Publish certcc.github.io/SSVC #534
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* init mkdocs * init material for mkdocs * add cmu/cert customization * file moves * start formatting * formatting * update authors, ack previous authors * reorganizing content * reorganizing content * reorganizing content * add site deploy action * add mailto link * why isn't workflow dispatch working? * add mkdocs-bibtex * move calculator into site nav * add boxes * add staging branch to deploy_site.yml * remove feature/* from deploy_site.yml * try out workflow to copy to staging * add name to workflow * removing copy on push workflow because YAGNI We can always put it back later if we want to. * add headings, split page * rename files to remove number prefixes * rename files to remove number prefixes * rename files to remove number prefixes * line break each sentence * add headers, boxes * add box, formatting * move methodology and eval into place * move future work * move related systems * split related systems and information sources * move conclusion text to about/index.md * remove obsolete dir * make include page for full cvss v3 tree * update project readme to reflect current directory layout * update project docs readme to reflect current state * move some pieces that are currently obsolete out of the way
* Create CODEOWNERS * add docs folder
* add - to list entries * fix links * rename introduction.md to index.md * fix shodan link * fix links to other pages * fix links to other pages * adjust wording * add local development instructions to project readme
* Create bootstrapping docs * add feature/* deploy_site.yml * Update deploy_site.yml * revise diagrams
* remove project docs (they are now in the wiki) https://github.com/CERTCC/SSVC/wiki * remove obsolete index.html * update readme and contributing to reflect wiki usage
* add drop column importance * add docstrings * add docstrings * more docstrings * newline * refactor and add unit tests * add test runner workflow * disable black check for now
* add mkdocs-print-site-plugin * fix errors reported by print-site plugin
* add new json schemas for decision points and dp groups * Update Decision_Point.schema.json change ID url to https://github.com/CERTCC/SSVC/tree/main/data/schema/... * Update Decision_Point_Group.schema.json change id url to https://github.com/CERTCC/SSVC/tree/main/data/schema/... --------- Co-authored-by: Vijay Sarvepalli <[email protected]>
* add new json schemas for decision points and dp groups * add ssvc module to represent existing decision points and groups for SSVC v1, v2, v2.1 * add decision point group schema validation test * add doc for csv analyzer * Update Decision_Point.schema.json change ID url to https://github.com/CERTCC/SSVC/tree/main/data/schema/... * Update Decision_Point_Group.schema.json change id url to https://github.com/CERTCC/SSVC/tree/main/data/schema/... --------- Co-authored-by: Vijay Sarvepalli <[email protected]>
also exclude them from generated site
…and in KEV (#346) * move away from deepcopy to just rebuilding decision points from scratch * add iterator to decision point group * add critical software and high value asset decision points - update unit tests * avoid deepcopy * don't need to specify namespace in object * add "in KEV" decision point to address #317
* add adrs * typo fix * make logic explicit * indent logic in lieu of parentheses * Clarify Decision Point Versioning rules (revises ADR 0003 into ADR 0006) (#369) * revise ADR 0003 into ADR 0006 * fix header
* add build steps to python-app.yml Now that we have a pyproject.toml, we can verify that the build process works too, and upload artifacts from each run Artifact retention is set to 14 days * fix column alignment
* add new json schemas for decision points and dp groups * add ssvc module to represent existing decision points and groups for SSVC v1, v2, v2.1 * add decision point group schema validation test * add doc for csv analyzer * add CVSS v1,2, and 3 decision points and groups * Update Decision_Point.schema.json change ID url to https://github.com/CERTCC/SSVC/tree/main/data/schema/... * Update Decision_Point_Group.schema.json change id url to https://github.com/CERTCC/SSVC/tree/main/data/schema/... * Merge access complexity and attack complexity into a single version tree * Merge access vector and attack vector into a single version tree --------- Co-authored-by: Vijay Sarvepalli <[email protected]>
* Add files via upload This CSV file contains a list of CWEs which may result in a PoC value for "state of exploitation" because "the vulnerability has a well-known method of exploitation." It contains links to potential exploit tools. It also contains CWEs which could not be PoCs as well as some reasoning behind this. * move cwe csv file to a folder * add csv as table in exploitation documentation --------- Co-authored-by: Allen D. Householder <[email protected]>
* add policy generator * add unit tests for outcome values and outcome groups * update requirements.txt * add unit tests * add unit tests * add docs * add docs * add docs * rename DSIO->DSOI * fix type hints * add unit test for dp groups * integrate policy generator with csv_analyzer * rename nav items
* reorg nav * use page includes to merge docs * add/fix headings * update nav * merge intros * reorder nav * refactor coordinator sections
…ts (#370) * reorganize dp groups into a submodule * add doctools script * add doctools-generated content * add previously unrepresented decision points * use generated content in includes * make decision points base rountrip to-from json correctly - It was broken before (values were not getting created as objects) - Make the _Commented a mixin class, but remove it from the base class anyway. We don't really need it yet. - Simplify the decision point registry - fix up unit tests * add unit tests for doctools.py * remove the _comment from the json file as it was breaking validation * ignore _version.py since it's generated by python build process * add docs for doctools.py * more unit tests * fix tests failing because bad merge * add decision point diff checker * merge virulence and automatable into a single verision sequence * regenerate content with new virulence/automatable merge * update docs for virulence/automatable merge * bring back virulence superseded warning * remove obsolete file * add h1 headers to pages
* add CVSS v1, 2, 3 to schema test * add decision points and a group for eq sets This commit adheres closely to the CVSS v4 spec terminology. We might want to revisit the descriptions or names later. * add dp_diff helper * merge CVSS groups * add CVSSv4 models * move version print to helper method * analyze_csv snuck back in a merge it now lives in ssvc.csv_analyzer * clean up __init__.py in various modules * new v4 modify helper and unit tests * refactor `not defined` values. CVSS v2 used ND as key CVSS v3, v4 uses X as key Deliberately referring to CVSS documentation for the Not Defined description since while it can change with CVSS versions, the semantics of not defined are ironically idempotent thus far. * add thefuzz requirements.txt for string compares * add CVSS v4 Supplemental metrics
* fix deprecation warning for mkdocs extensions * upgrade mkdocs to latest * add button grid and intro text
prep for enabling dependabot
Create dependabot.yml
Bumps the mkdocs group with 3 updates: [mkdocs-bibtex](https://github.com/shyamd/mkdocs-bibtex), [mkdocs-material](https://github.com/squidfunk/mkdocs-material) and [mkdocstrings](https://github.com/mkdocstrings/mkdocstrings). Updates `mkdocs-bibtex` from 2.12.0 to 2.14.1 - [Release notes](https://github.com/shyamd/mkdocs-bibtex/releases) - [Commits](shyamd/mkdocs-bibtex@v2.12.0...v2.14.1) Updates `mkdocs-material` from 9.5.11 to 9.5.12 - [Release notes](https://github.com/squidfunk/mkdocs-material/releases) - [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG) - [Commits](squidfunk/mkdocs-material@9.5.11...9.5.12) Updates `mkdocstrings` from 0.24.0 to 0.24.1 - [Release notes](https://github.com/mkdocstrings/mkdocstrings/releases) - [Changelog](https://github.com/mkdocstrings/mkdocstrings/blob/main/CHANGELOG.md) - [Commits](mkdocstrings/mkdocstrings@0.24.0...0.24.1) --- updated-dependencies: - dependency-name: mkdocs-bibtex dependency-type: direct:production update-type: version-update:semver-minor dependency-group: mkdocs - dependency-name: mkdocs-material dependency-type: direct:production update-type: version-update:semver-patch dependency-group: mkdocs - dependency-name: mkdocstrings dependency-type: direct:production update-type: version-update:semver-patch dependency-group: mkdocs ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Allen D. Householder <[email protected]>
Co-authored-by: Laurie Tyzenhaus <[email protected]>
* update references in risk tolerance also adjust format/spacing * typo fix * typo fix
* inline reference link * replace numbered table reference * formatting * inline refs
* draft of update for cvss v4 * add links, formatting, copy edit * break up list paragraph --------- Co-authored-by: Allen D. Householder <[email protected]>
* Update index.md * Update items_with_same_priority.md * Update items_with_same_priority.md
ahouseholder
added
documentation
|
Note: We should not squash merge this one, instead it should be a merge commit. |
* Update enumerating_stakeholders.md Line 30 replaced 'paper' with 'document' Line 26 replaced comment line. * remove highlight tags --------- Co-authored-by: Allen D. Householder <[email protected]>
|
Merged #535 into |
sei-vsarvepalli
approved these changes
Mar 8, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR is to sync the
publishbranch withmainin conjunction with the 2024.3 release.