry-id: "A06"
43        strength: 7
44        rationale: Immutable image references support supply chain integrity; OWASP A06 covers vulnerable and outdated components.
45
46  - id: GL02-A01
47    source: ORG.SSD.GL02
48    relationship: relates-to
49    targets:
50      - entry-id: "A01"
51        strength: 6
52        rationale: Branch protection reduces unauthorized code changes; OWASP A01 covers broken access control.
53
54  - id: GL03-A02
55    source: ORG.SSD.GL03
56    relationship: relates-to
57    targets:
58      - entry-id: "A02"
59        strength: 6
60        rationale: VPN on untrusted networks protects data in transit; OWASP A02 covers cryptographic failures.