heimdall_tools 1.3.43 → 1.3.44

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c43f6e237587993013cf521088d30cc83404ff141ec8b172ae8562bd8a48d977
-  data.tar.gz: e9ee689580ae95807ca329d086228f3ded50b2e6a162276e0d2d222729c42767
+  metadata.gz: 75e8a6020d8b250e1c11bc8c90de7b73196d430925eb8adcfe8dfa5e2b27771e
+  data.tar.gz: dc2596fca0d74044f64c61cba90eae4490c58268545cd68a9f7a02e794c2b8a4
 SHA512:
-  metadata.gz: 9d4880095e40720edc57619f79c5dd8a4000be7c16e9be8395e23057f3cd4f33844bea39c7d5f7814fbf9553b903057faf3ae49792f2f7fca4e0e89368ae4ad3
-  data.tar.gz: 95395b98c52a5854ca5115e3fea4159ccab351445a4a79fa241ecdc2c60f0f41b86f1328476b62594f3eb5d56bd02dc727b4172878a5aac8db38803318b6328d
+  metadata.gz: f51de7c47656ea8e36df9bc8e8cbe30c3f956c77a6997f65e50da918268223b70a59a3efb84aa0c9eabd45123bd347275ee5ff6952ede11dd9c86db144549a26
+  data.tar.gz: a49c2241be26e5d8f4d4db2db7ead81de00f6a0e506160c89040f61af079a9af266ec734c9f0e2f79d5f450ccfb5c347c0fa1125383a8280274a22fdbeb811e2

data/README.md

@@ -17,6 +17,21 @@ HeimdallTools supplies several methods to convert output from various tools to "
 - **aws_config_mapper** - assess, audit, and evaluate AWS resources
 - **netsparker_mapper** - web application security scanner
 
+## Want to recommend a mapper for another tool? Please use these steps:
+  1. Create an [issue](https://github.com/mitre/heimdall_tools/issues/new), and email saf@groups.mitre.org citing the issue link so we can help
+  2. Provide a sample output, preferably the most detailed the tool can provide, and also preferably in a machine-readable format, such as xml, json, or csv - whichever is natively available. If it is sensitive we'll work that in #3. (If it's an API only, we'll also just talk about it in #3)
+  3. Let's arrange a time to take a close look at the data it provides to get an idea of all it has to offer. We'll suggest an initial mapping of the HDF core elements. (see https://saf.mitre.org/#/normalize)
+  4. Note: if the tool doesn't provide a NIST SP 800-53 reference, we've worked on mappings to other references such as CWE or OWASP Top 10:  
+    https://github.com/mitre/heimdall_tools/tree/master/lib/data  
+    https://github.com/mitre/heimdall_tools/blob/master/lib/data/cwe-nist-mapping.csv  
+    https://github.com/mitre/heimdall_tools/blob/master/lib/data/owasp-nist-mapping.csv  
+  5. If the tool doesn't provide something for #4, or another core element such as impact, we'll help you identify a custom mapping approach.
+  6. We'll help you decide how to preserve any other information (non-core elements) the tool provides to ensure that all of the original tool's intent comes through for the user when the data is viewed in Heimdall.
+  7. Finally, We'll provide final peer review and support merging your pull request.
+We appreciate your contributions, but we're here to help!
+
+## How to Install Heimdall Tools:
+
 Ruby 2.4 or higher (check using "ruby -v")
 
 If installation of Ruby is required, perform these steps:

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: heimdall_tools
 version: !ruby/object:Gem::Version
-  version: 1.3.43
+  version: 1.3.44
 platform: ruby
 authors:
 - Robert Thew
@@ -10,7 +10,7 @@ authors:
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2021-04-16 00:00:00.000000000 Z
+date: 2021-04-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-configservice
@@ -88,14 +88,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.10.9
+        version: '1.11'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.10.9
+        version: '1.11'
 - !ruby/object:Gem::Dependency
   name: openssl
   requirement: !ruby/object:Gem::Requirement