You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/promote-scorecards/examples.md
+35-7Lines changed: 35 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -169,8 +169,8 @@ The scorecard resides on the `Repository` blueprint and evaluates data sourced f
169
169
<h2> Set up data model </h2>
170
170
<h3>Snyk Vulnerability</h3>
171
171
172
-
To accurately benchmark against the OWASP Top 10 for code, most static analysis tools support generating `Common Weakness Enumeration` (CWE) IDs.
173
-
If `CWE`s are not yet included in your `Snyk Vulnerability` blueprint, follow these steps:
172
+
To accurately benchmark against the OWASP Top 10 for code, most static analysis tools support generating `Common Weakness Enumeration` (CWE) IDs. We will store the `CWE` value in a property called `category`.
173
+
If the property is not yet included in your `Snyk Vulnerability` blueprint, follow these steps:
174
174
175
175
**Update the `Snyk Vulnerability` blueprint:**
176
176
1. Navigate to the [Data model](https://app.getport.io/settings/data-model) page of your portal.
@@ -186,9 +186,9 @@ If `CWE`s are not yet included in your `Snyk Vulnerability` blueprint, follow th
186
186
```json
187
187
{
188
188
"properties": {
189
-
"cwe": {
190
-
"type": "number",
191
-
"title": "Common Weakness Enumeration"
189
+
"category": {
190
+
"type": "string",
191
+
"title": "Category"
192
192
}
193
193
}
194
194
```
@@ -741,8 +741,9 @@ To update the `Snyk Target` blueprint:
741
741
The `Snyk Target` blueprint should have a defined relation with the `GitHub Repository` blueprint.
742
742
If your current model does not include a relation from the `Repository` blueprint to the `Snyk Target` blueprint, add it.
743
743
744
-
The next step is to add the OWASP identifiers as mirrored properties to the `GitHub Repository` blueprint.
745
-
**To update the `GitHub Repository` blueprint:**
744
+
The next step is to add the OWASP identifiers as mirrored properties to the `GitHub Repository` blueprint, and update the mapping configuration so that each `GitHub Repository` is automatically linked to its corresponding `Snyk Target`. This link is what allows the mirrored OWASP properties to pull their values from the related Snyk data.
745
+
746
+
**Update the `GitHub Repository` blueprint:**
746
747
747
748
1. Navigate to the [Data model](https://app.getport.io/settings/data-model) page of your portal.
748
749
@@ -803,6 +804,33 @@ The next step is to add the OWASP identifiers as mirrored properties to the `Git
803
804
```
804
805
</details>
805
806
807
+
**Update the mapping configuration:**
808
+
809
+
1. Head over to your [Data sources](https://app.port.io/settings/data-sources) page.
810
+
811
+
2. Under `Exporters`, click on your desired GitHub organization.
812
+
813
+
3. In the **Mapping** tab, edit the YAML in the bottom-left panel and add the following entry under the `repository` kind:
814
+
815
+
<details>
816
+
<summary><b>Mapping configuration (click to expand)</b></summary>
817
+
```yaml
818
+
- kind: repository
819
+
port:
820
+
entity:
821
+
mappings:
822
+
relations:
823
+
snyk_target:
824
+
combinator: '"and"'
825
+
rules:
826
+
- property: '"$title"'
827
+
operator: '"="'
828
+
value: .full_name
829
+
```
830
+
</details>
831
+
832
+
4. Click on the `Save & Resync` button to save the changes and resync the integration.
833
+
806
834
<h2>Set up the scorecard</h2>
807
835
808
836
The final step is to create a scorecard that reflects the security maturity of a `Respository` against the OWASP Top 10 categories.
0 commit comments