update

wurstbrot · wurstbrot · commit bb7b5898cd3a · 2024-08-15T13:10:56.000+02:00
diff --git a/src/assets/YAML/default/BuildAndDeployment/PatchManagement.yaml b/src/assets/YAML/default/BuildAndDeployment/PatchManagement.yaml
@@ -262,4 +262,3 @@ Build and Deployment:
       implementation:
         - $ref: src/assets/YAML/default/implementations.yaml#/implementations/terraform
         - $ref: src/assets/YAML/default/implementations.yaml#/implementations/argocd
-      references:
diff --git a/src/assets/YAML/default/CultureAndOrganization/Process.yaml b/src/assets/YAML/default/CultureAndOrganization/Process.yaml
@@ -86,12 +86,9 @@ Culture and Organization:
         Not defining the protection requirement of applications can lead to wrong prioritization, delayed remediation of 
         critical security issues, increasing the risk of exploitation and potential damage to the organization.
       measure: |-
-        Defining the SLA to respond to findings depending on protection requirement and the corresponding handling of vulnerabilities per severity for components like applications are aligned to SLAs. 
-         This is performed for the hole organization and doesn't need to be broken down (yet) on team/product/application. 
-         At least quarterly.
-      description: |-
+        Defining the protection requirement. 
         The protection requirements for an application should consider:
-        - Data criticality
+        - Processed data criticality
         - Application accessibility (internal vs. external)
         - Regulatory compliance
         - Other relevant factors
@@ -101,7 +98,8 @@ Culture and Organization:
         resources: 1
       usefulness: 3
       level: 2
-      dependsOn: []
+      dependsOn:
+        - uuid:2a44b708-734f-4463-b0cb-86dc46344b2f # inventory of production components
       implementation:
         - $ref: src/assets/YAML/default/implementations.yaml#/implementations/owasp-defectdojo
         - $ref: src/assets/YAML/default/implementations.yaml#/implementations/purify
diff --git a/src/assets/YAML/default/TestAndVerification/Consolidation.yaml b/src/assets/YAML/default/TestAndVerification/Consolidation.yaml
@@ -23,7 +23,7 @@ Test and Verification:
       dependsOn:
         - uuid:38d1bd10-7b5f-4ae1-868c-0ec813285425 # Fix based on severity
         #- uuid:3260a15f-2df0-4173-8790-f11de2cb525a # Access applications accessibility TODO
-        - uuid: 2a44b708-734f-4463-b0cb-86dc46344b2f #iventory of apps
+        - uuid:2a44b708-734f-4463-b0cb-86dc46344b2f #iventory of apps
       implementation:
       references:
         samm2:
diff --git a/src/assets/YAML/default/TestAndVerification/StaticDepthForApplications.yaml b/src/assets/YAML/default/TestAndVerification/StaticDepthForApplications.yaml
@@ -157,7 +157,7 @@ Test and Verification:
           - 8.28 # Secure coding
       isImplemented: false
       dependsOn:
-        - uuid: 2a44b708-734f-4463-b0cb-86dc46344b2f # Inventory of production components
+        - uuid:2a44b708-734f-4463-b0cb-86dc46344b2f # Inventory of production components
       comments: ""
     Static analysis for all components/libraries:
       uuid: f4ff841d-3b2a-45d9-853e-5ec7ecbcb054
@@ -172,7 +172,7 @@ Test and Verification:
       dependsOn:
         - Static analysis for important client side components
         - Static analysis for important server side components
-        - uuid: 2a44b708-734f-4463-b0cb-86dc46344b2f # Inventory of production components
+        - uuid:2a44b708-734f-4463-b0cb-86dc46344b2f # Inventory of production components
       implementation: []
       references:
         samm2:
@@ -207,7 +207,7 @@ Test and Verification:
       dependsOn:
         - Static analysis for important client side components
         - Static analysis for important server side components
-        - uuid: 2a44b708-734f-4463-b0cb-86dc46344b2f # Inventory of production components
+        - uuid:2a44b708-734f-4463-b0cb-86dc46344b2f # Inventory of production components
       references:
         samm2:
           - V-ST-2-A
@@ -241,7 +241,7 @@ Test and Verification:
         - $ref: src/assets/YAML/default/implementations.yaml#/implementations/appscan-vscode-extension
       dependsOn:
         - Defined build process
-        - uuid: 2a44b708-734f-4463-b0cb-86dc46344b2f # Inventory of production components
+        - uuid:2a44b708-734f-4463-b0cb-86dc46344b2f # Inventory of production components
       references:
         samm2:
           - V-ST-2-A
@@ -274,7 +274,7 @@ Test and Verification:
         - $ref: src/assets/YAML/default/implementations.yaml#/implementations/appscan-vscode-extension
       dependsOn:
         - Defined build process
-        - uuid: 2a44b708-734f-4463-b0cb-86dc46344b2f # Inventory of production components
+        - uuid:2a44b708-734f-4463-b0cb-86dc46344b2f # Inventory of production components
       references:
         samm2:
           - V-ST-2-A
@@ -328,7 +328,7 @@ Test and Verification:
       level: 3
       dependsOn:
         - Defined build process
-        - uuid: 2a44b708-734f-4463-b0cb-86dc46344b2f # Inventory of production components
+        - uuid:2a44b708-734f-4463-b0cb-86dc46344b2f # Inventory of production components
       implementation:
         - $ref: src/assets/YAML/default/implementations.yaml#/implementations/retire-js
         - $ref: src/assets/YAML/default/implementations.yaml#/implementations/npm-audit
@@ -359,7 +359,7 @@ Test and Verification:
       level: 2
       dependsOn:
         - Defined build process
-        - uuid: 2a44b708-734f-4463-b0cb-86dc46344b2f # Inventory of production components
+        - uuid:2a44b708-734f-4463-b0cb-86dc46344b2f # Inventory of production components
       implementation:
         - $ref: src/assets/YAML/default/implementations.yaml#/implementations/owasp-dependency-che
         - $ref: src/assets/YAML/default/implementations.yaml#/implementations/dependencyTrack
diff --git a/src/assets/YAML/generated/generated.yaml b/src/assets/YAML/generated/generated.yaml
