Merge pull request #113 from l3montree-dev/improvement/additional-mit…

…igations Adds some futher mitigation hints
l3montree-dev · Dec 27, 2024 · d6fd1f3 · d6fd1f3
2 parents 1fc7262 + 54034f8
commit d6fd1f3
Show file tree

Hide file tree

Showing 2 changed files with 61 additions and 2 deletions.
diff --git a/src/components/ssdlc/threats-mitigations/DeployCompromisedNonCompliantSoftware.tsx b/src/components/ssdlc/threats-mitigations/DeployCompromisedNonCompliantSoftware.tsx
@@ -1,6 +1,8 @@
 import { ThreatMitigationTopic } from "@/types/view/threatMitigationsTypes";
 import { NextRouter } from "next/router";
 import { AssetMetricsDTO } from "../../../types/api/api";
+import { Button } from "@/components/ui/button";
+import Link from "next/link";
 
 export const deployCompromisedNoncompliantSoftware = (
   router: NextRouter,
@@ -16,6 +18,41 @@ export const deployCompromisedNoncompliantSoftware = (
           A compromised or noncompliant software package (or container) is
           deployed to the (production) operational environment.
         </p>
+        <p className="mt-2">
+          <strong>Mitigations:</strong> Ensure that the package is signed and
+          that the signature is verified before use.
+        </p>
+        <div className="mt-4 flex flex-row gap-2">
+          <Link
+            href={
+              router.asPath +
+              "/security-control-center?highlight=in-toto-provenance"
+            }
+          >
+            <Button size={"sm"} variant={"secondary"}>
+              Enable In-Toto Provenance
+            </Button>
+          </Link>
+          <Link
+            href={
+              router.asPath + "/security-control-center?highlight=image-signing"
+            }
+          >
+            <Button size={"sm"} variant={"secondary"}>
+              Enable Image Signing
+            </Button>
+          </Link>
+          <Link
+            href={
+              router.asPath +
+              "/security-control-center?highlight=image-verification"
+            }
+          >
+            <Button size={"sm"} variant={"secondary"}>
+              Enable Image Verification
+            </Button>
+          </Link>
+        </div>
       </>
     ),
   };

diff --git a/src/components/ssdlc/threats-mitigations/UseCompromisedPackage.tsx b/src/components/ssdlc/threats-mitigations/UseCompromisedPackage.tsx
@@ -20,8 +20,11 @@ export const useCompromisedPackage = (
           An adversary modifies the package after it has left the package
           registry, or tricks the user into using an unintended package.
         </p>
-        <p className="mt-2"></p>
-        <div className="mt-4">
+        <p className="mt-2">
+          <strong>Mitigations:</strong> Ensure that the package is signed and
+          that the signature is verified before use.
+        </p>
+        <div className="mt-4 flex flex-row gap-2">
           <Link
             href={
               router.asPath +
@@ -32,6 +35,25 @@ export const useCompromisedPackage = (
               Enable In-Toto Provenance
             </Button>
           </Link>
+          <Link
+            href={
+              router.asPath + "/security-control-center?highlight=image-signing"
+            }
+          >
+            <Button size={"sm"} variant={"secondary"}>
+              Enable Image Signing
+            </Button>
+          </Link>
+          <Link
+            href={
+              router.asPath +
+              "/security-control-center?highlight=image-verification"
+            }
+          >
+            <Button size={"sm"} variant={"secondary"}>
+              Enable Image Verification
+            </Button>
+          </Link>
         </div>
       </>
     ),