-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathrisks.json
1 lines (1 loc) · 45.1 KB
/
risks.json
1
[{"category":"missing-network-segmentation","risk_status":"unchecked","severity":"medium","exploitation_likelihood":"unlikely","exploitation_impact":"medium","title":"\u003cb\u003eMissing Network Segmentation\u003c/b\u003e to further encapsulate and protect \u003cb\u003eAmazon EKS Container Platform\u003c/b\u003e against unrelated lower protected assets in the same network segment, which might be easier to compromise by attackers","synthetic_id":"missing-network-segmentation@amazon-eks-container-platform","most_relevant_data_asset":"","most_relevant_technical_asset":"amazon-eks-container-platform","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"","data_breach_probability":"improbable","data_breach_technical_assets":["amazon-eks-container-platform"]},{"category":"missing-network-segmentation","risk_status":"unchecked","severity":"low","exploitation_likelihood":"unlikely","exploitation_impact":"low","title":"\u003cb\u003eMissing Network Segmentation\u003c/b\u003e to further encapsulate and protect \u003cb\u003eNexus Artifact Registry\u003c/b\u003e against unrelated lower protected assets in the same network segment, which might be easier to compromise by attackers","synthetic_id":"missing-network-segmentation@nexus-artifact-registry","most_relevant_data_asset":"","most_relevant_technical_asset":"nexus-artifact-registry","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"","data_breach_probability":"improbable","data_breach_technical_assets":["nexus-artifact-registry"]},{"category":"missing-network-segmentation","risk_status":"unchecked","severity":"low","exploitation_likelihood":"unlikely","exploitation_impact":"low","title":"\u003cb\u003eMissing Network Segmentation\u003c/b\u003e to further encapsulate and protect \u003cb\u003egithub action Build Pipeline\u003c/b\u003e against unrelated lower protected assets in the same network segment, which might be easier to compromise by attackers","synthetic_id":"missing-network-segmentation@github-action-build-pipeline","most_relevant_data_asset":"","most_relevant_technical_asset":"github-action-build-pipeline","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"","data_breach_probability":"improbable","data_breach_technical_assets":["github-action-build-pipeline"]},{"category":"untrusted-deserialization","risk_status":"unchecked","severity":"elevated","exploitation_likelihood":"likely","exploitation_impact":"high","title":"\u003cb\u003eUntrusted Deserialization\u003c/b\u003e risk at \u003cb\u003eDatabase\u003c/b\u003e","synthetic_id":"untrusted-deserialization@database","most_relevant_data_asset":"","most_relevant_technical_asset":"database","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"","data_breach_probability":"probable","data_breach_technical_assets":["database"]},{"category":"code-backdooring","risk_status":"unchecked","severity":"medium","exploitation_likelihood":"unlikely","exploitation_impact":"high","title":"\u003cb\u003eCode Backdooring\u003c/b\u003e risk at \u003cb\u003eAmazon ECR Container Registry\u003c/b\u003e","synthetic_id":"code-backdooring@amazon-ecr-container-registry","most_relevant_data_asset":"","most_relevant_technical_asset":"amazon-ecr-container-registry","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"","data_breach_probability":"probable","data_breach_technical_assets":["amazon-ecr-container-registry"]},{"category":"code-backdooring","risk_status":"unchecked","severity":"medium","exploitation_likelihood":"unlikely","exploitation_impact":"high","title":"\u003cb\u003eCode Backdooring\u003c/b\u003e risk at \u003cb\u003eNexus Artifact Registry\u003c/b\u003e","synthetic_id":"code-backdooring@nexus-artifact-registry","most_relevant_data_asset":"","most_relevant_technical_asset":"nexus-artifact-registry","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"","data_breach_probability":"probable","data_breach_technical_assets":["nexus-artifact-registry"]},{"category":"code-backdooring","risk_status":"unchecked","severity":"medium","exploitation_likelihood":"unlikely","exploitation_impact":"high","title":"\u003cb\u003eCode Backdooring\u003c/b\u003e risk at \u003cb\u003egithub Sourcecode Repository\u003c/b\u003e","synthetic_id":"code-backdooring@github-sourcecode-repository","most_relevant_data_asset":"","most_relevant_technical_asset":"github-sourcecode-repository","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"","data_breach_probability":"probable","data_breach_technical_assets":["github-sourcecode-repository"]},{"category":"code-backdooring","risk_status":"unchecked","severity":"medium","exploitation_likelihood":"unlikely","exploitation_impact":"high","title":"\u003cb\u003eCode Backdooring\u003c/b\u003e risk at \u003cb\u003egithub action Build Pipeline\u003c/b\u003e","synthetic_id":"code-backdooring@github-action-build-pipeline","most_relevant_data_asset":"","most_relevant_technical_asset":"github-action-build-pipeline","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"","data_breach_probability":"probable","data_breach_technical_assets":["amazon-ecr-container-registry","github-action-build-pipeline","nexus-artifact-registry"]},{"category":"container-baseimage-backdooring","risk_status":"unchecked","severity":"medium","exploitation_likelihood":"unlikely","exploitation_impact":"high","title":"\u003cb\u003eContainer Base Image Backdooring\u003c/b\u003e risk at \u003cb\u003eBackend\u003c/b\u003e","synthetic_id":"container-baseimage-backdooring@backend","most_relevant_data_asset":"","most_relevant_technical_asset":"backend","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"","data_breach_probability":"probable","data_breach_technical_assets":["backend"]},{"category":"container-baseimage-backdooring","risk_status":"unchecked","severity":"medium","exploitation_likelihood":"unlikely","exploitation_impact":"medium","title":"\u003cb\u003eContainer Base Image Backdooring\u003c/b\u003e risk at \u003cb\u003eDatabase\u003c/b\u003e","synthetic_id":"container-baseimage-backdooring@database","most_relevant_data_asset":"","most_relevant_technical_asset":"database","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"","data_breach_probability":"probable","data_breach_technical_assets":["database"]},{"category":"container-baseimage-backdooring","risk_status":"unchecked","severity":"medium","exploitation_likelihood":"unlikely","exploitation_impact":"medium","title":"\u003cb\u003eContainer Base Image Backdooring\u003c/b\u003e risk at \u003cb\u003eFrontend\u003c/b\u003e","synthetic_id":"container-baseimage-backdooring@frontend","most_relevant_data_asset":"","most_relevant_technical_asset":"frontend","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"","data_breach_probability":"probable","data_breach_technical_assets":["frontend"]},{"category":"missing-vault-isolation","risk_status":"unchecked","severity":"medium","exploitation_likelihood":"unlikely","exploitation_impact":"high","title":"\u003cb\u003eMissing Vault Isolation\u003c/b\u003e to further encapsulate and protect vault-related asset \u003cb\u003eAWS Secret Manager Vault\u003c/b\u003e against unrelated lower protected assets \u003cb\u003ein the same network segment\u003c/b\u003e, which might be easier to compromise by attackers","synthetic_id":"missing-vault-isolation@aws-secret-manager-vault","most_relevant_data_asset":"","most_relevant_technical_asset":"aws-secret-manager-vault","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"","data_breach_probability":"improbable","data_breach_technical_assets":["aws-secret-manager-vault"]},{"category":"missing-waf","risk_status":"unchecked","severity":"medium","exploitation_likelihood":"unlikely","exploitation_impact":"medium","title":"\u003cb\u003eMissing Web Application Firewall (WAF)\u003c/b\u003e risk at \u003cb\u003eBackend\u003c/b\u003e","synthetic_id":"missing-waf@backend","most_relevant_data_asset":"","most_relevant_technical_asset":"backend","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"","data_breach_probability":"improbable","data_breach_technical_assets":["backend"]},{"category":"something-strange","risk_status":"unchecked","severity":"critical","exploitation_likelihood":"likely","exploitation_impact":"medium","title":"\u003cb\u003eExample Individual Risk\u003c/b\u003e at \u003cb\u003eSome Technical Asset\u003c/b\u003e","synthetic_id":"something-strange@database","most_relevant_data_asset":"","most_relevant_technical_asset":"database","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"","data_breach_probability":"probable","data_breach_technical_assets":["database"]},{"category":"unencrypted-communication","risk_status":"unchecked","severity":"medium","exploitation_likelihood":"unlikely","exploitation_impact":"high","title":"\u003cb\u003eUnencrypted Communication\u003c/b\u003e named \u003cb\u003eServer Traffic\u003c/b\u003e between \u003cb\u003eBackend\u003c/b\u003e and \u003cb\u003eDatabase\u003c/b\u003e transferring authentication data (like credentials, token, session-id, etc.)","synthetic_id":"unencrypted-communication@backend\u003eserver-traffic@backend@database","most_relevant_data_asset":"","most_relevant_technical_asset":"backend","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"backend\u003eserver-traffic","data_breach_probability":"possible","data_breach_technical_assets":["database"]},{"category":"container-platform-escape","risk_status":"unchecked","severity":"medium","exploitation_likelihood":"unlikely","exploitation_impact":"high","title":"\u003cb\u003eContainer Platform Escape\u003c/b\u003e risk at \u003cb\u003eAmazon EKS Container Platform\u003c/b\u003e","synthetic_id":"container-platform-escape@amazon-eks-container-platform","most_relevant_data_asset":"","most_relevant_technical_asset":"amazon-eks-container-platform","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"","data_breach_probability":"probable","data_breach_technical_assets":["database","backend","frontend"]},{"category":"unchecked-deployment","risk_status":"unchecked","severity":"medium","exploitation_likelihood":"unlikely","exploitation_impact":"medium","title":"\u003cb\u003eUnchecked Deployment\u003c/b\u003e risk at \u003cb\u003eDevelopment Client\u003c/b\u003e","synthetic_id":"unchecked-deployment@development-client","most_relevant_data_asset":"","most_relevant_technical_asset":"development-client","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"","data_breach_probability":"possible","data_breach_technical_assets":["development-client","amazon-eks-container-platform","amazon-ecr-container-registry","github-sourcecode-repository"]},{"category":"unchecked-deployment","risk_status":"unchecked","severity":"medium","exploitation_likelihood":"unlikely","exploitation_impact":"medium","title":"\u003cb\u003eUnchecked Deployment\u003c/b\u003e risk at \u003cb\u003egithub action Build Pipeline\u003c/b\u003e","synthetic_id":"unchecked-deployment@github-action-build-pipeline","most_relevant_data_asset":"","most_relevant_technical_asset":"github-action-build-pipeline","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"","data_breach_probability":"possible","data_breach_technical_assets":["github-action-build-pipeline","nexus-artifact-registry","amazon-ecr-container-registry"]},{"category":"unchecked-deployment","risk_status":"unchecked","severity":"low","exploitation_likelihood":"unlikely","exploitation_impact":"low","title":"\u003cb\u003eUnchecked Deployment\u003c/b\u003e risk at \u003cb\u003eAmazon ECR Container Registry\u003c/b\u003e","synthetic_id":"unchecked-deployment@amazon-ecr-container-registry","most_relevant_data_asset":"","most_relevant_technical_asset":"amazon-ecr-container-registry","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"","data_breach_probability":"possible","data_breach_technical_assets":["amazon-ecr-container-registry"]},{"category":"unchecked-deployment","risk_status":"unchecked","severity":"low","exploitation_likelihood":"unlikely","exploitation_impact":"low","title":"\u003cb\u003eUnchecked Deployment\u003c/b\u003e risk at \u003cb\u003eNexus Artifact Registry\u003c/b\u003e","synthetic_id":"unchecked-deployment@nexus-artifact-registry","most_relevant_data_asset":"","most_relevant_technical_asset":"nexus-artifact-registry","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"","data_breach_probability":"possible","data_breach_technical_assets":["nexus-artifact-registry"]},{"category":"unchecked-deployment","risk_status":"unchecked","severity":"low","exploitation_likelihood":"unlikely","exploitation_impact":"low","title":"\u003cb\u003eUnchecked Deployment\u003c/b\u003e risk at \u003cb\u003egithub Sourcecode Repository\u003c/b\u003e","synthetic_id":"unchecked-deployment@github-sourcecode-repository","most_relevant_data_asset":"","most_relevant_technical_asset":"github-sourcecode-repository","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"","data_breach_probability":"possible","data_breach_technical_assets":["github-sourcecode-repository"]},{"category":"missing-authentication","risk_status":"unchecked","severity":"elevated","exploitation_likelihood":"likely","exploitation_impact":"medium","title":"\u003cb\u003eMissing Authentication\u003c/b\u003e covering communication link \u003cb\u003eUser Traffic\u003c/b\u003e from \u003cb\u003eFrontend\u003c/b\u003e to \u003cb\u003eBackend\u003c/b\u003e","synthetic_id":"missing-authentication@frontend\u003euser-traffic@frontend@backend","most_relevant_data_asset":"","most_relevant_technical_asset":"backend","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"frontend\u003euser-traffic","data_breach_probability":"possible","data_breach_technical_assets":["backend"]},{"category":"missing-hardening","risk_status":"in-discussion","severity":"elevated","exploitation_likelihood":"likely","exploitation_impact":"medium","title":"\u003cb\u003eMissing Hardening\u003c/b\u003e risk at \u003cb\u003eAmazon EKS Container Platform\u003c/b\u003e","synthetic_id":"missing-hardening@amazon-eks-container-platform","most_relevant_data_asset":"","most_relevant_technical_asset":"amazon-eks-container-platform","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"","data_breach_probability":"improbable","data_breach_technical_assets":["amazon-eks-container-platform"]},{"category":"missing-hardening","risk_status":"in-discussion","severity":"medium","exploitation_likelihood":"likely","exploitation_impact":"low","title":"\u003cb\u003eMissing Hardening\u003c/b\u003e risk at \u003cb\u003eNexus Artifact Registry\u003c/b\u003e","synthetic_id":"missing-hardening@nexus-artifact-registry","most_relevant_data_asset":"","most_relevant_technical_asset":"nexus-artifact-registry","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"","data_breach_probability":"improbable","data_breach_technical_assets":["nexus-artifact-registry"]},{"category":"missing-hardening","risk_status":"in-discussion","severity":"medium","exploitation_likelihood":"likely","exploitation_impact":"low","title":"\u003cb\u003eMissing Hardening\u003c/b\u003e risk at \u003cb\u003egithub action Build Pipeline\u003c/b\u003e","synthetic_id":"missing-hardening@github-action-build-pipeline","most_relevant_data_asset":"","most_relevant_technical_asset":"github-action-build-pipeline","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"","data_breach_probability":"improbable","data_breach_technical_assets":["github-action-build-pipeline"]},{"category":"dos-risky-access-across-trust-boundary","risk_status":"unchecked","severity":"low","exploitation_likelihood":"unlikely","exploitation_impact":"low","title":"\u003cb\u003eDenial-of-Service\u003c/b\u003e risky access of \u003cb\u003eBackend\u003c/b\u003e by \u003cb\u003eFrontend\u003c/b\u003e via \u003cb\u003eUser Traffic\u003c/b\u003e","synthetic_id":"dos-risky-access-across-trust-boundary@backend@frontend@frontend\u003euser-traffic","most_relevant_data_asset":"","most_relevant_technical_asset":"backend","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"frontend\u003euser-traffic","data_breach_probability":"improbable","data_breach_technical_assets":[]},{"category":"missing-authentication-second-factor","risk_status":"unchecked","severity":"medium","exploitation_likelihood":"unlikely","exploitation_impact":"medium","title":"\u003cb\u003eMissing Two-Factor Authentication\u003c/b\u003e covering communication link \u003cb\u003eArtifact Registry Traffic\u003c/b\u003e from \u003cb\u003eDevelopment Client\u003c/b\u003e to \u003cb\u003eNexus Artifact Registry\u003c/b\u003e","synthetic_id":"missing-authentication-second-factor@development-client\u003eartifact-registry-traffic@development-client@nexus-artifact-registry","most_relevant_data_asset":"","most_relevant_technical_asset":"nexus-artifact-registry","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"development-client\u003eartifact-registry-traffic","data_breach_probability":"possible","data_breach_technical_assets":["nexus-artifact-registry"]},{"category":"missing-authentication-second-factor","risk_status":"unchecked","severity":"medium","exploitation_likelihood":"unlikely","exploitation_impact":"medium","title":"\u003cb\u003eMissing Two-Factor Authentication\u003c/b\u003e covering communication link \u003cb\u003eBuild Pipeline Traffic\u003c/b\u003e from \u003cb\u003eDevelopment Client\u003c/b\u003e to \u003cb\u003egithub action Build Pipeline\u003c/b\u003e","synthetic_id":"missing-authentication-second-factor@development-client\u003ebuild-pipeline-traffic@development-client@github-action-build-pipeline","most_relevant_data_asset":"","most_relevant_technical_asset":"github-action-build-pipeline","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"development-client\u003ebuild-pipeline-traffic","data_breach_probability":"possible","data_breach_technical_assets":["github-action-build-pipeline"]},{"category":"missing-authentication-second-factor","risk_status":"unchecked","severity":"medium","exploitation_likelihood":"unlikely","exploitation_impact":"medium","title":"\u003cb\u003eMissing Two-Factor Authentication\u003c/b\u003e covering communication link \u003cb\u003eContainer Platform Traffic\u003c/b\u003e from \u003cb\u003eDevelopment Client\u003c/b\u003e to \u003cb\u003eAmazon EKS Container Platform\u003c/b\u003e","synthetic_id":"missing-authentication-second-factor@development-client\u003econtainer-platform-traffic@development-client@amazon-eks-container-platform","most_relevant_data_asset":"","most_relevant_technical_asset":"amazon-eks-container-platform","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"development-client\u003econtainer-platform-traffic","data_breach_probability":"possible","data_breach_technical_assets":["amazon-eks-container-platform"]},{"category":"missing-authentication-second-factor","risk_status":"unchecked","severity":"medium","exploitation_likelihood":"unlikely","exploitation_impact":"medium","title":"\u003cb\u003eMissing Two-Factor Authentication\u003c/b\u003e covering communication link \u003cb\u003eContainer Registry Traffic\u003c/b\u003e from \u003cb\u003eDevelopment Client\u003c/b\u003e to \u003cb\u003eAmazon ECR Container Registry\u003c/b\u003e","synthetic_id":"missing-authentication-second-factor@development-client\u003econtainer-registry-traffic@development-client@amazon-ecr-container-registry","most_relevant_data_asset":"","most_relevant_technical_asset":"amazon-ecr-container-registry","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"development-client\u003econtainer-registry-traffic","data_breach_probability":"possible","data_breach_technical_assets":["amazon-ecr-container-registry"]},{"category":"missing-authentication-second-factor","risk_status":"unchecked","severity":"medium","exploitation_likelihood":"unlikely","exploitation_impact":"medium","title":"\u003cb\u003eMissing Two-Factor Authentication\u003c/b\u003e covering communication link \u003cb\u003eSourcecode Repository Traffic\u003c/b\u003e from \u003cb\u003eDevelopment Client\u003c/b\u003e to \u003cb\u003egithub Sourcecode Repository\u003c/b\u003e","synthetic_id":"missing-authentication-second-factor@development-client\u003esourcecode-repository-traffic@development-client@github-sourcecode-repository","most_relevant_data_asset":"","most_relevant_technical_asset":"github-sourcecode-repository","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"development-client\u003esourcecode-repository-traffic","data_breach_probability":"possible","data_breach_technical_assets":["github-sourcecode-repository"]},{"category":"missing-authentication-second-factor","risk_status":"unchecked","severity":"medium","exploitation_likelihood":"unlikely","exploitation_impact":"medium","title":"\u003cb\u003eMissing Two-Factor Authentication\u003c/b\u003e covering communication link \u003cb\u003eUser Traffic\u003c/b\u003e from \u003cb\u003eFrontend\u003c/b\u003e to \u003cb\u003eBackend\u003c/b\u003e","synthetic_id":"missing-authentication-second-factor@frontend\u003euser-traffic@frontend@backend","most_relevant_data_asset":"","most_relevant_technical_asset":"backend","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"frontend\u003euser-traffic","data_breach_probability":"possible","data_breach_technical_assets":["backend"]},{"category":"sql-nosql-injection","risk_status":"mitigated","severity":"elevated","exploitation_likelihood":"very-likely","exploitation_impact":"medium","title":"\u003cb\u003eSQL/NoSQL-Injection\u003c/b\u003e risk at \u003cb\u003eBackend\u003c/b\u003e against database \u003cb\u003eDatabase\u003c/b\u003e via \u003cb\u003eServer Traffic\u003c/b\u003e","synthetic_id":"sql-nosql-injection@backend@database@backend\u003eserver-traffic","most_relevant_data_asset":"","most_relevant_technical_asset":"backend","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"backend\u003eserver-traffic","data_breach_probability":"probable","data_breach_technical_assets":["database"]},{"category":"unencrypted-asset","risk_status":"unchecked","severity":"medium","exploitation_likelihood":"unlikely","exploitation_impact":"high","title":"\u003cb\u003eUnencrypted Technical Asset\u003c/b\u003e named \u003cb\u003eAmazon EKS Container Platform\u003c/b\u003e","synthetic_id":"unencrypted-asset@amazon-eks-container-platform","most_relevant_data_asset":"","most_relevant_technical_asset":"amazon-eks-container-platform","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"","data_breach_probability":"improbable","data_breach_technical_assets":["amazon-eks-container-platform"]},{"category":"unencrypted-asset","risk_status":"unchecked","severity":"medium","exploitation_likelihood":"unlikely","exploitation_impact":"high","title":"\u003cb\u003eUnencrypted Technical Asset\u003c/b\u003e named \u003cb\u003eBackend\u003c/b\u003e","synthetic_id":"unencrypted-asset@backend","most_relevant_data_asset":"","most_relevant_technical_asset":"backend","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"","data_breach_probability":"improbable","data_breach_technical_assets":["backend"]},{"category":"unencrypted-asset","risk_status":"unchecked","severity":"medium","exploitation_likelihood":"unlikely","exploitation_impact":"medium","title":"\u003cb\u003eUnencrypted Technical Asset\u003c/b\u003e named \u003cb\u003eAmazon ECR Container Registry\u003c/b\u003e","synthetic_id":"unencrypted-asset@amazon-ecr-container-registry","most_relevant_data_asset":"","most_relevant_technical_asset":"amazon-ecr-container-registry","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"","data_breach_probability":"improbable","data_breach_technical_assets":["amazon-ecr-container-registry"]},{"category":"unencrypted-asset","risk_status":"unchecked","severity":"medium","exploitation_likelihood":"unlikely","exploitation_impact":"medium","title":"\u003cb\u003eUnencrypted Technical Asset\u003c/b\u003e named \u003cb\u003eNexus Artifact Registry\u003c/b\u003e","synthetic_id":"unencrypted-asset@nexus-artifact-registry","most_relevant_data_asset":"","most_relevant_technical_asset":"nexus-artifact-registry","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"","data_breach_probability":"improbable","data_breach_technical_assets":["nexus-artifact-registry"]},{"category":"unencrypted-asset","risk_status":"unchecked","severity":"medium","exploitation_likelihood":"unlikely","exploitation_impact":"medium","title":"\u003cb\u003eUnencrypted Technical Asset\u003c/b\u003e named \u003cb\u003egithub Sourcecode Repository\u003c/b\u003e","synthetic_id":"unencrypted-asset@github-sourcecode-repository","most_relevant_data_asset":"","most_relevant_technical_asset":"github-sourcecode-repository","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"","data_breach_probability":"improbable","data_breach_technical_assets":["github-sourcecode-repository"]},{"category":"unencrypted-asset","risk_status":"unchecked","severity":"medium","exploitation_likelihood":"unlikely","exploitation_impact":"medium","title":"\u003cb\u003eUnencrypted Technical Asset\u003c/b\u003e named \u003cb\u003egithub action Build Pipeline\u003c/b\u003e","synthetic_id":"unencrypted-asset@github-action-build-pipeline","most_relevant_data_asset":"","most_relevant_technical_asset":"github-action-build-pipeline","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"","data_breach_probability":"improbable","data_breach_technical_assets":["github-action-build-pipeline"]},{"category":"unencrypted-asset","risk_status":"accepted","severity":"medium","exploitation_likelihood":"unlikely","exploitation_impact":"medium","title":"\u003cb\u003eUnencrypted Technical Asset\u003c/b\u003e named \u003cb\u003eDatabase\u003c/b\u003e","synthetic_id":"unencrypted-asset@database","most_relevant_data_asset":"","most_relevant_technical_asset":"database","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"","data_breach_probability":"improbable","data_breach_technical_assets":["database"]},{"category":"unguarded-access-from-internet","risk_status":"unchecked","severity":"elevated","exploitation_likelihood":"very-likely","exploitation_impact":"medium","title":"\u003cb\u003eUnguarded Access from Internet\u003c/b\u003e of \u003cb\u003eAmazon EKS Container Platform\u003c/b\u003e by \u003cb\u003eDevelopment Client\u003c/b\u003e via \u003cb\u003eContainer Platform Traffic\u003c/b\u003e","synthetic_id":"unguarded-access-from-internet@amazon-eks-container-platform@development-client@development-client\u003econtainer-platform-traffic","most_relevant_data_asset":"","most_relevant_technical_asset":"amazon-eks-container-platform","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"development-client\u003econtainer-platform-traffic","data_breach_probability":"possible","data_breach_technical_assets":["amazon-eks-container-platform"]},{"category":"unguarded-access-from-internet","risk_status":"unchecked","severity":"elevated","exploitation_likelihood":"very-likely","exploitation_impact":"medium","title":"\u003cb\u003eUnguarded Access from Internet\u003c/b\u003e of \u003cb\u003eNexus Artifact Registry\u003c/b\u003e by \u003cb\u003eDevelopment Client\u003c/b\u003e via \u003cb\u003eArtifact Registry Traffic\u003c/b\u003e","synthetic_id":"unguarded-access-from-internet@nexus-artifact-registry@development-client@development-client\u003eartifact-registry-traffic","most_relevant_data_asset":"","most_relevant_technical_asset":"nexus-artifact-registry","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"development-client\u003eartifact-registry-traffic","data_breach_probability":"possible","data_breach_technical_assets":["nexus-artifact-registry"]},{"category":"unguarded-access-from-internet","risk_status":"unchecked","severity":"elevated","exploitation_likelihood":"very-likely","exploitation_impact":"medium","title":"\u003cb\u003eUnguarded Access from Internet\u003c/b\u003e of \u003cb\u003eNexus Artifact Registry\u003c/b\u003e by \u003cb\u003egithub action Build Pipeline\u003c/b\u003e via \u003cb\u003eArtifact Registry Traffic\u003c/b\u003e","synthetic_id":"unguarded-access-from-internet@nexus-artifact-registry@github-action-build-pipeline@github-action-build-pipeline\u003eartifact-registry-traffic","most_relevant_data_asset":"","most_relevant_technical_asset":"nexus-artifact-registry","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"github-action-build-pipeline\u003eartifact-registry-traffic","data_breach_probability":"possible","data_breach_technical_assets":["nexus-artifact-registry"]},{"category":"unguarded-access-from-internet","risk_status":"unchecked","severity":"elevated","exploitation_likelihood":"very-likely","exploitation_impact":"medium","title":"\u003cb\u003eUnguarded Access from Internet\u003c/b\u003e of \u003cb\u003egithub Sourcecode Repository\u003c/b\u003e by \u003cb\u003eDevelopment Client\u003c/b\u003e via \u003cb\u003eSourcecode Repository Traffic\u003c/b\u003e","synthetic_id":"unguarded-access-from-internet@github-sourcecode-repository@development-client@development-client\u003esourcecode-repository-traffic","most_relevant_data_asset":"","most_relevant_technical_asset":"github-sourcecode-repository","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"development-client\u003esourcecode-repository-traffic","data_breach_probability":"possible","data_breach_technical_assets":["github-sourcecode-repository"]},{"category":"unguarded-access-from-internet","risk_status":"unchecked","severity":"elevated","exploitation_likelihood":"very-likely","exploitation_impact":"medium","title":"\u003cb\u003eUnguarded Access from Internet\u003c/b\u003e of \u003cb\u003egithub Sourcecode Repository\u003c/b\u003e by \u003cb\u003egithub action Build Pipeline\u003c/b\u003e via \u003cb\u003eSourcecode Repository Traffic\u003c/b\u003e","synthetic_id":"unguarded-access-from-internet@github-sourcecode-repository@github-action-build-pipeline@github-action-build-pipeline\u003esourcecode-repository-traffic","most_relevant_data_asset":"","most_relevant_technical_asset":"github-sourcecode-repository","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"github-action-build-pipeline\u003esourcecode-repository-traffic","data_breach_probability":"possible","data_breach_technical_assets":["github-sourcecode-repository"]},{"category":"unguarded-access-from-internet","risk_status":"unchecked","severity":"elevated","exploitation_likelihood":"very-likely","exploitation_impact":"medium","title":"\u003cb\u003eUnguarded Access from Internet\u003c/b\u003e of \u003cb\u003egithub action Build Pipeline\u003c/b\u003e by \u003cb\u003eDevelopment Client\u003c/b\u003e via \u003cb\u003eBuild Pipeline Traffic\u003c/b\u003e","synthetic_id":"unguarded-access-from-internet@github-action-build-pipeline@development-client@development-client\u003ebuild-pipeline-traffic","most_relevant_data_asset":"","most_relevant_technical_asset":"github-action-build-pipeline","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"development-client\u003ebuild-pipeline-traffic","data_breach_probability":"possible","data_breach_technical_assets":["github-action-build-pipeline"]},{"category":"unguarded-access-from-internet","risk_status":"unchecked","severity":"medium","exploitation_likelihood":"very-likely","exploitation_impact":"low","title":"\u003cb\u003eUnguarded Access from Internet\u003c/b\u003e of \u003cb\u003eAmazon ECR Container Registry\u003c/b\u003e by \u003cb\u003eAmazon EKS Container Platform\u003c/b\u003e via \u003cb\u003eContainer Platform Pull\u003c/b\u003e","synthetic_id":"unguarded-access-from-internet@amazon-ecr-container-registry@amazon-eks-container-platform@amazon-eks-container-platform\u003econtainer-platform-pull","most_relevant_data_asset":"","most_relevant_technical_asset":"amazon-ecr-container-registry","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"amazon-eks-container-platform\u003econtainer-platform-pull","data_breach_probability":"possible","data_breach_technical_assets":["amazon-ecr-container-registry"]},{"category":"unguarded-access-from-internet","risk_status":"unchecked","severity":"medium","exploitation_likelihood":"very-likely","exploitation_impact":"low","title":"\u003cb\u003eUnguarded Access from Internet\u003c/b\u003e of \u003cb\u003eAmazon ECR Container Registry\u003c/b\u003e by \u003cb\u003eDevelopment Client\u003c/b\u003e via \u003cb\u003eContainer Registry Traffic\u003c/b\u003e","synthetic_id":"unguarded-access-from-internet@amazon-ecr-container-registry@development-client@development-client\u003econtainer-registry-traffic","most_relevant_data_asset":"","most_relevant_technical_asset":"amazon-ecr-container-registry","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"development-client\u003econtainer-registry-traffic","data_breach_probability":"possible","data_breach_technical_assets":["amazon-ecr-container-registry"]},{"category":"unguarded-access-from-internet","risk_status":"unchecked","severity":"medium","exploitation_likelihood":"very-likely","exploitation_impact":"low","title":"\u003cb\u003eUnguarded Access from Internet\u003c/b\u003e of \u003cb\u003eAmazon ECR Container Registry\u003c/b\u003e by \u003cb\u003egithub action Build Pipeline\u003c/b\u003e via \u003cb\u003eContainer Registry Traffic\u003c/b\u003e","synthetic_id":"unguarded-access-from-internet@amazon-ecr-container-registry@github-action-build-pipeline@github-action-build-pipeline\u003econtainer-registry-traffic","most_relevant_data_asset":"","most_relevant_technical_asset":"amazon-ecr-container-registry","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"github-action-build-pipeline\u003econtainer-registry-traffic","data_breach_probability":"possible","data_breach_technical_assets":["amazon-ecr-container-registry"]},{"category":"unguarded-access-from-internet","risk_status":"unchecked","severity":"medium","exploitation_likelihood":"very-likely","exploitation_impact":"low","title":"\u003cb\u003eUnguarded Access from Internet\u003c/b\u003e of \u003cb\u003eBackend\u003c/b\u003e by \u003cb\u003eFrontend\u003c/b\u003e via \u003cb\u003eUser Traffic\u003c/b\u003e","synthetic_id":"unguarded-access-from-internet@backend@frontend@frontend\u003euser-traffic","most_relevant_data_asset":"","most_relevant_technical_asset":"backend","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"frontend\u003euser-traffic","data_breach_probability":"possible","data_breach_technical_assets":["backend"]},{"category":"server-side-request-forgery","risk_status":"unchecked","severity":"medium","exploitation_likelihood":"unlikely","exploitation_impact":"medium","title":"\u003cb\u003eServer-Side Request Forgery (SSRF)\u003c/b\u003e risk at \u003cb\u003eAmazon EKS Container Platform\u003c/b\u003e server-side web-requesting the target \u003cb\u003eAmazon ECR Container Registry\u003c/b\u003e via \u003cb\u003eContainer Platform Pull\u003c/b\u003e","synthetic_id":"server-side-request-forgery@amazon-eks-container-platform@amazon-ecr-container-registry@amazon-eks-container-platform\u003econtainer-platform-pull","most_relevant_data_asset":"","most_relevant_technical_asset":"amazon-eks-container-platform","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"amazon-eks-container-platform\u003econtainer-platform-pull","data_breach_probability":"possible","data_breach_technical_assets":["nexus-artifact-registry","aws-secret-manager-vault","github-sourcecode-repository","github-action-build-pipeline","backend","amazon-ecr-container-registry","amazon-eks-container-platform"]},{"category":"server-side-request-forgery","risk_status":"unchecked","severity":"medium","exploitation_likelihood":"unlikely","exploitation_impact":"medium","title":"\u003cb\u003eServer-Side Request Forgery (SSRF)\u003c/b\u003e risk at \u003cb\u003eBackend\u003c/b\u003e server-side web-requesting the target \u003cb\u003eAWS Secret Manager Vault\u003c/b\u003e via \u003cb\u003eVault Access (backend)\u003c/b\u003e","synthetic_id":"server-side-request-forgery@backend@aws-secret-manager-vault@backend\u003evault-access-backend","most_relevant_data_asset":"","most_relevant_technical_asset":"backend","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"backend\u003evault-access-backend","data_breach_probability":"possible","data_breach_technical_assets":["amazon-eks-container-platform","nexus-artifact-registry","aws-secret-manager-vault","github-sourcecode-repository","github-action-build-pipeline","backend","amazon-ecr-container-registry"]},{"category":"server-side-request-forgery","risk_status":"unchecked","severity":"medium","exploitation_likelihood":"unlikely","exploitation_impact":"medium","title":"\u003cb\u003eServer-Side Request Forgery (SSRF)\u003c/b\u003e risk at \u003cb\u003egithub action Build Pipeline\u003c/b\u003e server-side web-requesting the target \u003cb\u003eAmazon ECR Container Registry\u003c/b\u003e via \u003cb\u003eContainer Registry Traffic\u003c/b\u003e","synthetic_id":"server-side-request-forgery@github-action-build-pipeline@amazon-ecr-container-registry@github-action-build-pipeline\u003econtainer-registry-traffic","most_relevant_data_asset":"","most_relevant_technical_asset":"github-action-build-pipeline","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"github-action-build-pipeline\u003econtainer-registry-traffic","data_breach_probability":"possible","data_breach_technical_assets":["backend","amazon-ecr-container-registry","amazon-eks-container-platform","github-action-build-pipeline","nexus-artifact-registry","aws-secret-manager-vault","github-sourcecode-repository"]},{"category":"server-side-request-forgery","risk_status":"unchecked","severity":"medium","exploitation_likelihood":"unlikely","exploitation_impact":"medium","title":"\u003cb\u003eServer-Side Request Forgery (SSRF)\u003c/b\u003e risk at \u003cb\u003egithub action Build Pipeline\u003c/b\u003e server-side web-requesting the target \u003cb\u003eNexus Artifact Registry\u003c/b\u003e via \u003cb\u003eArtifact Registry Traffic\u003c/b\u003e","synthetic_id":"server-side-request-forgery@github-action-build-pipeline@nexus-artifact-registry@github-action-build-pipeline\u003eartifact-registry-traffic","most_relevant_data_asset":"","most_relevant_technical_asset":"github-action-build-pipeline","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"github-action-build-pipeline\u003eartifact-registry-traffic","data_breach_probability":"possible","data_breach_technical_assets":["nexus-artifact-registry","aws-secret-manager-vault","github-sourcecode-repository","github-action-build-pipeline","amazon-ecr-container-registry","amazon-eks-container-platform","backend"]},{"category":"server-side-request-forgery","risk_status":"unchecked","severity":"medium","exploitation_likelihood":"unlikely","exploitation_impact":"medium","title":"\u003cb\u003eServer-Side Request Forgery (SSRF)\u003c/b\u003e risk at \u003cb\u003egithub action Build Pipeline\u003c/b\u003e server-side web-requesting the target \u003cb\u003egithub Sourcecode Repository\u003c/b\u003e via \u003cb\u003eSourcecode Repository Traffic\u003c/b\u003e","synthetic_id":"server-side-request-forgery@github-action-build-pipeline@github-sourcecode-repository@github-action-build-pipeline\u003esourcecode-repository-traffic","most_relevant_data_asset":"","most_relevant_technical_asset":"github-action-build-pipeline","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"github-action-build-pipeline\u003esourcecode-repository-traffic","data_breach_probability":"possible","data_breach_technical_assets":["github-action-build-pipeline","nexus-artifact-registry","aws-secret-manager-vault","github-sourcecode-repository","backend","amazon-ecr-container-registry","amazon-eks-container-platform"]},{"category":"missing-cloud-hardening","risk_status":"unchecked","severity":"elevated","exploitation_likelihood":"unlikely","exploitation_impact":"very-high","title":"\u003cb\u003eMissing Cloud Hardening\u003c/b\u003e risk at \u003cb\u003eTrust Boundary\u003c/b\u003e","synthetic_id":"missing-cloud-hardening@trusted-boundary","most_relevant_data_asset":"","most_relevant_technical_asset":"","most_relevant_trust_boundary":"trusted-boundary","most_relevant_shared_runtime":"","most_relevant_communication_link":"","data_breach_probability":"probable","data_breach_technical_assets":["backend","database","aws-secret-manager-vault","github-sourcecode-repository","amazon-ecr-container-registry","amazon-eks-container-platform","github-action-build-pipeline","nexus-artifact-registry"]},{"category":"accidental-secret-leak","risk_status":"unchecked","severity":"medium","exploitation_likelihood":"unlikely","exploitation_impact":"medium","title":"\u003cb\u003eAccidental Secret Leak\u003c/b\u003e risk at \u003cb\u003eAmazon ECR Container Registry\u003c/b\u003e","synthetic_id":"accidental-secret-leak@amazon-ecr-container-registry","most_relevant_data_asset":"","most_relevant_technical_asset":"amazon-ecr-container-registry","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"","data_breach_probability":"probable","data_breach_technical_assets":["amazon-ecr-container-registry"]},{"category":"accidental-secret-leak","risk_status":"unchecked","severity":"medium","exploitation_likelihood":"unlikely","exploitation_impact":"medium","title":"\u003cb\u003eAccidental Secret Leak\u003c/b\u003e risk at \u003cb\u003eNexus Artifact Registry\u003c/b\u003e","synthetic_id":"accidental-secret-leak@nexus-artifact-registry","most_relevant_data_asset":"","most_relevant_technical_asset":"nexus-artifact-registry","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"","data_breach_probability":"probable","data_breach_technical_assets":["nexus-artifact-registry"]},{"category":"accidental-secret-leak","risk_status":"unchecked","severity":"medium","exploitation_likelihood":"unlikely","exploitation_impact":"medium","title":"\u003cb\u003eAccidental Secret Leak\u003c/b\u003e risk at \u003cb\u003egithub Sourcecode Repository\u003c/b\u003e","synthetic_id":"accidental-secret-leak@github-sourcecode-repository","most_relevant_data_asset":"","most_relevant_technical_asset":"github-sourcecode-repository","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"","data_breach_probability":"probable","data_breach_technical_assets":["github-sourcecode-repository"]},{"category":"mixed-targets-on-shared-runtime","risk_status":"unchecked","severity":"low","exploitation_likelihood":"unlikely","exploitation_impact":"low","title":"\u003cb\u003eMixed Targets on Shared Runtime\u003c/b\u003e named \u003cb\u003eEKS\u003c/b\u003e might enable attackers moving from one less valuable target to a more valuable one","synthetic_id":"mixed-targets-on-shared-runtime@eks","most_relevant_data_asset":"","most_relevant_technical_asset":"","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"eks","most_relevant_communication_link":"","data_breach_probability":"improbable","data_breach_technical_assets":["frontend","backend","database"]},{"category":"missing-identity-store","risk_status":"unchecked","severity":"medium","exploitation_likelihood":"unlikely","exploitation_impact":"medium","title":"\u003cb\u003eMissing Identity Store\u003c/b\u003e in the threat model (referencing asset \u003cb\u003egithub Sourcecode Repository\u003c/b\u003e as an example)","synthetic_id":"missing-identity-store@github-sourcecode-repository","most_relevant_data_asset":"","most_relevant_technical_asset":"github-sourcecode-repository","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"","data_breach_probability":"improbable","data_breach_technical_assets":[]}]