forked from gdg-x/aura
-
Notifications
You must be signed in to change notification settings - Fork 13
/
Copy pathwhatWeDo.json
273 lines (272 loc) · 10.3 KB
/
whatWeDo.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
{
"whatWeDo": [
{
"sectionHeader": "When To Use It",
"sectionDesc" : ["Develop and programmatically automate security in planning, development, assessment, and operational activities"],
"chevrons": [
"planning_chevron",
"development_chevron",
"assessment_chevron",
"operations_chevron"
],
"items": [
{
"name": "During PLANNING,<br />use MITRE SAF to:",
"link": "",
"bullets" : [
"Identify applicable security and privacy requirements",
"Assess development best practices guidance",
"Identify MITRE SAF tools to support development, assessment, & operations security processes"
]
},
{
"name": "During DEVELOPMENT,<br />use MITRE SAF to:",
"link": "",
"bullets" : [
"Implement relevant security hardening scripts",
"Validate security status and aggregate security testing data at each build",
"Drill-down in visualization tools to identify security defect root cause and mitigations",
"Set security testing results thresholds ","Assess development best practices guidance",
"Store or export “evidence” for assessors"
]
},
{
"name": "During ASSESSMENT,<br />use MITRE SAF to:",
"link": "",
"bullets" : [
"Aggregate all security control assessment data ",
"Visualize security status to prioritize assessment activities",
"Run validation checks on prioritized areas",
"Drill-down in visualization tools to identify root cause and inform risk assessment"
]
},
{
"name": "During OPERATIONS,<br />use MITRE SAF to:",
"link": "",
"bullets" : [
"Monitor security posture through validation checks",
"Aggregate normalized security testing content to enable data visualization, drill-down, and root cause analysis",
"Assign remediation actions for identified security risks"
]
}
]
},
{
"sectionHeader": "How We Support It",
"sectionDesc": [
"Develop a toolchain to support the above areas of What and How for secure development.",
"NOTE: The new <a href='https://saf-cli.mitre.org' target='_blank'>SAF CLI tool</a> replicates the functions of InSpec_Tools and Heimdall_Tools. The older tools have been deprecated."
],
"items": [
{
"name": "SAF CLI",
"link": "",
"desc": "Consolidates SAF automation goals into a convenient command-line tool, including commands to:",
"font_size" : "175",
"bullets" : [
"Generate InSpec security validation code",
"Set and validate threshold checks within a pipeline",
"Convert security tool test data to and from our standard Heimdall Data Format (HDF)",
"Automate Heimdall setup and deployment"
],
"icon": "",
"png" : "saf_logo",
"app_link": "",
"app_svg": "app",
"doc_link": "https://saf-cli.mitre.org",
"github_link": "https://github.com/mitre/saf",
"svg": "",
"tools": "",
"shields" : [
"https://img.shields.io/github/v/tag/mitre/saf?label=version",
"https://img.shields.io/docker/pulls/mitre/saf?label=docker%20hub%20pulls"
],
"border_color": "blue"
},
{
"name": "Heimdall Lite",
"link": "",
"desc": "A lightweight version of Heimdall for simple use cases",
"icon": "",
"png" : "heimdall_logo",
"app_link": "https://heimdall-lite.mitre.org",
"app_svg": "app",
"doc_link": "https://github.com/mitre/heimdall2/blob/master/README.md",
"github_link": "https://github.com/mitre/heimdall2",
"svg": "",
"tools": "",
"shields": [
"https://img.shields.io/github/v/tag/mitre/heimdall2?label=version",
"https://img.shields.io/npm/dt/heimdall-lite?label=npm%20downloads"
],
"border_color": "orange"
},
{
"name": "Heimdall Server",
"link": "",
"desc": "The complete Heimdall application - store results, coordinate across the development team, and more",
"icon": "",
"png" : "heimdall_logo",
"app_link": "https://heimdall-demo.mitre.org",
"app_svg": "app",
"doc_link": "https://github.com/mitre/heimdall2/blob/master/README.md",
"github_link": "https://github.com/mitre/heimdall2",
"svg": "",
"tools": "",
"shields": [
"https://img.shields.io/github/v/tag/mitre/heimdall2?label=version",
"https://img.shields.io/docker/pulls/mitre/heimdall2?label=docker%20hub%20pulls"
],
"border_color": "orange"
},
{
"name": "SAF CLI GitHub Action",
"link": "",
"desc": "Add SAF CLI functions to your GitHub Actions workflow",
"icon": "mdi-github",
"app_link": "",
"app_svg": "",
"github_link": "https://github.com/mitre/saf_action",
"svg": "",
"tools": "",
"border_color": "#4783B2"
},
{
"name": "InSpec Delta",
"link": "",
"desc": "Update an existing InSpec profile in-place with new XCCDF metadata",
"icon": "",
"png" : "saf_logo",
"app_link": "",
"app_svg": "app",
"doc_link": "https://github.com/mitre/saf#generate",
"github_link": "",
"svg": "",
"tools": "",
"border_color": "#4783B2"
},
{
"name": "Serverless InSpec (AWS)",
"link": "",
"desc": "Lambda function that allows execution of InSpec profiles in a serverless fashion",
"icon": "",
"png" : "aws_lambda_logo",
"app_link": "",
"app_svg": "app",
"doc_link": "",
"github_link": "https://github.com/mitre/serverless-inspec-lambda",
"svg": "",
"tools": "",
"shields": [
"https://img.shields.io/github/v/release/mitre/serverless-inspec-lambda?label=version"
],
"border_color": "#4783B2"
},
{
"name": "Serverless Heimdall Pusher (AWS)",
"link": "",
"desc": "Lambda function that pushes HDF results stored in an s3 bucket to Heimdall Server",
"icon": "",
"png" : "aws_lambda_logo",
"app_link": "",
"app_svg": "app",
"doc_link": "",
"github_link": "https://github.com/mitre/serverless-heimdall-pusher-lambda",
"svg": "",
"tools": "",
"shields": [
"https://img.shields.io/github/v/release/mitre/serverless-heimdall-pusher-lambda?label=version"
],
"border_color": "#4783B2"
},
{
"name": "emasser",
"link": "",
"desc": "CLI tool providing utilities for the Enterprise Mission Assurance Support Service (eMASS) via its REST API",
"icon": "",
"png" : "emass",
"png_dark" : "emass_dark",
"app_link": "",
"app_svg": "app",
"doc_link": "https://mitre.github.io/emasser/",
"github_link": "https://github.com/mitre/emasser",
"svg": "",
"tools": "",
"shields" : [
"https://img.shields.io/github/v/release/mitre/emasser?label=version",
"https://img.shields.io/gem/dt/emasser?label=gem%20downloads",
"https://img.shields.io/docker/pulls/mitre/emasser"
],
"border_color": "purple",
"img_width": 200,
"img_height": 100
},
{
"name": "eMASS Client",
"link": "",
"desc": "Repository that provides libraries for working with the eMASS REST API in your own tools (Ruby gem and Typescript package currently available)",
"icon": "",
"png" : "emass",
"png_dark" : "emass_dark",
"app_link": "",
"app_svg": "app",
"github_link": "https://github.com/mitre/emass_client",
"doc_link" : "https://mitre.github.io/emass_client/",
"svg": "",
"tools": "",
"shields" : [
"https://img.shields.io/github/v/release/mitre/emass_client?label=version",
"https://img.shields.io/gem/dt/emass_client?label=gem%20downloads",
"https://img.shields.io/npm/dt/emass_client?label=npm%20downloads"
],
"border_color": "purple",
"img_width": 200,
"img_height": 100
},
{
"name": "eMASS Checklist Updater",
"link": "",
"desc": "Tool to translate findings from older to newer versions of an eMASS Checklist",
"icon": "",
"png" : "emass",
"png_dark" : "emass_dark",
"app_link": "",
"app_svg": "app",
"doc_link": "",
"github_link": "https://github.com/mitre/ckl2ckl",
"svg": "",
"tools": "",
"border_color": "purple",
"img_width": 200,
"img_height": 100
},
{
"name": "Vulcan",
"link": "",
"desc": "Application for streamlining InSpec profile and overlay development using Security Requirements Guides (SRGs)",
"icon": "",
"png" : "saf_logo",
"app_link": "https://mitre-vulcan-staging.herokuapp.com",
"app_svg": "app",
"doc_link": "https://vulcan.mitre.org",
"github_link": "https://github.com/mitre/vulcan",
"svg": "",
"tools": "",
"border_color": "red"
},
{
"name": "Benchmark Generator",
"link": "",
"desc": "Generates complex output from an XCCDF file. Used to generate initial project files for automation tools in various formats.",
"icon": "",
"png" : "ansible-lockdown",
"app_svg": "app",
"github_link": "https://github.com/ansible-lockdown/Benchmark-Generator",
"svg": "",
"tools": "",
"border_color": "red"
}
]
}
]
}