@blamejs/exceptd-skills 0.16.14 → 0.16.15
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/AGENTS.md +2 -1
- package/CHANGELOG.md +4 -0
- package/README.md +5 -5
- package/bin/exceptd.js +2 -1
- package/data/_indexes/_meta.json +16 -15
- package/data/_indexes/activity-feed.json +9 -2
- package/data/_indexes/chains.json +3597 -206
- package/data/_indexes/currency.json +10 -1
- package/data/_indexes/frequency.json +48 -25
- package/data/_indexes/handoff-dag.json +5 -1
- package/data/_indexes/jurisdiction-map.json +8 -4
- package/data/_indexes/section-offsets.json +85 -0
- package/data/_indexes/stale-content.json +1 -1
- package/data/_indexes/summary-cards.json +37 -0
- package/data/_indexes/token-budget.json +53 -3
- package/data/_indexes/trigger-table.json +48 -0
- package/data/_indexes/xref.json +19 -3
- package/data/cwe-catalog.json +6 -1
- package/data/playbooks/framework.json +1 -0
- package/data/playbooks/sbom.json +21 -6
- package/data/playbooks/self-update-integrity.json +636 -0
- package/manifest-snapshot.json +52 -2
- package/manifest-snapshot.sha256 +1 -1
- package/manifest.json +102 -48
- package/package.json +2 -2
- package/sbom.cdx.json +60 -30
- package/skills/self-update-integrity/skill.md +79 -0
package/data/cwe-catalog.json
CHANGED
|
@@ -1141,7 +1141,9 @@
|
|
|
1141
1141
|
"CAPEC-75",
|
|
1142
1142
|
"CAPEC-39"
|
|
1143
1143
|
],
|
|
1144
|
-
"skills_referencing": [
|
|
1144
|
+
"skills_referencing": [
|
|
1145
|
+
"self-update-integrity"
|
|
1146
|
+
],
|
|
1145
1147
|
"evidence_cves": [
|
|
1146
1148
|
"CVE-2026-32202"
|
|
1147
1149
|
],
|
|
@@ -1324,6 +1326,7 @@
|
|
|
1324
1326
|
],
|
|
1325
1327
|
"skills_referencing": [
|
|
1326
1328
|
"mcp-agent-trust",
|
|
1329
|
+
"self-update-integrity",
|
|
1327
1330
|
"supply-chain-integrity"
|
|
1328
1331
|
],
|
|
1329
1332
|
"evidence_cves": [
|
|
@@ -1754,6 +1757,7 @@
|
|
|
1754
1757
|
],
|
|
1755
1758
|
"skills_referencing": [
|
|
1756
1759
|
"sector-federal-government",
|
|
1760
|
+
"self-update-integrity",
|
|
1757
1761
|
"supply-chain-integrity"
|
|
1758
1762
|
],
|
|
1759
1763
|
"evidence_cves": [
|
|
@@ -2579,6 +2583,7 @@
|
|
|
2579
2583
|
"skills_referencing": [
|
|
2580
2584
|
"audit-log-integrity",
|
|
2581
2585
|
"network-trust",
|
|
2586
|
+
"self-update-integrity",
|
|
2582
2587
|
"vc-wallet-trust"
|
|
2583
2588
|
]
|
|
2584
2589
|
},
|
package/data/playbooks/sbom.json
CHANGED
|
@@ -115,6 +115,7 @@
|
|
|
115
115
|
"library-author",
|
|
116
116
|
"mcp",
|
|
117
117
|
"post-quantum-migration",
|
|
118
|
+
"self-update-integrity",
|
|
118
119
|
"supply-chain-recovery",
|
|
119
120
|
"webhook-callback-abuse"
|
|
120
121
|
]
|
|
@@ -1261,7 +1262,11 @@
|
|
|
1261
1262
|
"operator_authorized_for_package_upgrade == true"
|
|
1262
1263
|
],
|
|
1263
1264
|
"priority": 1,
|
|
1264
|
-
"for_signals": [
|
|
1265
|
+
"for_signals": [
|
|
1266
|
+
"package-matches-catalogued-cve",
|
|
1267
|
+
"kev-listed-match",
|
|
1268
|
+
"windsurf-vulnerable-version"
|
|
1269
|
+
],
|
|
1265
1270
|
"compensating_controls": [
|
|
1266
1271
|
"restart_affected_services_post_upgrade",
|
|
1267
1272
|
"regression_test_post_upgrade"
|
|
@@ -1275,7 +1280,9 @@
|
|
|
1275
1280
|
"ci_pipeline_modifiable == true"
|
|
1276
1281
|
],
|
|
1277
1282
|
"priority": 2,
|
|
1278
|
-
"for_signals": [
|
|
1283
|
+
"for_signals": [
|
|
1284
|
+
"lockfile-no-integrity"
|
|
1285
|
+
],
|
|
1279
1286
|
"compensating_controls": [
|
|
1280
1287
|
"lockfile_review_in_pr_template"
|
|
1281
1288
|
],
|
|
@@ -1300,7 +1307,9 @@
|
|
|
1300
1307
|
"sbom_tooling_supports_transitive == true"
|
|
1301
1308
|
],
|
|
1302
1309
|
"priority": 4,
|
|
1303
|
-
"for_signals": [
|
|
1310
|
+
"for_signals": [
|
|
1311
|
+
"transitive-deps-incomplete-sbom"
|
|
1312
|
+
],
|
|
1304
1313
|
"compensating_controls": [
|
|
1305
1314
|
"sbom_completeness_gate_in_ci"
|
|
1306
1315
|
],
|
|
@@ -1313,7 +1322,9 @@
|
|
|
1313
1322
|
"security_team_capacity_for_vex == true"
|
|
1314
1323
|
],
|
|
1315
1324
|
"priority": 5,
|
|
1316
|
-
"for_signals": [
|
|
1325
|
+
"for_signals": [
|
|
1326
|
+
"matched-cve-without-vex"
|
|
1327
|
+
],
|
|
1317
1328
|
"compensating_controls": [
|
|
1318
1329
|
"vex_template_in_security_playbook"
|
|
1319
1330
|
],
|
|
@@ -1327,7 +1338,9 @@
|
|
|
1327
1338
|
"ci_or_pre-commit_modifiable == true"
|
|
1328
1339
|
],
|
|
1329
1340
|
"priority": 6,
|
|
1330
|
-
"for_signals": [
|
|
1341
|
+
"for_signals": [
|
|
1342
|
+
"ai-code-no-provenance"
|
|
1343
|
+
],
|
|
1331
1344
|
"compensating_controls": [
|
|
1332
1345
|
"pr_review_for_ai_emitted_code",
|
|
1333
1346
|
"ai_code_review_checklist"
|
|
@@ -1341,7 +1354,9 @@
|
|
|
1341
1354
|
"ml_loader_modifiable == true OR ml_inference_pipeline_owned == true"
|
|
1342
1355
|
],
|
|
1343
1356
|
"priority": 7,
|
|
1344
|
-
"for_signals": [
|
|
1357
|
+
"for_signals": [
|
|
1358
|
+
"model-weight-unsigned-and-executable-format"
|
|
1359
|
+
],
|
|
1345
1360
|
"compensating_controls": [
|
|
1346
1361
|
"model_inventory_review",
|
|
1347
1362
|
"non-safetensors_models_quarantined"
|