Skip to content

Modified risk and model schemas #732

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
P3tra-WP wants to merge 3 commits into
base: 2.0-dev-threatmodeling
Choose a base branch
from
Open

Modified risk and model schemas #732

P3tra-WP wants to merge 3 commits into from
+690 −138

Conversation

@P3tra-WP
Copy link

@P3tra-WP P3tra-WP commented Nov 23, 2025
edited
Loading

Issue:
As discussed in ticket #731 , this PR is a review of the schema

Model schema reviewed to ensure no data loss
Risk schema changes done based on risk and compliance tooling taxonomies to ensure compatibility (including data classification etc)

This PR is to use for discussion on the TM-BOM discussion 0 not for merging yet

@P3tra-WP P3tra-WP requested a review from a team as a code owner November 23, 2025 22:51
stevespringett
stevespringett reviewed Nov 26, 2025
View reviewed changes
schema/2.0/model/cyclonedx-blueprint-2.0.schema.json Outdated
"risk": "Risk management perspective",
"stakeholder": "General stakeholder perspective",
"use-case": "A high level persepctive that captures the data-flows of the use case, rather than deep granularity of systems",
"abuse-case": "A high level persepctive that captures the data-flows of a certain abuse case, rather than deep granularity of systems",
Copy link
Member

@stevespringett stevespringett Nov 26, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Remove use-case as this is covered in the usecase schema. Add abuse case to the threat schema

stevespringett
stevespringett reviewed Nov 26, 2025
View reviewed changes
schema/2.0/model/cyclonedx-blueprint-2.0.schema.json
"service": "Service or microservice",
"dataStore": "Database, file system, or data repository",
"data": "Data asset or dataset",
"data": "Dataset",
Copy link
Member

@stevespringett stevespringett Nov 26, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Change data to dataSet

@jkowalleck jkowalleck added this to the 2.0 milestone Nov 27, 2025
@jkowalleck jkowalleck added the CDX 2.0 related to release v2.0 label Nov 27, 2025
@stevespringett
Copy link
Member

stevespringett commented Nov 29, 2025

Thanks Petra. Let me know when these minor changes are in and I'll merge it in.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@stevespringett stevespringett stevespringett left review comments

Assignees

No one assigned

Labels

CDX 2.0 related to release v2.0

Projects

None yet

Milestone

2.0

Development

Successfully merging this pull request may close these issues.

4 participants

@P3tra-WP @stevespringett @jkowalleck @petra-dv