Skip to content

2.0 dev threatmodeling #678

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
stevespringett wants to merge 17 commits into
base: 2.0-dev
Choose a base branch
from
Draft

2.0 dev threatmodeling #678

stevespringett wants to merge 17 commits into from

Conversation

@stevespringett
Copy link
Member

@stevespringett stevespringett commented Sep 3, 2025

Initial blueprint and threat modeling support for CycloneDX v2.0.

@stevespringett
Initial commit
9265fba 
Signed-off-by: Steve Springett <[email protected]>
@stevespringett
Added requirement prototype
513ef74 
Signed-off-by: Steve Springett <[email protected]>
@stevespringett
Initial checkin of blueprint and threat model support
83ce9d0 
Signed-off-by: Steve Springett <[email protected]>
@stevespringett stevespringett added this to the 2.0 milestone Sep 3, 2025
steve.springett and others added 14 commits October 29, 2025 09:54
Adding threat models
f4d10d4 
Signed-off-by: steve.springett <[email protected]>
@stevespringett
Merge remote-tracking branch 'origin/master' into 2.0-dev-threatmodeling
833bcc1
@stevespringett
Merge remote-tracking branch 'origin/2.0-dev' into 2.0-dev-threatmode…
e124ae5 
…ling
@petra-dv
Modified risk and model schemas
7a04e95
@stevespringett
Added .DS_Store to ignore
1bc014f 
Signed-off-by: Steve Springett <[email protected]>
@stevespringett
Merge remote-tracking branch 'origin/2.0-dev' into 2.0-dev-threatmode…
21b4d38 
…ling

Signed-off-by: Steve Springett <[email protected]>

# Conflicts:
#	schema/2.0/model/cyclonedx-common-2.0.schema.json
@stevespringett
Minor corrections to get bundle to compile.
83e8122 
Signed-off-by: Steve Springett <[email protected]>
@github-actions
chore: update bundled schemas [skip ci]
f52760a
@petra-dv
adressed comments and reviewed further the schema
e8f7aba
@petra-dv
fixed naming inconsistency
53cfdd1
@stevespringett
Merge branch '2.0-dev-threatmodeling' into 2.0-dev-threat-modeling-pe…
d999fac 
…tras-suggestions

Signed-off-by: Steve Springett <[email protected]>
@stevespringett
Modified risk and model schemas (#732)
d1ebee2 
Issue: 
As discussed in ticket #731 , this PR is a review of the schema

Model schema reviewed to ensure no data loss
Risk schema changes done based on risk and compliance tooling taxonomies
to ensure compatibility (including data classification etc)

This PR is to use for discussion on the TM-BOM discussion 0 not for
merging yet
@stevespringett
Fixed JSON issue
c6e1657 
Signed-off-by: Steve Springett <[email protected]>
@stevespringett
Initial checkin of behavior model. Should satisfy goals outlined in #670
941fa1f 
. Blueprints working group will continue to iterate and validate.

Signed-off-by: Steve Springett <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

proposed core enhancement prototype

Projects

None yet

Milestone

2.0

Development

Successfully merging this pull request may close these issues.

3 participants

@stevespringett @petra-dv