@blamejs/exceptd-skills 0.16.14 → 0.16.16
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/AGENTS.md +3 -1
- package/CHANGELOG.md +8 -0
- package/README.md +5 -5
- package/bin/exceptd.js +3 -1
- package/data/_indexes/_meta.json +17 -15
- package/data/_indexes/activity-feed.json +16 -2
- package/data/_indexes/chains.json +7429 -451
- package/data/_indexes/currency.json +19 -1
- package/data/_indexes/frequency.json +135 -64
- package/data/_indexes/handoff-dag.json +9 -1
- package/data/_indexes/jurisdiction-map.json +11 -4
- package/data/_indexes/section-offsets.json +170 -0
- package/data/_indexes/stale-content.json +1 -1
- package/data/_indexes/summary-cards.json +77 -0
- package/data/_indexes/token-budget.json +103 -3
- package/data/_indexes/trigger-table.json +98 -1
- package/data/_indexes/xref.json +45 -4
- package/data/cwe-catalog.json +21 -5
- package/data/playbooks/cloud-iam-incident.json +26 -5
- package/data/playbooks/framework.json +2 -0
- package/data/playbooks/multitenancy-isolation.json +660 -0
- package/data/playbooks/sbom.json +21 -6
- package/data/playbooks/self-update-integrity.json +636 -0
- package/manifest-snapshot.json +106 -2
- package/manifest-snapshot.sha256 +1 -1
- package/manifest.json +160 -48
- package/package.json +2 -2
- package/sbom.cdx.json +92 -32
- package/skills/multitenancy-isolation/skill.md +83 -0
- package/skills/self-update-integrity/skill.md +79 -0
package/data/cwe-catalog.json
CHANGED
|
@@ -1141,7 +1141,9 @@
|
|
|
1141
1141
|
"CAPEC-75",
|
|
1142
1142
|
"CAPEC-39"
|
|
1143
1143
|
],
|
|
1144
|
-
"skills_referencing": [
|
|
1144
|
+
"skills_referencing": [
|
|
1145
|
+
"self-update-integrity"
|
|
1146
|
+
],
|
|
1145
1147
|
"evidence_cves": [
|
|
1146
1148
|
"CVE-2026-32202"
|
|
1147
1149
|
],
|
|
@@ -1324,6 +1326,7 @@
|
|
|
1324
1326
|
],
|
|
1325
1327
|
"skills_referencing": [
|
|
1326
1328
|
"mcp-agent-trust",
|
|
1329
|
+
"self-update-integrity",
|
|
1327
1330
|
"supply-chain-integrity"
|
|
1328
1331
|
],
|
|
1329
1332
|
"evidence_cves": [
|
|
@@ -1754,6 +1757,7 @@
|
|
|
1754
1757
|
],
|
|
1755
1758
|
"skills_referencing": [
|
|
1756
1759
|
"sector-federal-government",
|
|
1760
|
+
"self-update-integrity",
|
|
1757
1761
|
"supply-chain-integrity"
|
|
1758
1762
|
],
|
|
1759
1763
|
"evidence_cves": [
|
|
@@ -1840,6 +1844,7 @@
|
|
|
1840
1844
|
"identity-assurance",
|
|
1841
1845
|
"idp-incident-response",
|
|
1842
1846
|
"mail-server-hardening",
|
|
1847
|
+
"multitenancy-isolation",
|
|
1843
1848
|
"sector-financial",
|
|
1844
1849
|
"vc-wallet-trust",
|
|
1845
1850
|
"webapp-security"
|
|
@@ -2579,6 +2584,7 @@
|
|
|
2579
2584
|
"skills_referencing": [
|
|
2580
2585
|
"audit-log-integrity",
|
|
2581
2586
|
"network-trust",
|
|
2587
|
+
"self-update-integrity",
|
|
2582
2588
|
"vc-wallet-trust"
|
|
2583
2589
|
]
|
|
2584
2590
|
},
|
|
@@ -3065,7 +3071,8 @@
|
|
|
3065
3071
|
"_auto_imported": true,
|
|
3066
3072
|
"_intake_method": "v0.13.18-bulk-mitre-cwe-curated",
|
|
3067
3073
|
"skills_referencing": [
|
|
3068
|
-
"mail-server-hardening"
|
|
3074
|
+
"mail-server-hardening",
|
|
3075
|
+
"multitenancy-isolation"
|
|
3069
3076
|
]
|
|
3070
3077
|
},
|
|
3071
3078
|
"CWE-285": {
|
|
@@ -3572,7 +3579,10 @@
|
|
|
3572
3579
|
"last_verified": "2026-05-19",
|
|
3573
3580
|
"notes": "Bulk-imported v0.13.18 from the canonical MITRE Top 25 + commonly-referenced-class expansion.",
|
|
3574
3581
|
"_auto_imported": true,
|
|
3575
|
-
"_intake_method": "v0.13.18-bulk-mitre-cwe-curated"
|
|
3582
|
+
"_intake_method": "v0.13.18-bulk-mitre-cwe-curated",
|
|
3583
|
+
"skills_referencing": [
|
|
3584
|
+
"multitenancy-isolation"
|
|
3585
|
+
]
|
|
3576
3586
|
},
|
|
3577
3587
|
"CWE-640": {
|
|
3578
3588
|
"id": "CWE-640",
|
|
@@ -3768,7 +3778,10 @@
|
|
|
3768
3778
|
"last_verified": "2026-05-19",
|
|
3769
3779
|
"notes": "Bulk-imported v0.13.18 from the canonical MITRE Top 25 + commonly-referenced-class expansion.",
|
|
3770
3780
|
"_auto_imported": true,
|
|
3771
|
-
"_intake_method": "v0.13.18-bulk-mitre-cwe-curated"
|
|
3781
|
+
"_intake_method": "v0.13.18-bulk-mitre-cwe-curated",
|
|
3782
|
+
"skills_referencing": [
|
|
3783
|
+
"multitenancy-isolation"
|
|
3784
|
+
]
|
|
3772
3785
|
},
|
|
3773
3786
|
"CWE-772": {
|
|
3774
3787
|
"id": "CWE-772",
|
|
@@ -4457,7 +4470,10 @@
|
|
|
4457
4470
|
"CVE-2024-21626"
|
|
4458
4471
|
],
|
|
4459
4472
|
"last_verified": "2026-05-19",
|
|
4460
|
-
"notes": "Added v0.13.19 to back the runc /proc/self/fd container-escape (CVE-2024-21626) cwe_refs entry."
|
|
4473
|
+
"notes": "Added v0.13.19 to back the runc /proc/self/fd container-escape (CVE-2024-21626) cwe_refs entry.",
|
|
4474
|
+
"skills_referencing": [
|
|
4475
|
+
"multitenancy-isolation"
|
|
4476
|
+
]
|
|
4461
4477
|
},
|
|
4462
4478
|
"CWE-340": {
|
|
4463
4479
|
"id": "CWE-340",
|
|
@@ -60,7 +60,8 @@
|
|
|
60
60
|
}
|
|
61
61
|
],
|
|
62
62
|
"fed_by": [
|
|
63
|
-
"identity-sso-compromise"
|
|
63
|
+
"identity-sso-compromise",
|
|
64
|
+
"multitenancy-isolation"
|
|
64
65
|
]
|
|
65
66
|
},
|
|
66
67
|
"domain": {
|
|
@@ -976,7 +977,15 @@
|
|
|
976
977
|
"rotation_ownership_identified == true"
|
|
977
978
|
],
|
|
978
979
|
"priority": 1,
|
|
979
|
-
"for_signals": [
|
|
980
|
+
"for_signals": [
|
|
981
|
+
"root_login_from_new_asn",
|
|
982
|
+
"iam_access_key_created_no_iac_ticket",
|
|
983
|
+
"mass_iam_user_creation_outside_iac",
|
|
984
|
+
"cross_account_assume_role_anomaly",
|
|
985
|
+
"kms_key_policy_self_grant",
|
|
986
|
+
"s3_bucket_policy_public_grant",
|
|
987
|
+
"cloudtrail_logging_disabled_event"
|
|
988
|
+
],
|
|
980
989
|
"compensating_controls": [
|
|
981
990
|
"session-revocation",
|
|
982
991
|
"audit-log-review-for-misuse-window",
|
|
@@ -992,7 +1001,15 @@
|
|
|
992
1001
|
"iam_read_only_across_org == true"
|
|
993
1002
|
],
|
|
994
1003
|
"priority": 2,
|
|
995
|
-
"for_signals": [
|
|
1004
|
+
"for_signals": [
|
|
1005
|
+
"cross_account_assume_role_anomaly",
|
|
1006
|
+
"mass_iam_user_creation_outside_iac",
|
|
1007
|
+
"iam_access_key_created_no_iac_ticket",
|
|
1008
|
+
"kms_key_policy_self_grant",
|
|
1009
|
+
"s3_bucket_policy_public_grant",
|
|
1010
|
+
"gpu_instance_creation_spike",
|
|
1011
|
+
"unused_region_resource_creation"
|
|
1012
|
+
],
|
|
996
1013
|
"compensating_controls": [
|
|
997
1014
|
"iam-event-review-completed",
|
|
998
1015
|
"scp-tightened",
|
|
@@ -1007,7 +1024,9 @@
|
|
|
1007
1024
|
"imdsv2_migration_blocker_inventory_complete == true"
|
|
1008
1025
|
],
|
|
1009
1026
|
"priority": 2,
|
|
1010
|
-
"for_signals": [
|
|
1027
|
+
"for_signals": [
|
|
1028
|
+
"imds_v1_legacy_access"
|
|
1029
|
+
],
|
|
1011
1030
|
"compensating_controls": [
|
|
1012
1031
|
"imdsv2-enforced-org-wide",
|
|
1013
1032
|
"scp-deny-imdsv1-launch"
|
|
@@ -1021,7 +1040,9 @@
|
|
|
1021
1040
|
"federated_trust_inventory_complete == true"
|
|
1022
1041
|
],
|
|
1023
1042
|
"priority": 2,
|
|
1024
|
-
"for_signals": [
|
|
1043
|
+
"for_signals": [
|
|
1044
|
+
"cross_account_assume_role_anomaly"
|
|
1045
|
+
],
|
|
1025
1046
|
"compensating_controls": [
|
|
1026
1047
|
"federated-trust-tightened",
|
|
1027
1048
|
"conditional-access-mfa-required-on-admin"
|
|
@@ -61,10 +61,12 @@
|
|
|
61
61
|
"llm-tool-use-exfil",
|
|
62
62
|
"mail-server-hardening",
|
|
63
63
|
"mcp",
|
|
64
|
+
"multitenancy-isolation",
|
|
64
65
|
"network-trust",
|
|
65
66
|
"post-quantum-migration",
|
|
66
67
|
"ransomware",
|
|
67
68
|
"sbom",
|
|
69
|
+
"self-update-integrity",
|
|
68
70
|
"supply-chain-recovery",
|
|
69
71
|
"vc-wallet-trust",
|
|
70
72
|
"webhook-callback-abuse"
|