248 lines
6.9 KiB
JSON
248 lines
6.9 KiB
JSON
{
|
|
"$schema": "https://json-schema.org/draft/2020-12/schema",
|
|
"$id": "urn:awoooi:kali-scan-scope-approval-v1",
|
|
"title": "AWOOOI Kali 掃描範圍批准包 (v1)",
|
|
"description": "定義 Kali 112 可觀測資產、允許掃描深度、需人工批准的 gate 與 finding ingestion 邊界。初期只作為 approval-only / mirror-only 契約。",
|
|
"type": "object",
|
|
"required": [
|
|
"schema_version",
|
|
"status",
|
|
"date",
|
|
"source_host",
|
|
"mode",
|
|
"scope_groups",
|
|
"approval_gates",
|
|
"finding_ingestion_policy",
|
|
"still_forbidden"
|
|
],
|
|
"properties": {
|
|
"schema_version": {
|
|
"const": "kali_scan_scope_approval_v1"
|
|
},
|
|
"status": {
|
|
"type": "string",
|
|
"enum": ["draft_waiting_approval"]
|
|
},
|
|
"date": {
|
|
"type": "string"
|
|
},
|
|
"source_host": {
|
|
"type": "object",
|
|
"required": ["asset_key", "ip", "role"],
|
|
"properties": {
|
|
"asset_key": {"type": "string"},
|
|
"ip": {"type": "string"},
|
|
"role": {"type": "string"}
|
|
},
|
|
"additionalProperties": false
|
|
},
|
|
"mode": {
|
|
"type": "string",
|
|
"enum": ["approval_only"]
|
|
},
|
|
"scope_groups": {
|
|
"type": "array",
|
|
"minItems": 1,
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"group_id",
|
|
"title",
|
|
"default_mode",
|
|
"scan_level",
|
|
"assets"
|
|
],
|
|
"properties": {
|
|
"group_id": {"type": "string"},
|
|
"title": {"type": "string"},
|
|
"default_mode": {
|
|
"type": "string",
|
|
"enum": ["observe", "warn", "approve_required", "block_candidate"]
|
|
},
|
|
"scan_level": {
|
|
"type": "string",
|
|
"enum": [
|
|
"health_only",
|
|
"passive",
|
|
"safe_active",
|
|
"active_dast",
|
|
"credentialed",
|
|
"execute",
|
|
"maintenance"
|
|
]
|
|
},
|
|
"assets": {
|
|
"type": "array",
|
|
"minItems": 1,
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"asset_key",
|
|
"target_type",
|
|
"target",
|
|
"environment",
|
|
"owner_team",
|
|
"allowed_scan_modes",
|
|
"approval_required",
|
|
"notes"
|
|
],
|
|
"properties": {
|
|
"asset_key": {"type": "string"},
|
|
"target_type": {
|
|
"type": "string",
|
|
"enum": [
|
|
"host",
|
|
"website",
|
|
"api_endpoint",
|
|
"container",
|
|
"package",
|
|
"repo",
|
|
"k8s_resource",
|
|
"tool"
|
|
]
|
|
},
|
|
"target": {"type": "string"},
|
|
"environment": {
|
|
"type": "string",
|
|
"enum": [
|
|
"prod",
|
|
"staging",
|
|
"dev",
|
|
"infra",
|
|
"monitoring",
|
|
"source_control",
|
|
"unknown"
|
|
]
|
|
},
|
|
"owner_team": {"type": "string"},
|
|
"allowed_scan_modes": {
|
|
"type": "array",
|
|
"minItems": 1,
|
|
"items": {
|
|
"type": "string",
|
|
"enum": [
|
|
"health_only",
|
|
"passive_inventory",
|
|
"tls_header_check",
|
|
"basic_crawl",
|
|
"unauthenticated_port_discovery",
|
|
"safe_active_scan",
|
|
"active_dast",
|
|
"credentialed_scan",
|
|
"execute_endpoint",
|
|
"full_upgrade_reboot",
|
|
"blocked"
|
|
]
|
|
},
|
|
"uniqueItems": true
|
|
},
|
|
"approval_required": {"type": "boolean"},
|
|
"notes": {"type": "string"}
|
|
},
|
|
"additionalProperties": false
|
|
}
|
|
}
|
|
},
|
|
"additionalProperties": false
|
|
}
|
|
},
|
|
"approval_gates": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"gate_id",
|
|
"requested_action",
|
|
"risk",
|
|
"required_reviewers",
|
|
"blocked_until_approved",
|
|
"evidence_refs"
|
|
],
|
|
"properties": {
|
|
"gate_id": {"type": "string"},
|
|
"requested_action": {
|
|
"type": "string",
|
|
"enum": [
|
|
"run_passive_inventory",
|
|
"run_safe_active_scan",
|
|
"run_active_dast",
|
|
"run_credentialed_scan",
|
|
"call_execute_endpoint",
|
|
"ingest_findings_to_awooop_runtime",
|
|
"change_firewall_or_network_policy",
|
|
"run_full_upgrade_reboot"
|
|
]
|
|
},
|
|
"risk": {
|
|
"type": "string",
|
|
"enum": ["LOW", "MEDIUM", "HIGH", "CRITICAL"]
|
|
},
|
|
"required_reviewers": {
|
|
"type": "array",
|
|
"minItems": 1,
|
|
"items": {
|
|
"type": "string",
|
|
"enum": [
|
|
"critic",
|
|
"vuln-verifier",
|
|
"migration-engineer",
|
|
"security-commander",
|
|
"human-owner"
|
|
]
|
|
},
|
|
"uniqueItems": true
|
|
},
|
|
"blocked_until_approved": {
|
|
"type": "boolean",
|
|
"const": true
|
|
},
|
|
"evidence_refs": {
|
|
"type": "array",
|
|
"items": {"type": "string"}
|
|
}
|
|
},
|
|
"additionalProperties": false
|
|
}
|
|
},
|
|
"finding_ingestion_policy": {
|
|
"type": "object",
|
|
"required": [
|
|
"finding_contract",
|
|
"consumption_mode",
|
|
"redaction_required",
|
|
"runtime_ingestion_status",
|
|
"storage_landing",
|
|
"awooop_allowed_actions",
|
|
"awooop_forbidden_actions"
|
|
],
|
|
"properties": {
|
|
"finding_contract": {"type": "string"},
|
|
"consumption_mode": {
|
|
"type": "string",
|
|
"enum": ["mirror_only", "approval_only"]
|
|
},
|
|
"redaction_required": {"type": "boolean"},
|
|
"runtime_ingestion_status": {"type": "string"},
|
|
"storage_landing": {
|
|
"type": "array",
|
|
"items": {"type": "string"}
|
|
},
|
|
"awooop_allowed_actions": {
|
|
"type": "array",
|
|
"items": {"type": "string"}
|
|
},
|
|
"awooop_forbidden_actions": {
|
|
"type": "array",
|
|
"items": {"type": "string"}
|
|
}
|
|
},
|
|
"additionalProperties": false
|
|
},
|
|
"still_forbidden": {
|
|
"type": "array",
|
|
"items": {"type": "string"}
|
|
}
|
|
},
|
|
"additionalProperties": false
|
|
}
|