enhance

wurstbrot · wurstbrot · commit 33b7ba2abe4a · 2020-08-15T21:10:20.000+02:00
diff --git a/data/BuildandDeployment.yml b/data/BuildandDeployment.yml
@@ -260,8 +260,8 @@ Patch Management:
     implementation:
       - Sample concept:<br/>(1) each container has a set lifetime and is killed / replaced with a new container multiple times a day where you have some form of a graceful replacement to ensure no (short) service outage will occur to the end users.<br/>(2) twice a day a rebuild of images is done. The rebuilds are put into a automated testing pipeline. If the testing has no blocking issues the new images will be released for deployment during the next "restart" of a container. What has to be done, is to ensure the new containers are deployed in some canary deployment manner, this will ensure that if (and only if) something buggy has been introduced which breaks functionality the canary deployment will make sure the "older version" is being used and not the buggy newer one.
   Reduction of the attack surface:
-    risk: Components, dependencies, or files might have Vulnerabilities, but the they are not needed.
-    measure: Removal of not needed components, dependencies or files.
+    risk: Components, dependencies, files or file access rights might have Vulnerabilities, but the they are not needed.
+    measure: Removal of not needed components, dependencies, files or file access rights.
     difficultyOfImplementation:
       knowledge: 3
       time: 3
diff --git a/data/TestandVerification.yml b/data/TestandVerification.yml
@@ -569,7 +569,7 @@ Static depth for infrastructure:
       time: 1
       resources: 2
     usefulness: 2
-    level: 2
+    level: 1
     implementation:
       - <a href="https://github.com/dxa4481/truffleHog">truffleHog</a>
       - <a href="https://github.com/nccgroup/go-pillage-registries">go-pillage-registries</a>
