├── .github └── workflows │ ├── pbom-content.yml │ └── website-json.yml ├── CHANGELOG.md ├── CODE_OF_CONDUCT.md ├── CONTRIBUTING.md ├── LICENSE ├── README.md ├── content ├── docs │ └── technique.md ├── oscar │ ├── detections │ │ ├── .gitignore │ │ ├── D1090 - Implement package or image integrity verification.yaml │ │ ├── D1120 - Implement source code scanning for credentials.yaml │ │ ├── D1130 - Implement account activity monitoring.yaml │ │ ├── D1131 - Implement SIEM.yaml │ │ ├── D1170 - Configure application audit logs to detect injection attacks.yaml │ │ ├── D1171 - Implement Web Application Firewall.yaml │ │ ├── D1230 - Implement API endpoint monitoring.yaml │ │ ├── D1231 - Implement API security testing.yaml │ │ ├── D1260 - Implement security regular audit and review.yaml │ │ ├── D1261 - Implement penetration testing.yaml │ │ ├── D1262 - Implement vulnerability assesment.yaml │ │ ├── D1270 - Implement network scanning.yaml │ │ ├── D1300 - Implement regular log reviews.yaml │ │ ├── D1310 - Monitor user access logs.yaml │ │ ├── D1430 - Monitor for failed login attempts.yaml │ │ ├── D1431 - Monitor for changes of user permissions.yaml │ │ ├── D1490 - Monitor repository access.yaml │ │ ├── D1500 - Configure monitoring of used artifacts and open-source libraries.yaml │ │ ├── D1510 - Implement intrusion detection system and anti-malware.yaml │ │ ├── D1520 - Implement endpoint detection and response system.yaml │ │ ├── D1550 - Implement real-time monitoring of cloud resources.yaml │ │ ├── D1580 - Regularly review and audit templates.yaml │ │ ├── D1590 - Implement continuous monitoring and logging of the CICD process.yaml │ │ ├── D1650 - Audit rogue creation of API credentials.yaml │ │ ├── D1680 - Monitor code repositories activity.yaml │ │ ├── D1750 - Monitor resource creation.yaml │ │ ├── D1751 - Monitor resource usage.yaml │ │ ├── D1780 - Monitor authentication logs.yaml │ │ ├── D1781 - Audit and review deploy key access.yaml │ │ ├── D1790 - Audit and review WebHook configurations.yaml │ │ ├── D1791 - Analyze WebHook payloads and activity.yaml │ │ ├── D1860 - Configure audit logs for SCM.yaml │ │ ├── D1880 - Missing Anti-CSRF token.yaml │ │ ├── D1881 - Missing Referer header.yaml │ │ └── D1930 - Regularly review and audit environment variables.yaml │ ├── mitigations │ │ ├── .gitignore │ │ ├── M1000 - Limit Publicly Available Information.yaml │ │ ├── M1001 - Avoid Predictable Naming Conventions.yaml │ │ ├── M1090 - Implement code and image signing.yaml │ │ ├── M1100 - Implement contributor validation.yaml │ │ ├── M1120 - Store credentials in vault.yaml │ │ ├── M1121 - Enable git hooks.yaml │ │ ├── M1122 - Implement token management best practices.yaml │ │ ├── M1123 - Implement token access control and permissions.yaml │ │ ├── M1124 - Use token encryption and obfuscation.yaml │ │ ├── M1130 - Implement password rotation.yaml │ │ ├── M1131 - Disable or lock compromised accounts.yaml │ │ ├── M1132 - Enable MFA for user accounts.yaml │ │ ├── M1170 - Use parameterized queries.yaml │ │ ├── M1171 - Use stored procedures.yaml │ │ ├── M1172 - Use allow-list input validation.yaml │ │ ├── M1173 - Escape all user supplied input.yaml │ │ ├── M1180 - Avoid calling OS commands directly.yaml │ │ ├── M1181 - Use parametrization with input validation.yaml │ │ ├── M1182 - Implement least privilege.yaml │ │ ├── M1190 - Use framework security mechanisms.yaml │ │ ├── M1191 - Escape all user supplied input.yaml │ │ ├── M1192 - Encode data output.yaml │ │ ├── M1193 - Use HTML sanitization.yaml │ │ ├── M1194 - Use content security policy.yaml │ │ ├── M1200 - Verify package authenticity.yaml │ │ ├── M1201 - Restrict egress traffic from CICD.yaml │ │ ├── M1220 - Use only trusted third-party Github actions.yaml │ │ ├── M1221 - Review the Github action source code.yaml │ │ ├── M1222 - Limit the permissions granted to third-party Github actions.yaml │ │ ├── M1230 - Secure API access control.yaml │ │ ├── M1231 - Implement Proper API documentation.yaml │ │ ├── M1232 - Implement API endpoint hardening.yaml │ │ ├── M1240 - Enable data encryption at rest.yaml │ │ ├── M1241 - Use strong encryption algorithms.yaml │ │ ├── M1250 - Enable data encryption in transit.yaml │ │ ├── M1260 - Implement least privilege access for cloud storages.yaml │ │ ├── M1261 - Implement proper access control for cloud storages.yaml │ │ ├── M1270 - Implement proper access control for databases.yaml │ │ ├── M1271 - Protect database credentials.yaml │ │ ├── M1272 - Audit server configuration.yaml │ │ ├── M1280 - Implement least privilege network access.yaml │ │ ├── M1281 - Configure network security group.yaml │ │ ├── M1282 - Secure default configurations.yaml │ │ ├── M1290 - Double-checking package or container names.yaml │ │ ├── M1291 - Verify package or container sources.yaml │ │ ├── M1300 - Implement log sanitization.yaml │ │ ├── M1301 - Configure log levels and verbosity.yaml │ │ ├── M1302 - Implement strict access controls for logs.yaml │ │ ├── M1310 - Implement least privilege principle.yaml │ │ ├── M1311 - Implement multi-factor authentication.yaml │ │ ├── M1320 - Implement least privilege principle for containers.yaml │ │ ├── M1321 - Container or runner hardening.yaml │ │ ├── M1322 - Container or runner agent runtime security.yaml │ │ ├── M1330 - Implement regular plugin updates.yaml │ │ ├── M1331 - Conduct plugin security review.yaml │ │ ├── M1332 - Implement least privilege principle for plugins.yaml │ │ ├── M1340 - Implement regular account review.yaml │ │ ├── M1440 - Review logging settings.yaml │ │ ├── M1441 - Implement centralized logging.yaml │ │ ├── M1450 - Implement zero trust.yaml │ │ ├── M1451 - Use network segmentation.yaml │ │ ├── M1480 - Limit the privileges of the runner .yaml │ │ ├── M1481 - Do not use self-hosted runners for public repositories.yaml │ │ ├── M1490 - Restrict the ability to delete repositories.yaml │ │ ├── M1491 - Implement backup and recovery.yaml │ │ ├── M1500 - Verify third-party artifacts and open-source libraries.yaml │ │ ├── M1501 - Require SBOM from all third-party suppliers.yaml │ │ ├── M1502 - Define trusted package managers and repositories.yaml │ │ ├── M1503 - Implement SCA analysis.yaml │ │ ├── M1520 - Use security scanning tools.yaml │ │ ├── M1521 - Use containerization.yaml │ │ ├── M1530 - Use multi-factor authentication.yaml │ │ ├── M1531 - Implement endpoint security solutions.yaml │ │ ├── M1532 - Implement least privilege access controls.yaml │ │ ├── M1540 - Use trusted sources.yaml │ │ ├── M1541 - Read reviews and ratings.yaml │ │ ├── M1542 - Check extension permissions.yaml │ │ ├── M1543 - Update extensions regularly.yaml │ │ ├── M1550 - Implement strict access control for clouds.yaml │ │ ├── M1551 - Use built-in security controls.yaml │ │ ├── M1560 - Regularly audit webhooks.yaml │ │ ├── M1561 - Monitor outbound traffic.yaml │ │ ├── M1562 - Implement access controls for webhooks.yaml │ │ ├── M1563 - Use data encryption for webhooks.yaml │ │ ├── M1580 - Restrict access to templates.yaml │ │ ├── M1581 - Template validation.yaml │ │ ├── M1590 - Implement artifact signing and verifiaction.yaml │ │ ├── M1591 - Validate dependencies.yaml │ │ ├── M1630 - Implement runtime encryption.yaml │ │ ├── M1660 - Isolate pipeline for unreviewed code.yaml │ │ ├── M1661 - Revoke users permissions.yaml │ │ ├── M1662 - Evaluate pipeline execution permissions.yaml │ │ ├── M1680 - Limit access to code repositories.yaml │ │ ├── M1720 - Implement regular patches and updates.yaml │ │ ├── M1730 - Implement code reviews.yaml │ │ ├── M1731 - Implement verification of signed commits.yaml │ │ ├── M1732 - Implement code scanning for security risks.yaml │ │ ├── M1740 - Establish guidelines for the use of SaaS application.yaml │ │ ├── M1741 - Implement access controls and permissions for SaaS applications.yaml │ │ ├── M1750 - Implement proper resource tagging.yaml │ │ ├── M1751 - Implement resource management policies.yaml │ │ ├── M1752 - Regularly review and audit cloud resources.yaml │ │ ├── M1760 - Regularly review and update security configurations.yaml │ │ ├── M1761 - Implement automated security tools.yaml │ │ ├── M1770 - Implement least privilege principle for serverless workloads.yaml │ │ ├── M1771 - Regularly review and update permissions.yaml │ │ ├── M1780 - Restrict access to machines with deploy keys.yaml │ │ ├── M1781 - Use dedicated machines for deploy keys.yaml │ │ ├── M1782 - Securely store private keys.yaml │ │ ├── M1783 - Rotate deploy keys regularly.yaml │ │ ├── M1790 - Limit access to webhooks.yaml │ │ ├── M1791 - Use secure communication channels.yaml │ │ ├── M1792 - Implement secure WebHook configurations.yaml │ │ ├── M1830 - Restrict token access.yaml │ │ ├── M1860 - Implement strong authentication mechanisms.yaml │ │ ├── M1861 - Implement strong authorization mechanisms.yaml │ │ ├── M1880 - Implement Anti-CSRF token.yaml │ │ ├── M1881 - Enable SameSite cookies.yaml │ │ ├── M1882 - Implement Strict Referer Policy.yaml │ │ ├── M1883 - Implement Web Application Firewall.yaml │ │ ├── M1890 - Encrypt secrets.yaml │ │ ├── M1930 - Avoid storing sensitive information in environment variables.yaml │ │ └── M1931 - Use a secure secrets management system.yaml │ ├── procedures │ │ └── .gitignore │ ├── realms │ │ └── .gitignore │ ├── stories │ │ ├── AS1 - Webmin 1.900 RCE.yaml │ │ ├── AS107 - Dependabot.yaml │ │ ├── AS108 - JuiceStealer.yaml │ │ ├── AS109 - Pytorch.yaml │ │ ├── AS2 - 3CX Software.yaml │ │ ├── AS3 - Codecov Bash Uploader.yaml │ │ ├── AS4 - PHP Backdoor.yaml │ │ ├── AS5 - CCleaner.yaml │ │ └── AS6 - SolarWinds.yaml │ ├── tactics │ │ └── .gitignore │ └── techniques │ │ ├── .gitignore │ │ ├── T0100 - Discover naming conventions.yaml │ │ ├── T0101 - Discover technology stacks.yaml │ │ ├── T0102 - Discover used open-source dependencies.yaml │ │ ├── T0103 - Scan public artifacts for secrets.yaml │ │ ├── T0104 - Discover coding flaws.yaml │ │ ├── T0105 - Active scanning.yaml │ │ ├── T0106 - Scan configuration on public resources.yaml │ │ ├── T0107 - Discover internal artifacts names.yaml │ │ ├── T0108 - Accounts in public registry.yaml │ │ ├── T0109 - Publish malicious artifact.yaml │ │ ├── T0110 - Advertise malicious artifact.yaml │ │ ├── T0111 - Malicious code contribution to an open-source repository.yaml │ │ ├── T0112 - Compromised token.yaml │ │ ├── T0113 - Compromised user account.yaml │ │ ├── T0114 - Compromised service account.yaml │ │ ├── T0115 - Repojacking.yaml │ │ ├── T0116 - Shadow IT.yaml │ │ ├── T0117 - SQL injection.yaml │ │ ├── T0118 - Command injection.yaml │ │ ├── T0119 - Cross-site scripting.yaml │ │ ├── T0120 - Dependency Confusion.yaml │ │ ├── T0121 - Compromised legitimate artifact.yaml │ │ ├── T0122 - Vulnerability in third-party dependency.yaml │ │ ├── T0123 - Exposed internal API.yaml │ │ ├── T0124 - Unencrypted data at rest.yaml │ │ ├── T0125 - Unencrypted data at transit.yaml │ │ ├── T0126 - Exposed storage.yaml │ │ ├── T0127 - Exposed database.yaml │ │ ├── T0128 - Permissive network access.yaml │ │ ├── T0129 - Typosquatting.yaml │ │ ├── T0130 - Harvest secrets from logs.yaml │ │ ├── T0131 - Overprivileged user account.yaml │ │ ├── T0132 - Runners agents running with high user privileges.yaml │ │ ├── T0133 - Vulnerable CICD plugins.yaml │ │ ├── T0134 - Add user.yaml │ │ ├── T0135 - Vulnerable CICD system.yaml │ │ ├── T0136 - Brandjacking.yaml │ │ ├── T0137 - Weak authentication methods.yaml │ │ ├── T0138 - Backdoor in code.yaml │ │ ├── T0139 - Resource hijacking.yaml │ │ ├── T0140 - Dump tokens from the environment variable.yaml │ │ ├── T0141 - Forge developer reputation.yaml │ │ ├── T0142 - Accidental public disclosure of internal resources.yaml │ │ ├── T0143 - External user accounts.yaml │ │ ├── T0144 - Misconfigured traffic log settings.yaml │ │ ├── T0145 - Bypass of outbound traffic control.yaml │ │ ├── T0146 - Misconfigured audit logs settings.yaml │ │ ├── T0147 - Scan public CICD configurations for secrets and vulnerable actions.yaml │ │ ├── T0148 - Scheduled TaskJob on self hosted runner.yaml │ │ ├── T0149 - Delete repositories for DoS.yaml │ │ ├── T0150 - Runtime logic bomb.yaml │ │ ├── T0151 - Installation scripts.yaml │ │ ├── T0152 - IDE.yaml │ │ ├── T0153 - Compromised developer workstation.yaml │ │ ├── T0154 - Malicious IDE extension.yaml │ │ ├── T0155 - Cloud workload.yaml │ │ ├── T0156 - Webhook.yaml │ │ ├── T0157 - Combosquatting.yaml │ │ ├── T0158 - Vulnerable CICD template.yaml │ │ ├── T0159 - Malicious artifact execution.yaml │ │ ├── T0161 - Implant in zombie instance .yaml │ │ ├── T0162 - Passwords in CICD logs.yaml │ │ ├── T0163 - Runtime leakage of password .yaml │ │ ├── T0164 - Inject malicious dependency to privileged user repository.yaml │ │ ├── T0165 - Create access token.yaml │ │ ├── T0166 - Trigger pipeline execution.yaml │ │ ├── T0167 - Recursive PR.yaml │ │ ├── T0168 - Source code.yaml │ │ ├── T0169 - Push implants across repositories .yaml │ │ ├── T0170 - Malicious Compiler or Interpreter.yaml │ │ ├── T0172 - Runtime Backdoor.yaml │ │ ├── T0173 - Auto merge rules in SCM.yaml │ │ ├── T0174 - SaaS sprawl.yaml │ │ ├── T0175 - Untagged resources.yaml │ │ ├── T0176 - Misconfiguration of security measures.yaml │ │ ├── T0177 - Misconfiguration of serverless workloads.yaml │ │ ├── T0178 - Deploy keys.yaml │ │ ├── T0179 - Exposed WebHook.yaml │ │ ├── T0180 - Services(Servers) compromise.yaml │ │ ├── T0181 - Malicious module injection.yaml │ │ ├── T0182 - Bypass Review using admin permission.yaml │ │ ├── T0183 - Dumping short-lived token.yaml │ │ ├── T0184 - Dumping credentials from files.yaml │ │ ├── T0185 - Steal credentials in container artifacts.yaml │ │ ├── T0186 - Source Code Leak.yaml │ │ ├── T0187 - Exposed Storage.yaml │ │ ├── T0188 - CSRF.yaml │ │ ├── T0189 - Secrets in configuration files.yaml │ │ ├── T0190 - Weak Encryption.yaml │ │ ├── T0191 - Malicious code in artifacts.yaml │ │ ├── T0192 - Sensitive information in logs.yaml │ │ ├── T0193 - Sensitive information in environment variables.yaml │ │ ├── T0194 - Outdated software components.yaml │ │ ├── T0195 - Spoofed Commits.yaml │ │ ├── T0196 - Backdoor in code.yaml │ │ ├── T0197 - Use code from untrusted source.yaml │ │ ├── T0198 - Malicious Build Time Dependencies.yaml │ │ └── T0199 - Secrets Leak.yaml ├── templates │ ├── detection.yaml │ ├── mitigation.yaml │ ├── procedure.yaml │ ├── realm.yaml │ ├── stories │ │ └── AS1 - Webmin 1.900 RCE.yaml │ ├── tactic.yaml │ └── technique.yaml └── website │ └── matrix.json ├── helpers ├── create_pbom_release.py └── tech_to_json.py └── matrix.json /.github/workflows/pbom-content.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/.github/workflows/pbom-content.yml -------------------------------------------------------------------------------- /.github/workflows/website-json.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/.github/workflows/website-json.yml -------------------------------------------------------------------------------- /CHANGELOG.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/CHANGELOG.md -------------------------------------------------------------------------------- /CODE_OF_CONDUCT.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/CODE_OF_CONDUCT.md -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/CONTRIBUTING.md -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/LICENSE -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/README.md -------------------------------------------------------------------------------- /content/docs/technique.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/docs/technique.md -------------------------------------------------------------------------------- /content/oscar/detections/.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/detections/.gitignore -------------------------------------------------------------------------------- /content/oscar/detections/D1090 - Implement package or image integrity verification.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/detections/D1090 - Implement package or image integrity verification.yaml -------------------------------------------------------------------------------- /content/oscar/detections/D1120 - Implement source code scanning for credentials.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/detections/D1120 - Implement source code scanning for credentials.yaml -------------------------------------------------------------------------------- /content/oscar/detections/D1130 - Implement account activity monitoring.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/detections/D1130 - Implement account activity monitoring.yaml -------------------------------------------------------------------------------- /content/oscar/detections/D1131 - Implement SIEM.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/detections/D1131 - Implement SIEM.yaml -------------------------------------------------------------------------------- /content/oscar/detections/D1170 - Configure application audit logs to detect injection attacks.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/detections/D1170 - Configure application audit logs to detect injection attacks.yaml -------------------------------------------------------------------------------- /content/oscar/detections/D1171 - Implement Web Application Firewall.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/detections/D1171 - Implement Web Application Firewall.yaml -------------------------------------------------------------------------------- /content/oscar/detections/D1230 - Implement API endpoint monitoring.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/detections/D1230 - Implement API endpoint monitoring.yaml -------------------------------------------------------------------------------- /content/oscar/detections/D1231 - Implement API security testing.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/detections/D1231 - Implement API security testing.yaml -------------------------------------------------------------------------------- /content/oscar/detections/D1260 - Implement security regular audit and review.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/detections/D1260 - Implement security regular audit and review.yaml -------------------------------------------------------------------------------- /content/oscar/detections/D1261 - Implement penetration testing.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/detections/D1261 - Implement penetration testing.yaml -------------------------------------------------------------------------------- /content/oscar/detections/D1262 - Implement vulnerability assesment.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/detections/D1262 - Implement vulnerability assesment.yaml -------------------------------------------------------------------------------- /content/oscar/detections/D1270 - Implement network scanning.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/detections/D1270 - Implement network scanning.yaml -------------------------------------------------------------------------------- /content/oscar/detections/D1300 - Implement regular log reviews.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/detections/D1300 - Implement regular log reviews.yaml -------------------------------------------------------------------------------- /content/oscar/detections/D1310 - Monitor user access logs.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/detections/D1310 - Monitor user access logs.yaml -------------------------------------------------------------------------------- /content/oscar/detections/D1430 - Monitor for failed login attempts.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/detections/D1430 - Monitor for failed login attempts.yaml -------------------------------------------------------------------------------- /content/oscar/detections/D1431 - Monitor for changes of user permissions.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/detections/D1431 - Monitor for changes of user permissions.yaml -------------------------------------------------------------------------------- /content/oscar/detections/D1490 - Monitor repository access.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/detections/D1490 - Monitor repository access.yaml -------------------------------------------------------------------------------- /content/oscar/detections/D1500 - Configure monitoring of used artifacts and open-source libraries.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/detections/D1500 - Configure monitoring of used artifacts and open-source libraries.yaml -------------------------------------------------------------------------------- /content/oscar/detections/D1510 - Implement intrusion detection system and anti-malware.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/detections/D1510 - Implement intrusion detection system and anti-malware.yaml -------------------------------------------------------------------------------- /content/oscar/detections/D1520 - Implement endpoint detection and response system.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/detections/D1520 - Implement endpoint detection and response system.yaml -------------------------------------------------------------------------------- /content/oscar/detections/D1550 - Implement real-time monitoring of cloud resources.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/detections/D1550 - Implement real-time monitoring of cloud resources.yaml -------------------------------------------------------------------------------- /content/oscar/detections/D1580 - Regularly review and audit templates.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/detections/D1580 - Regularly review and audit templates.yaml -------------------------------------------------------------------------------- /content/oscar/detections/D1590 - Implement continuous monitoring and logging of the CICD process.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/detections/D1590 - Implement continuous monitoring and logging of the CICD process.yaml -------------------------------------------------------------------------------- /content/oscar/detections/D1650 - Audit rogue creation of API credentials.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/detections/D1650 - Audit rogue creation of API credentials.yaml -------------------------------------------------------------------------------- /content/oscar/detections/D1680 - Monitor code repositories activity.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/detections/D1680 - Monitor code repositories activity.yaml -------------------------------------------------------------------------------- /content/oscar/detections/D1750 - Monitor resource creation.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/detections/D1750 - Monitor resource creation.yaml -------------------------------------------------------------------------------- /content/oscar/detections/D1751 - Monitor resource usage.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/detections/D1751 - Monitor resource usage.yaml -------------------------------------------------------------------------------- /content/oscar/detections/D1780 - Monitor authentication logs.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/detections/D1780 - Monitor authentication logs.yaml -------------------------------------------------------------------------------- /content/oscar/detections/D1781 - Audit and review deploy key access.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/detections/D1781 - Audit and review deploy key access.yaml -------------------------------------------------------------------------------- /content/oscar/detections/D1790 - Audit and review WebHook configurations.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/detections/D1790 - Audit and review WebHook configurations.yaml -------------------------------------------------------------------------------- /content/oscar/detections/D1791 - Analyze WebHook payloads and activity.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/detections/D1791 - Analyze WebHook payloads and activity.yaml -------------------------------------------------------------------------------- /content/oscar/detections/D1860 - Configure audit logs for SCM.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/detections/D1860 - Configure audit logs for SCM.yaml -------------------------------------------------------------------------------- /content/oscar/detections/D1880 - Missing Anti-CSRF token.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/detections/D1880 - Missing Anti-CSRF token.yaml -------------------------------------------------------------------------------- /content/oscar/detections/D1881 - Missing Referer header.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/detections/D1881 - Missing Referer header.yaml -------------------------------------------------------------------------------- /content/oscar/detections/D1930 - Regularly review and audit environment variables.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/detections/D1930 - Regularly review and audit environment variables.yaml -------------------------------------------------------------------------------- /content/oscar/mitigations/.gitignore: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /content/oscar/mitigations/M1000 - Limit Publicly Available Information.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/mitigations/M1000 - Limit Publicly Available Information.yaml -------------------------------------------------------------------------------- /content/oscar/mitigations/M1001 - Avoid Predictable Naming Conventions.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/mitigations/M1001 - Avoid Predictable Naming Conventions.yaml -------------------------------------------------------------------------------- /content/oscar/mitigations/M1090 - Implement code and image signing.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/mitigations/M1090 - Implement code and image signing.yaml -------------------------------------------------------------------------------- /content/oscar/mitigations/M1100 - Implement contributor validation.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/mitigations/M1100 - Implement contributor validation.yaml -------------------------------------------------------------------------------- /content/oscar/mitigations/M1120 - Store credentials in vault.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/mitigations/M1120 - Store credentials in vault.yaml -------------------------------------------------------------------------------- /content/oscar/mitigations/M1121 - Enable git hooks.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/mitigations/M1121 - Enable git hooks.yaml -------------------------------------------------------------------------------- /content/oscar/mitigations/M1122 - Implement token management best practices.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/mitigations/M1122 - Implement token management best practices.yaml -------------------------------------------------------------------------------- /content/oscar/mitigations/M1123 - Implement token access control and permissions.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/mitigations/M1123 - Implement token access control and permissions.yaml -------------------------------------------------------------------------------- /content/oscar/mitigations/M1124 - Use token encryption and obfuscation.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/mitigations/M1124 - Use token encryption and obfuscation.yaml -------------------------------------------------------------------------------- /content/oscar/mitigations/M1130 - Implement password rotation.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/mitigations/M1130 - Implement password rotation.yaml -------------------------------------------------------------------------------- /content/oscar/mitigations/M1131 - Disable or lock compromised accounts.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/mitigations/M1131 - Disable or lock compromised accounts.yaml -------------------------------------------------------------------------------- /content/oscar/mitigations/M1132 - Enable MFA for user accounts.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/mitigations/M1132 - Enable MFA for user accounts.yaml -------------------------------------------------------------------------------- /content/oscar/mitigations/M1170 - Use parameterized queries.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/mitigations/M1170 - Use parameterized queries.yaml -------------------------------------------------------------------------------- /content/oscar/mitigations/M1171 - Use stored procedures.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/mitigations/M1171 - Use stored procedures.yaml -------------------------------------------------------------------------------- /content/oscar/mitigations/M1172 - Use allow-list input validation.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/mitigations/M1172 - Use allow-list input validation.yaml -------------------------------------------------------------------------------- /content/oscar/mitigations/M1173 - Escape all user supplied input.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/mitigations/M1173 - Escape all user supplied input.yaml -------------------------------------------------------------------------------- /content/oscar/mitigations/M1180 - Avoid calling OS commands directly.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/mitigations/M1180 - Avoid calling OS commands directly.yaml -------------------------------------------------------------------------------- /content/oscar/mitigations/M1181 - Use parametrization with input validation.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/mitigations/M1181 - Use parametrization with input validation.yaml -------------------------------------------------------------------------------- /content/oscar/mitigations/M1182 - Implement least privilege.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/mitigations/M1182 - Implement least privilege.yaml -------------------------------------------------------------------------------- /content/oscar/mitigations/M1190 - Use framework security mechanisms.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/mitigations/M1190 - Use framework security mechanisms.yaml -------------------------------------------------------------------------------- /content/oscar/mitigations/M1191 - Escape all user supplied input.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/mitigations/M1191 - Escape all user supplied input.yaml -------------------------------------------------------------------------------- /content/oscar/mitigations/M1192 - Encode data output.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/mitigations/M1192 - Encode data output.yaml -------------------------------------------------------------------------------- /content/oscar/mitigations/M1193 - Use HTML sanitization.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/mitigations/M1193 - Use HTML sanitization.yaml -------------------------------------------------------------------------------- /content/oscar/mitigations/M1194 - Use content security policy.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/mitigations/M1194 - Use content security policy.yaml -------------------------------------------------------------------------------- /content/oscar/mitigations/M1200 - Verify package authenticity.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/mitigations/M1200 - Verify package authenticity.yaml -------------------------------------------------------------------------------- /content/oscar/mitigations/M1201 - Restrict egress traffic from CICD.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/mitigations/M1201 - Restrict egress traffic from CICD.yaml -------------------------------------------------------------------------------- /content/oscar/mitigations/M1220 - Use only trusted third-party Github actions.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/mitigations/M1220 - Use only trusted third-party Github actions.yaml -------------------------------------------------------------------------------- /content/oscar/mitigations/M1221 - Review the Github action source code.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/mitigations/M1221 - Review the Github action source code.yaml -------------------------------------------------------------------------------- /content/oscar/mitigations/M1222 - Limit the permissions granted to third-party Github actions.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/mitigations/M1222 - Limit the permissions granted to third-party Github actions.yaml -------------------------------------------------------------------------------- /content/oscar/mitigations/M1230 - Secure API access control.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/mitigations/M1230 - Secure API access control.yaml -------------------------------------------------------------------------------- /content/oscar/mitigations/M1231 - Implement Proper API documentation.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/mitigations/M1231 - Implement Proper API documentation.yaml -------------------------------------------------------------------------------- /content/oscar/mitigations/M1232 - Implement API endpoint hardening.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/mitigations/M1232 - Implement API endpoint hardening.yaml -------------------------------------------------------------------------------- /content/oscar/mitigations/M1240 - Enable data encryption at rest.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/mitigations/M1240 - Enable data encryption at rest.yaml -------------------------------------------------------------------------------- /content/oscar/mitigations/M1241 - Use strong encryption algorithms.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/mitigations/M1241 - Use strong encryption algorithms.yaml -------------------------------------------------------------------------------- /content/oscar/mitigations/M1250 - Enable data encryption in transit.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/mitigations/M1250 - Enable data encryption in transit.yaml -------------------------------------------------------------------------------- /content/oscar/mitigations/M1260 - Implement least privilege access for cloud storages.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/mitigations/M1260 - Implement least privilege access for cloud storages.yaml -------------------------------------------------------------------------------- /content/oscar/mitigations/M1261 - Implement proper access control for cloud storages.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/mitigations/M1261 - Implement proper access control for cloud storages.yaml -------------------------------------------------------------------------------- /content/oscar/mitigations/M1270 - Implement proper access control for databases.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/mitigations/M1270 - Implement proper access control for databases.yaml -------------------------------------------------------------------------------- /content/oscar/mitigations/M1271 - Protect database credentials.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/mitigations/M1271 - Protect database credentials.yaml -------------------------------------------------------------------------------- /content/oscar/mitigations/M1272 - Audit server configuration.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/mitigations/M1272 - Audit server configuration.yaml -------------------------------------------------------------------------------- /content/oscar/mitigations/M1280 - Implement least privilege network access.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/mitigations/M1280 - Implement least privilege network access.yaml -------------------------------------------------------------------------------- /content/oscar/mitigations/M1281 - Configure network security group.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/mitigations/M1281 - Configure network security group.yaml -------------------------------------------------------------------------------- /content/oscar/mitigations/M1282 - Secure default configurations.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/mitigations/M1282 - Secure default configurations.yaml -------------------------------------------------------------------------------- /content/oscar/mitigations/M1290 - Double-checking package or container names.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/mitigations/M1290 - Double-checking package or container names.yaml -------------------------------------------------------------------------------- /content/oscar/mitigations/M1291 - Verify package or container sources.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/mitigations/M1291 - Verify package or container sources.yaml -------------------------------------------------------------------------------- /content/oscar/mitigations/M1300 - Implement log sanitization.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/mitigations/M1300 - Implement log sanitization.yaml -------------------------------------------------------------------------------- /content/oscar/mitigations/M1301 - Configure log levels and verbosity.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/mitigations/M1301 - Configure log levels and verbosity.yaml -------------------------------------------------------------------------------- /content/oscar/mitigations/M1302 - Implement strict access controls for logs.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/mitigations/M1302 - Implement strict access controls for logs.yaml -------------------------------------------------------------------------------- /content/oscar/mitigations/M1310 - Implement least privilege principle.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/mitigations/M1310 - Implement least privilege principle.yaml -------------------------------------------------------------------------------- /content/oscar/mitigations/M1311 - Implement multi-factor authentication.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/mitigations/M1311 - Implement multi-factor authentication.yaml -------------------------------------------------------------------------------- /content/oscar/mitigations/M1320 - Implement least privilege principle for containers.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/mitigations/M1320 - Implement least privilege principle for containers.yaml -------------------------------------------------------------------------------- /content/oscar/mitigations/M1321 - Container or runner hardening.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/mitigations/M1321 - Container or runner hardening.yaml -------------------------------------------------------------------------------- /content/oscar/mitigations/M1322 - Container or runner agent runtime security.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/mitigations/M1322 - Container or runner agent runtime security.yaml -------------------------------------------------------------------------------- /content/oscar/mitigations/M1330 - Implement regular plugin updates.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/mitigations/M1330 - Implement regular plugin updates.yaml -------------------------------------------------------------------------------- /content/oscar/mitigations/M1331 - Conduct plugin security review.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/mitigations/M1331 - Conduct plugin security review.yaml -------------------------------------------------------------------------------- /content/oscar/mitigations/M1332 - Implement least privilege principle for plugins.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/mitigations/M1332 - Implement least privilege principle for plugins.yaml -------------------------------------------------------------------------------- /content/oscar/mitigations/M1340 - Implement regular account review.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/mitigations/M1340 - Implement regular account review.yaml -------------------------------------------------------------------------------- /content/oscar/mitigations/M1440 - Review logging settings.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/mitigations/M1440 - Review logging settings.yaml -------------------------------------------------------------------------------- /content/oscar/mitigations/M1441 - Implement centralized logging.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/mitigations/M1441 - Implement centralized logging.yaml -------------------------------------------------------------------------------- /content/oscar/mitigations/M1450 - Implement zero trust.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/mitigations/M1450 - Implement zero trust.yaml -------------------------------------------------------------------------------- /content/oscar/mitigations/M1451 - Use network segmentation.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/mitigations/M1451 - Use network segmentation.yaml -------------------------------------------------------------------------------- /content/oscar/mitigations/M1480 - Limit the privileges of the runner .yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/mitigations/M1480 - Limit the privileges of the runner .yaml -------------------------------------------------------------------------------- /content/oscar/mitigations/M1481 - Do not use self-hosted runners for public repositories.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/mitigations/M1481 - Do not use self-hosted runners for public repositories.yaml -------------------------------------------------------------------------------- /content/oscar/mitigations/M1490 - Restrict the ability to delete repositories.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/mitigations/M1490 - Restrict the ability to delete repositories.yaml -------------------------------------------------------------------------------- /content/oscar/mitigations/M1491 - Implement backup and recovery.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/mitigations/M1491 - Implement backup and recovery.yaml -------------------------------------------------------------------------------- /content/oscar/mitigations/M1500 - Verify third-party artifacts and open-source libraries.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/mitigations/M1500 - Verify third-party artifacts and open-source libraries.yaml -------------------------------------------------------------------------------- /content/oscar/mitigations/M1501 - Require SBOM from all third-party suppliers.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/mitigations/M1501 - Require SBOM from all third-party suppliers.yaml -------------------------------------------------------------------------------- /content/oscar/mitigations/M1502 - Define trusted package managers and repositories.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/mitigations/M1502 - Define trusted package managers and repositories.yaml -------------------------------------------------------------------------------- /content/oscar/mitigations/M1503 - Implement SCA analysis.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/mitigations/M1503 - Implement SCA analysis.yaml -------------------------------------------------------------------------------- /content/oscar/mitigations/M1520 - Use security scanning tools.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/mitigations/M1520 - Use security scanning tools.yaml -------------------------------------------------------------------------------- /content/oscar/mitigations/M1521 - Use containerization.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/mitigations/M1521 - Use containerization.yaml -------------------------------------------------------------------------------- /content/oscar/mitigations/M1530 - Use multi-factor authentication.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/mitigations/M1530 - Use multi-factor authentication.yaml -------------------------------------------------------------------------------- /content/oscar/mitigations/M1531 - Implement endpoint security solutions.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/mitigations/M1531 - Implement endpoint security solutions.yaml -------------------------------------------------------------------------------- /content/oscar/mitigations/M1532 - Implement least privilege access controls.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/mitigations/M1532 - Implement least privilege access controls.yaml -------------------------------------------------------------------------------- /content/oscar/mitigations/M1540 - Use trusted sources.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/mitigations/M1540 - Use trusted sources.yaml -------------------------------------------------------------------------------- /content/oscar/mitigations/M1541 - Read reviews and ratings.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/mitigations/M1541 - Read reviews and ratings.yaml -------------------------------------------------------------------------------- /content/oscar/mitigations/M1542 - Check extension permissions.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/mitigations/M1542 - Check extension permissions.yaml -------------------------------------------------------------------------------- /content/oscar/mitigations/M1543 - Update extensions regularly.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/mitigations/M1543 - Update extensions regularly.yaml -------------------------------------------------------------------------------- /content/oscar/mitigations/M1550 - Implement strict access control for clouds.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/mitigations/M1550 - Implement strict access control for clouds.yaml -------------------------------------------------------------------------------- /content/oscar/mitigations/M1551 - Use built-in security controls.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/mitigations/M1551 - Use built-in security controls.yaml -------------------------------------------------------------------------------- /content/oscar/mitigations/M1560 - Regularly audit webhooks.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/mitigations/M1560 - Regularly audit webhooks.yaml -------------------------------------------------------------------------------- /content/oscar/mitigations/M1561 - Monitor outbound traffic.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/mitigations/M1561 - Monitor outbound traffic.yaml -------------------------------------------------------------------------------- /content/oscar/mitigations/M1562 - Implement access controls for webhooks.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/mitigations/M1562 - Implement access controls for webhooks.yaml -------------------------------------------------------------------------------- /content/oscar/mitigations/M1563 - Use data encryption for webhooks.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/mitigations/M1563 - Use data encryption for webhooks.yaml -------------------------------------------------------------------------------- /content/oscar/mitigations/M1580 - Restrict access to templates.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/mitigations/M1580 - Restrict access to templates.yaml -------------------------------------------------------------------------------- /content/oscar/mitigations/M1581 - Template validation.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/mitigations/M1581 - Template validation.yaml -------------------------------------------------------------------------------- /content/oscar/mitigations/M1590 - Implement artifact signing and verifiaction.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/mitigations/M1590 - Implement artifact signing and verifiaction.yaml -------------------------------------------------------------------------------- /content/oscar/mitigations/M1591 - Validate dependencies.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/mitigations/M1591 - Validate dependencies.yaml -------------------------------------------------------------------------------- /content/oscar/mitigations/M1630 - Implement runtime encryption.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/mitigations/M1630 - Implement runtime encryption.yaml -------------------------------------------------------------------------------- /content/oscar/mitigations/M1660 - Isolate pipeline for unreviewed code.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/mitigations/M1660 - Isolate pipeline for unreviewed code.yaml -------------------------------------------------------------------------------- /content/oscar/mitigations/M1661 - Revoke users permissions.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/mitigations/M1661 - Revoke users permissions.yaml -------------------------------------------------------------------------------- /content/oscar/mitigations/M1662 - Evaluate pipeline execution permissions.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/mitigations/M1662 - Evaluate pipeline execution permissions.yaml -------------------------------------------------------------------------------- /content/oscar/mitigations/M1680 - Limit access to code repositories.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/mitigations/M1680 - Limit access to code repositories.yaml -------------------------------------------------------------------------------- /content/oscar/mitigations/M1720 - Implement regular patches and updates.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/mitigations/M1720 - Implement regular patches and updates.yaml -------------------------------------------------------------------------------- /content/oscar/mitigations/M1730 - Implement code reviews.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/mitigations/M1730 - Implement code reviews.yaml -------------------------------------------------------------------------------- /content/oscar/mitigations/M1731 - Implement verification of signed commits.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/mitigations/M1731 - Implement verification of signed commits.yaml -------------------------------------------------------------------------------- /content/oscar/mitigations/M1732 - Implement code scanning for security risks.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/mitigations/M1732 - Implement code scanning for security risks.yaml -------------------------------------------------------------------------------- /content/oscar/mitigations/M1740 - Establish guidelines for the use of SaaS application.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/mitigations/M1740 - Establish guidelines for the use of SaaS application.yaml -------------------------------------------------------------------------------- /content/oscar/mitigations/M1741 - Implement access controls and permissions for SaaS applications.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/mitigations/M1741 - Implement access controls and permissions for SaaS applications.yaml -------------------------------------------------------------------------------- /content/oscar/mitigations/M1750 - Implement proper resource tagging.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/mitigations/M1750 - Implement proper resource tagging.yaml -------------------------------------------------------------------------------- /content/oscar/mitigations/M1751 - Implement resource management policies.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/mitigations/M1751 - Implement resource management policies.yaml -------------------------------------------------------------------------------- /content/oscar/mitigations/M1752 - Regularly review and audit cloud resources.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/mitigations/M1752 - Regularly review and audit cloud resources.yaml -------------------------------------------------------------------------------- /content/oscar/mitigations/M1760 - Regularly review and update security configurations.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/mitigations/M1760 - Regularly review and update security configurations.yaml -------------------------------------------------------------------------------- /content/oscar/mitigations/M1761 - Implement automated security tools.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/mitigations/M1761 - Implement automated security tools.yaml -------------------------------------------------------------------------------- /content/oscar/mitigations/M1770 - Implement least privilege principle for serverless workloads.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/mitigations/M1770 - Implement least privilege principle for serverless workloads.yaml -------------------------------------------------------------------------------- /content/oscar/mitigations/M1771 - Regularly review and update permissions.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/mitigations/M1771 - Regularly review and update permissions.yaml -------------------------------------------------------------------------------- /content/oscar/mitigations/M1780 - Restrict access to machines with deploy keys.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/mitigations/M1780 - Restrict access to machines with deploy keys.yaml -------------------------------------------------------------------------------- /content/oscar/mitigations/M1781 - Use dedicated machines for deploy keys.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/mitigations/M1781 - Use dedicated machines for deploy keys.yaml -------------------------------------------------------------------------------- /content/oscar/mitigations/M1782 - Securely store private keys.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/mitigations/M1782 - Securely store private keys.yaml -------------------------------------------------------------------------------- /content/oscar/mitigations/M1783 - Rotate deploy keys regularly.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/mitigations/M1783 - Rotate deploy keys regularly.yaml -------------------------------------------------------------------------------- /content/oscar/mitigations/M1790 - Limit access to webhooks.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/mitigations/M1790 - Limit access to webhooks.yaml -------------------------------------------------------------------------------- /content/oscar/mitigations/M1791 - Use secure communication channels.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/mitigations/M1791 - Use secure communication channels.yaml -------------------------------------------------------------------------------- /content/oscar/mitigations/M1792 - Implement secure WebHook configurations.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/mitigations/M1792 - Implement secure WebHook configurations.yaml -------------------------------------------------------------------------------- /content/oscar/mitigations/M1830 - Restrict token access.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/mitigations/M1830 - Restrict token access.yaml -------------------------------------------------------------------------------- /content/oscar/mitigations/M1860 - Implement strong authentication mechanisms.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/mitigations/M1860 - Implement strong authentication mechanisms.yaml -------------------------------------------------------------------------------- /content/oscar/mitigations/M1861 - Implement strong authorization mechanisms.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/mitigations/M1861 - Implement strong authorization mechanisms.yaml -------------------------------------------------------------------------------- /content/oscar/mitigations/M1880 - Implement Anti-CSRF token.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/mitigations/M1880 - Implement Anti-CSRF token.yaml -------------------------------------------------------------------------------- /content/oscar/mitigations/M1881 - Enable SameSite cookies.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/mitigations/M1881 - Enable SameSite cookies.yaml -------------------------------------------------------------------------------- /content/oscar/mitigations/M1882 - Implement Strict Referer Policy.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/mitigations/M1882 - Implement Strict Referer Policy.yaml -------------------------------------------------------------------------------- /content/oscar/mitigations/M1883 - Implement Web Application Firewall.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/mitigations/M1883 - Implement Web Application Firewall.yaml -------------------------------------------------------------------------------- /content/oscar/mitigations/M1890 - Encrypt secrets.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/mitigations/M1890 - Encrypt secrets.yaml -------------------------------------------------------------------------------- /content/oscar/mitigations/M1930 - Avoid storing sensitive information in environment variables.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/mitigations/M1930 - Avoid storing sensitive information in environment variables.yaml -------------------------------------------------------------------------------- /content/oscar/mitigations/M1931 - Use a secure secrets management system.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/mitigations/M1931 - Use a secure secrets management system.yaml -------------------------------------------------------------------------------- /content/oscar/procedures/.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/procedures/.gitignore -------------------------------------------------------------------------------- /content/oscar/realms/.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/realms/.gitignore -------------------------------------------------------------------------------- /content/oscar/stories/AS1 - Webmin 1.900 RCE.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/stories/AS1 - Webmin 1.900 RCE.yaml -------------------------------------------------------------------------------- /content/oscar/stories/AS107 - Dependabot.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/stories/AS107 - Dependabot.yaml -------------------------------------------------------------------------------- /content/oscar/stories/AS108 - JuiceStealer.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/stories/AS108 - JuiceStealer.yaml -------------------------------------------------------------------------------- /content/oscar/stories/AS109 - Pytorch.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/stories/AS109 - Pytorch.yaml -------------------------------------------------------------------------------- /content/oscar/stories/AS2 - 3CX Software.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/stories/AS2 - 3CX Software.yaml -------------------------------------------------------------------------------- /content/oscar/stories/AS3 - Codecov Bash Uploader.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/stories/AS3 - Codecov Bash Uploader.yaml -------------------------------------------------------------------------------- /content/oscar/stories/AS4 - PHP Backdoor.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/stories/AS4 - PHP Backdoor.yaml -------------------------------------------------------------------------------- /content/oscar/stories/AS5 - CCleaner.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/stories/AS5 - CCleaner.yaml -------------------------------------------------------------------------------- /content/oscar/stories/AS6 - SolarWinds.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/stories/AS6 - SolarWinds.yaml -------------------------------------------------------------------------------- /content/oscar/tactics/.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/tactics/.gitignore -------------------------------------------------------------------------------- /content/oscar/techniques/.gitignore: -------------------------------------------------------------------------------- 1 | # Only yamls here! 2 | * 3 | !*.yaml 4 | -------------------------------------------------------------------------------- /content/oscar/techniques/T0100 - Discover naming conventions.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/techniques/T0100 - Discover naming conventions.yaml -------------------------------------------------------------------------------- /content/oscar/techniques/T0101 - Discover technology stacks.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/techniques/T0101 - Discover technology stacks.yaml -------------------------------------------------------------------------------- /content/oscar/techniques/T0102 - Discover used open-source dependencies.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/techniques/T0102 - Discover used open-source dependencies.yaml -------------------------------------------------------------------------------- /content/oscar/techniques/T0103 - Scan public artifacts for secrets.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/techniques/T0103 - Scan public artifacts for secrets.yaml -------------------------------------------------------------------------------- /content/oscar/techniques/T0104 - Discover coding flaws.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/techniques/T0104 - Discover coding flaws.yaml -------------------------------------------------------------------------------- /content/oscar/techniques/T0105 - Active scanning.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/techniques/T0105 - Active scanning.yaml -------------------------------------------------------------------------------- /content/oscar/techniques/T0106 - Scan configuration on public resources.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/techniques/T0106 - Scan configuration on public resources.yaml -------------------------------------------------------------------------------- /content/oscar/techniques/T0107 - Discover internal artifacts names.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/techniques/T0107 - Discover internal artifacts names.yaml -------------------------------------------------------------------------------- /content/oscar/techniques/T0108 - Accounts in public registry.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/techniques/T0108 - Accounts in public registry.yaml -------------------------------------------------------------------------------- /content/oscar/techniques/T0109 - Publish malicious artifact.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/techniques/T0109 - Publish malicious artifact.yaml -------------------------------------------------------------------------------- /content/oscar/techniques/T0110 - Advertise malicious artifact.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/techniques/T0110 - Advertise malicious artifact.yaml -------------------------------------------------------------------------------- /content/oscar/techniques/T0111 - Malicious code contribution to an open-source repository.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/techniques/T0111 - Malicious code contribution to an open-source repository.yaml -------------------------------------------------------------------------------- /content/oscar/techniques/T0112 - Compromised token.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/techniques/T0112 - Compromised token.yaml -------------------------------------------------------------------------------- /content/oscar/techniques/T0113 - Compromised user account.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/techniques/T0113 - Compromised user account.yaml -------------------------------------------------------------------------------- /content/oscar/techniques/T0114 - Compromised service account.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/techniques/T0114 - Compromised service account.yaml -------------------------------------------------------------------------------- /content/oscar/techniques/T0115 - Repojacking.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/techniques/T0115 - Repojacking.yaml -------------------------------------------------------------------------------- /content/oscar/techniques/T0116 - Shadow IT.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/techniques/T0116 - Shadow IT.yaml -------------------------------------------------------------------------------- /content/oscar/techniques/T0117 - SQL injection.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/techniques/T0117 - SQL injection.yaml -------------------------------------------------------------------------------- /content/oscar/techniques/T0118 - Command injection.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/techniques/T0118 - Command injection.yaml -------------------------------------------------------------------------------- /content/oscar/techniques/T0119 - Cross-site scripting.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/techniques/T0119 - Cross-site scripting.yaml -------------------------------------------------------------------------------- /content/oscar/techniques/T0120 - Dependency Confusion.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/techniques/T0120 - Dependency Confusion.yaml -------------------------------------------------------------------------------- /content/oscar/techniques/T0121 - Compromised legitimate artifact.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/techniques/T0121 - Compromised legitimate artifact.yaml -------------------------------------------------------------------------------- /content/oscar/techniques/T0122 - Vulnerability in third-party dependency.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/techniques/T0122 - Vulnerability in third-party dependency.yaml -------------------------------------------------------------------------------- /content/oscar/techniques/T0123 - Exposed internal API.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/techniques/T0123 - Exposed internal API.yaml -------------------------------------------------------------------------------- /content/oscar/techniques/T0124 - Unencrypted data at rest.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/techniques/T0124 - Unencrypted data at rest.yaml -------------------------------------------------------------------------------- /content/oscar/techniques/T0125 - Unencrypted data at transit.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/techniques/T0125 - Unencrypted data at transit.yaml -------------------------------------------------------------------------------- /content/oscar/techniques/T0126 - Exposed storage.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/techniques/T0126 - Exposed storage.yaml -------------------------------------------------------------------------------- /content/oscar/techniques/T0127 - Exposed database.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/techniques/T0127 - Exposed database.yaml -------------------------------------------------------------------------------- /content/oscar/techniques/T0128 - Permissive network access.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/techniques/T0128 - Permissive network access.yaml -------------------------------------------------------------------------------- /content/oscar/techniques/T0129 - Typosquatting.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/techniques/T0129 - Typosquatting.yaml -------------------------------------------------------------------------------- /content/oscar/techniques/T0130 - Harvest secrets from logs.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/techniques/T0130 - Harvest secrets from logs.yaml -------------------------------------------------------------------------------- /content/oscar/techniques/T0131 - Overprivileged user account.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/techniques/T0131 - Overprivileged user account.yaml -------------------------------------------------------------------------------- /content/oscar/techniques/T0132 - Runners agents running with high user privileges.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/techniques/T0132 - Runners agents running with high user privileges.yaml -------------------------------------------------------------------------------- /content/oscar/techniques/T0133 - Vulnerable CICD plugins.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/techniques/T0133 - Vulnerable CICD plugins.yaml -------------------------------------------------------------------------------- /content/oscar/techniques/T0134 - Add user.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/techniques/T0134 - Add user.yaml -------------------------------------------------------------------------------- /content/oscar/techniques/T0135 - Vulnerable CICD system.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/techniques/T0135 - Vulnerable CICD system.yaml -------------------------------------------------------------------------------- /content/oscar/techniques/T0136 - Brandjacking.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/techniques/T0136 - Brandjacking.yaml -------------------------------------------------------------------------------- /content/oscar/techniques/T0137 - Weak authentication methods.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/techniques/T0137 - Weak authentication methods.yaml -------------------------------------------------------------------------------- /content/oscar/techniques/T0138 - Backdoor in code.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/techniques/T0138 - Backdoor in code.yaml -------------------------------------------------------------------------------- /content/oscar/techniques/T0139 - Resource hijacking.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/techniques/T0139 - Resource hijacking.yaml -------------------------------------------------------------------------------- /content/oscar/techniques/T0140 - Dump tokens from the environment variable.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/techniques/T0140 - Dump tokens from the environment variable.yaml -------------------------------------------------------------------------------- /content/oscar/techniques/T0141 - Forge developer reputation.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/techniques/T0141 - Forge developer reputation.yaml -------------------------------------------------------------------------------- /content/oscar/techniques/T0142 - Accidental public disclosure of internal resources.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/techniques/T0142 - Accidental public disclosure of internal resources.yaml -------------------------------------------------------------------------------- /content/oscar/techniques/T0143 - External user accounts.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/techniques/T0143 - External user accounts.yaml -------------------------------------------------------------------------------- /content/oscar/techniques/T0144 - Misconfigured traffic log settings.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/techniques/T0144 - Misconfigured traffic log settings.yaml -------------------------------------------------------------------------------- /content/oscar/techniques/T0145 - Bypass of outbound traffic control.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/techniques/T0145 - Bypass of outbound traffic control.yaml -------------------------------------------------------------------------------- /content/oscar/techniques/T0146 - Misconfigured audit logs settings.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/techniques/T0146 - Misconfigured audit logs settings.yaml -------------------------------------------------------------------------------- /content/oscar/techniques/T0147 - Scan public CICD configurations for secrets and vulnerable actions.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/techniques/T0147 - Scan public CICD configurations for secrets and vulnerable actions.yaml -------------------------------------------------------------------------------- /content/oscar/techniques/T0148 - Scheduled TaskJob on self hosted runner.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/techniques/T0148 - Scheduled TaskJob on self hosted runner.yaml -------------------------------------------------------------------------------- /content/oscar/techniques/T0149 - Delete repositories for DoS.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/techniques/T0149 - Delete repositories for DoS.yaml -------------------------------------------------------------------------------- /content/oscar/techniques/T0150 - Runtime logic bomb.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/techniques/T0150 - Runtime logic bomb.yaml -------------------------------------------------------------------------------- /content/oscar/techniques/T0151 - Installation scripts.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/techniques/T0151 - Installation scripts.yaml -------------------------------------------------------------------------------- /content/oscar/techniques/T0152 - IDE.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/techniques/T0152 - IDE.yaml -------------------------------------------------------------------------------- /content/oscar/techniques/T0153 - Compromised developer workstation.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/techniques/T0153 - Compromised developer workstation.yaml -------------------------------------------------------------------------------- /content/oscar/techniques/T0154 - Malicious IDE extension.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/techniques/T0154 - Malicious IDE extension.yaml -------------------------------------------------------------------------------- /content/oscar/techniques/T0155 - Cloud workload.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/techniques/T0155 - Cloud workload.yaml -------------------------------------------------------------------------------- /content/oscar/techniques/T0156 - Webhook.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/techniques/T0156 - Webhook.yaml -------------------------------------------------------------------------------- /content/oscar/techniques/T0157 - Combosquatting.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/techniques/T0157 - Combosquatting.yaml -------------------------------------------------------------------------------- /content/oscar/techniques/T0158 - Vulnerable CICD template.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/techniques/T0158 - Vulnerable CICD template.yaml -------------------------------------------------------------------------------- /content/oscar/techniques/T0159 - Malicious artifact execution.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/techniques/T0159 - Malicious artifact execution.yaml -------------------------------------------------------------------------------- /content/oscar/techniques/T0161 - Implant in zombie instance .yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/techniques/T0161 - Implant in zombie instance .yaml -------------------------------------------------------------------------------- /content/oscar/techniques/T0162 - Passwords in CICD logs.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/techniques/T0162 - Passwords in CICD logs.yaml -------------------------------------------------------------------------------- /content/oscar/techniques/T0163 - Runtime leakage of password .yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/techniques/T0163 - Runtime leakage of password .yaml -------------------------------------------------------------------------------- /content/oscar/techniques/T0164 - Inject malicious dependency to privileged user repository.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/techniques/T0164 - Inject malicious dependency to privileged user repository.yaml -------------------------------------------------------------------------------- /content/oscar/techniques/T0165 - Create access token.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/techniques/T0165 - Create access token.yaml -------------------------------------------------------------------------------- /content/oscar/techniques/T0166 - Trigger pipeline execution.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/techniques/T0166 - Trigger pipeline execution.yaml -------------------------------------------------------------------------------- /content/oscar/techniques/T0167 - Recursive PR.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/techniques/T0167 - Recursive PR.yaml -------------------------------------------------------------------------------- /content/oscar/techniques/T0168 - Source code.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/techniques/T0168 - Source code.yaml -------------------------------------------------------------------------------- /content/oscar/techniques/T0169 - Push implants across repositories .yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/techniques/T0169 - Push implants across repositories .yaml -------------------------------------------------------------------------------- /content/oscar/techniques/T0170 - Malicious Compiler or Interpreter.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/techniques/T0170 - Malicious Compiler or Interpreter.yaml -------------------------------------------------------------------------------- /content/oscar/techniques/T0172 - Runtime Backdoor.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/techniques/T0172 - Runtime Backdoor.yaml -------------------------------------------------------------------------------- /content/oscar/techniques/T0173 - Auto merge rules in SCM.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/techniques/T0173 - Auto merge rules in SCM.yaml -------------------------------------------------------------------------------- /content/oscar/techniques/T0174 - SaaS sprawl.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/techniques/T0174 - SaaS sprawl.yaml -------------------------------------------------------------------------------- /content/oscar/techniques/T0175 - Untagged resources.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/techniques/T0175 - Untagged resources.yaml -------------------------------------------------------------------------------- /content/oscar/techniques/T0176 - Misconfiguration of security measures.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/techniques/T0176 - Misconfiguration of security measures.yaml -------------------------------------------------------------------------------- /content/oscar/techniques/T0177 - Misconfiguration of serverless workloads.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/techniques/T0177 - Misconfiguration of serverless workloads.yaml -------------------------------------------------------------------------------- /content/oscar/techniques/T0178 - Deploy keys.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/techniques/T0178 - Deploy keys.yaml -------------------------------------------------------------------------------- /content/oscar/techniques/T0179 - Exposed WebHook.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/techniques/T0179 - Exposed WebHook.yaml -------------------------------------------------------------------------------- /content/oscar/techniques/T0180 - Services(Servers) compromise.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/techniques/T0180 - Services(Servers) compromise.yaml -------------------------------------------------------------------------------- /content/oscar/techniques/T0181 - Malicious module injection.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/techniques/T0181 - Malicious module injection.yaml -------------------------------------------------------------------------------- /content/oscar/techniques/T0182 - Bypass Review using admin permission.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/techniques/T0182 - Bypass Review using admin permission.yaml -------------------------------------------------------------------------------- /content/oscar/techniques/T0183 - Dumping short-lived token.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/techniques/T0183 - Dumping short-lived token.yaml -------------------------------------------------------------------------------- /content/oscar/techniques/T0184 - Dumping credentials from files.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/techniques/T0184 - Dumping credentials from files.yaml -------------------------------------------------------------------------------- /content/oscar/techniques/T0185 - Steal credentials in container artifacts.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/techniques/T0185 - Steal credentials in container artifacts.yaml -------------------------------------------------------------------------------- /content/oscar/techniques/T0186 - Source Code Leak.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/techniques/T0186 - Source Code Leak.yaml -------------------------------------------------------------------------------- /content/oscar/techniques/T0187 - Exposed Storage.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/techniques/T0187 - Exposed Storage.yaml -------------------------------------------------------------------------------- /content/oscar/techniques/T0188 - CSRF.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/techniques/T0188 - CSRF.yaml -------------------------------------------------------------------------------- /content/oscar/techniques/T0189 - Secrets in configuration files.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/techniques/T0189 - Secrets in configuration files.yaml -------------------------------------------------------------------------------- /content/oscar/techniques/T0190 - Weak Encryption.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/techniques/T0190 - Weak Encryption.yaml -------------------------------------------------------------------------------- /content/oscar/techniques/T0191 - Malicious code in artifacts.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/techniques/T0191 - Malicious code in artifacts.yaml -------------------------------------------------------------------------------- /content/oscar/techniques/T0192 - Sensitive information in logs.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/techniques/T0192 - Sensitive information in logs.yaml -------------------------------------------------------------------------------- /content/oscar/techniques/T0193 - Sensitive information in environment variables.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/techniques/T0193 - Sensitive information in environment variables.yaml -------------------------------------------------------------------------------- /content/oscar/techniques/T0194 - Outdated software components.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/techniques/T0194 - Outdated software components.yaml -------------------------------------------------------------------------------- /content/oscar/techniques/T0195 - Spoofed Commits.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/techniques/T0195 - Spoofed Commits.yaml -------------------------------------------------------------------------------- /content/oscar/techniques/T0196 - Backdoor in code.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/techniques/T0196 - Backdoor in code.yaml -------------------------------------------------------------------------------- /content/oscar/techniques/T0197 - Use code from untrusted source.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/techniques/T0197 - Use code from untrusted source.yaml -------------------------------------------------------------------------------- /content/oscar/techniques/T0198 - Malicious Build Time Dependencies.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/techniques/T0198 - Malicious Build Time Dependencies.yaml -------------------------------------------------------------------------------- /content/oscar/techniques/T0199 - Secrets Leak.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/oscar/techniques/T0199 - Secrets Leak.yaml -------------------------------------------------------------------------------- /content/templates/detection.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/templates/detection.yaml -------------------------------------------------------------------------------- /content/templates/mitigation.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/templates/mitigation.yaml -------------------------------------------------------------------------------- /content/templates/procedure.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/templates/procedure.yaml -------------------------------------------------------------------------------- /content/templates/realm.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/templates/realm.yaml -------------------------------------------------------------------------------- /content/templates/stories/AS1 - Webmin 1.900 RCE.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/templates/stories/AS1 - Webmin 1.900 RCE.yaml -------------------------------------------------------------------------------- /content/templates/tactic.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/templates/tactic.yaml -------------------------------------------------------------------------------- /content/templates/technique.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/templates/technique.yaml -------------------------------------------------------------------------------- /content/website/matrix.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/content/website/matrix.json -------------------------------------------------------------------------------- /helpers/create_pbom_release.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/helpers/create_pbom_release.py -------------------------------------------------------------------------------- /helpers/tech_to_json.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/helpers/tech_to_json.py -------------------------------------------------------------------------------- /matrix.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pbom-dev/OSCAR/HEAD/matrix.json --------------------------------------------------------------------------------