@cyclonedx/cdxgen 12.3.3 → 12.4.0

package/data/queries.json

@@ -38,12 +38,26 @@
   "apt_sources": {
     "query": "select * from apt_sources;",
     "description": "Retrieves all the APT sources to install packages from in the target Linux system.",
-    "purlType": "deb"
+    "purlType": "generic",
+    "componentType": "data"
+  },
+  "apt_ppa_sources": {
+    "query": "SELECT COALESCE(name, base_uri, source) as name, release as version, maintainer as publisher, source as description, source, base_uri, release, components, architectures FROM apt_sources WHERE base_uri LIKE '%ppa.launchpadcontent.net%' OR base_uri LIKE '%ppa.launchpad.net%';",
+    "description": "APT Personal Package Archive (PPA) sources configured on the target Linux system.",
+    "purlType": "generic",
+    "componentType": "data"
   },
   "yum_sources": {
     "query": "select * from yum_sources;",
     "description": "Display yum package manager sources.",
-    "purlType": "yum"
+    "purlType": "generic",
+    "componentType": "data"
+  },
+  "trusted_gpg_keys": {
+    "query": "SELECT COALESCE(file.filename, file.path) as name, hash.sha256 as version, file.path as description, file.path, file.directory, file.filename, file.uid, file.gid, file.mode, file.size, file.mtime, hash.sha1, hash.sha256, CASE WHEN file.path LIKE '/etc/apt/%' OR file.path LIKE '/usr/share/keyrings/%' THEN 'apt' WHEN file.path LIKE '/etc/pki/rpm-gpg/%' OR file.path LIKE '/usr/share/distribution-gpg-keys/%' THEN 'rpm' WHEN file.path LIKE '/etc/apk/keys/%' THEN 'apk' ELSE 'generic' END AS trust_domain FROM file JOIN hash USING (path) WHERE (file.path = '/etc/apt/trusted.gpg' OR file.path LIKE '/etc/apt/trusted.gpg.d/%' OR file.path LIKE '/usr/share/keyrings/%' OR file.path LIKE '/etc/pki/rpm-gpg/%' OR file.path LIKE '/usr/share/distribution-gpg-keys/%' OR file.path LIKE '/etc/apk/keys/%') AND file.type = 'regular';",
+    "description": "Trusted repository keyring material for APT, RPM/DNF, and APK package trust validation.",
+    "purlType": "generic",
+    "componentType": "cryptographic-asset"
   },
   "portage_packages": {
     "query": "select * from portage_packages;",
@@ -60,6 +74,11 @@
     "description": "Python packages installed on system.",
     "purlType": "pypi"
   },
+  "npm_packages": {
+    "query": "SELECT * FROM npm_packages;",
+    "description": "Node packages installed on the system, including recursively discovered modern package manager layouts.",
+    "purlType": "npm"
+  },
   "system_info_snapshot": {
     "query": "SELECT * FROM system_info;",
     "description": "System info snapshot query.",
@@ -108,12 +127,30 @@
     "purlType": "swid",
     "componentType": "data"
   },
+  "sysctl_hardening": {
+    "query": "SELECT name, current_value as version, name as sysctl_key, current_value FROM sysctl WHERE name IN ('kernel.randomize_va_space', 'kernel.kptr_restrict', 'net.ipv4.conf.all.accept_redirects', 'net.ipv4.conf.default.accept_redirects', 'net.ipv4.conf.all.send_redirects', 'net.ipv4.conf.default.send_redirects');",
+    "description": "Linux sysctl posture entries aligned with common hardening baselines.",
+    "purlType": "swid",
+    "componentType": "data"
+  },
   "kernel_modules": {
     "query": "SELECT * FROM kernel_modules;",
     "description": "Linux kernel modules both loaded and within the load search path.",
     "purlType": "swid",
     "componentType": "data"
   },
+  "secureboot_certificates": {
+    "query": "SELECT COALESCE(common_name, subject, sha1) as name, COALESCE(subject_key_id, sha1) as version, issuer as publisher, subject as description, common_name, subject, issuer, serial, sha1, revoked, path, is_ca, self_signed, key_usage, authority_key_id, subject_key_id, signing_algorithm, key_algorithm, key_strength, not_valid_before, not_valid_after FROM secureboot_certificates;",
+    "description": "UEFI Secure Boot certificate inventory, including trusted and revoked entries, for firmware trust posture reviews.",
+    "purlType": "swid",
+    "componentType": "data"
+  },
+  "mount_hardening": {
+    "query": "SELECT path as name, flags as version, device as description, path, device, type, flags FROM mounts WHERE path IN ('/tmp', '/var/tmp', '/dev/shm', '/home');",
+    "description": "Linux mount points commonly reviewed for noexec, nodev, and nosuid hardening.",
+    "purlType": "swid",
+    "componentType": "data"
+  },
   "systemd_units": {
     "query": "SELECT id as name, active_state as version, description, load_state, sub_state, unit_file_state, user, fragment_path, source_path FROM systemd_units;",
     "description": "Systemd unit state and execution source inventory.",

package/data/rules/ai-agent-governance.yaml

@@ -3,9 +3,11 @@
   description: "Hidden Unicode in AI agent instructions or skill files can conceal misleading prompts, hidden tool behavior, or review-evasion content."
   severity: medium
   category: ai-agent
+  dry-run-support: full
   standards:
     owasp-ai-top-10:
       - "LLM05: Supply Chain Vulnerabilities"
+      - "LLM03:2025 Supply Chain"
     nist-ai-rmf:
       - "Govern"
       - "Manage"
@@ -35,6 +37,7 @@
   description: "Public MCP endpoints referenced from agent or skill files deserve review when the instruction surface does not indicate any bearer, token, or OAuth controls."
   severity: high
   category: ai-agent
+  dry-run-support: full
   attack:
     tactics: [TA0001]
     techniques: [T1190]
@@ -42,6 +45,7 @@
     owasp-ai-top-10:
       - "LLM07: Insecure Plugin Design"
       - "LLM08: Excessive Agency"
+      - "LLM06:2025 Excessive Agency"
     nist-ai-rmf:
       - "Map"
       - "Manage"
@@ -72,10 +76,13 @@
   description: "Agent files that mention MCP servers, packages, or endpoints without corresponding MCP package inventory or source-derived MCP services can hide runtime trust dependencies from reviewers."
   severity: medium
   category: ai-agent
+  dry-run-support: full
   standards:
     owasp-ai-top-10:
       - "LLM05: Supply Chain Vulnerabilities"
       - "LLM08: Excessive Agency"
+      - "LLM03:2025 Supply Chain"
+      - "LLM06:2025 Excessive Agency"
     nist-ai-rmf:
       - "Map"
       - "Govern"
@@ -107,6 +114,7 @@
   description: "Localhost tunneling and reverse-proxy references in agent files can turn development-only MCP servers into remotely reachable control surfaces."
   severity: high
   category: ai-agent
+  dry-run-support: full
   attack:
     tactics: [TA0001, TA0011]
     techniques: [T1190, T1071]
@@ -114,6 +122,7 @@
     owasp-ai-top-10:
       - "LLM07: Insecure Plugin Design"
       - "LLM08: Excessive Agency"
+      - "LLM06:2025 Excessive Agency"
     nist-ai-rmf:
       - "Map"
       - "Manage"
@@ -142,10 +151,12 @@
   description: "Non-official MCP wrappers referenced directly from agent instructions deserve extra review before they are trusted in developer tooling or automation flows."
   severity: medium
   category: ai-agent
+  dry-run-support: full
   standards:
     owasp-ai-top-10:
       - "LLM05: Supply Chain Vulnerabilities"
       - "LLM07: Insecure Plugin Design"
+      - "LLM03:2025 Supply Chain"
     nist-ai-rmf:
       - "Govern"
       - "Map"
@@ -174,6 +185,7 @@
   description: "Agent or skill files that embed bearer tokens, API keys, or similar secrets create immediate review and credential-rotation risk."
   severity: critical
   category: ai-agent
+  dry-run-support: full
   attack:
     tactics: [TA0006]
     techniques: [T1552]
@@ -181,6 +193,7 @@
     owasp-ai-top-10:
       - "LLM05: Supply Chain Vulnerabilities"
       - "LLM07: Insecure Plugin Design"
+      - "LLM03:2025 Supply Chain"
     nist-ai-rmf:
       - "Govern"
       - "Manage"
@@ -210,10 +223,13 @@
   description: "Shipped AI instruction and skill files deserve explicit review because they can alter developer tooling, release-time automation, and downstream runtime behavior."
   severity: medium
   category: ai-agent
+  dry-run-support: full
   standards:
     owasp-ai-top-10:
       - "LLM05: Supply Chain Vulnerabilities"
       - "LLM08: Excessive Agency"
+      - "LLM03:2025 Supply Chain"
+      - "LLM06:2025 Excessive Agency"
     nist-ai-rmf:
       - "Govern"
       - "Map"

package/data/rules/asar-archives.yaml

@@ -0,0 +1,150 @@
+# Electron ASAR archive security rules
+# Category: asar-archive
+# Evaluates packaged Electron application archives for dynamic execution,
+# capability overlap, integrity mismatches, and embedded install-time scripts.
+
+- id: ASAR-001
+  name: "Archived JavaScript with eval or dynamic loading"
+  description: "ASAR-packaged JavaScript using eval, Function, or dynamic import/require deserves review for arbitrary code execution and remote payload loading risk."
+  severity: high
+  category: asar-archive
+  dry-run-support: full
+  condition: |
+    components[
+      $prop($, 'cdx:file:kind') = 'asar-entry'
+      and (
+        $propBool($, 'cdx:asar:js:hasEval') = true
+        or $propBool($, 'cdx:asar:js:capability:dynamicImport') = true
+        or $listContains($propList($, 'cdx:asar:js:executionIndicators'), 'eval')
+        or $listContains($propList($, 'cdx:asar:js:executionIndicators'), 'function-constructor')
+      )
+    ]
+  location: |
+    {
+      "bomRef": $. "bom-ref",
+      "srcFile": $prop($, 'SrcFile'),
+      "archivePath": $prop($, 'cdx:asar:path')
+    }
+  message: "Archived JavaScript '{{ name }}' uses eval-like or dynamic loading behavior inside an ASAR package"
+  mitigation: "Review the packaged source for eval, Function, dynamic import, or runtime module resolution. Prefer static imports and signed update channels."
+  evidence: |
+    {
+      "archivePath": $prop($, 'cdx:asar:path'),
+      "executionIndicators": $prop($, 'cdx:asar:js:executionIndicators'),
+      "dynamicImport": $prop($, 'cdx:asar:js:capability:dynamicImport'),
+      "hasEval": $prop($, 'cdx:asar:js:hasEval')
+    }
+
+- id: ASAR-002
+  name: "Archived JavaScript with network plus file or hardware access"
+  description: "Packaged JavaScript that combines outbound network capability with filesystem or hardware access can materially increase exfiltration or device-control risk."
+  severity: high
+  category: asar-archive
+  dry-run-support: full
+  condition: |
+    components[
+      $prop($, 'cdx:file:kind') = 'asar-entry'
+      and $propBool($, 'cdx:asar:js:capability:network') = true
+      and (
+        $propBool($, 'cdx:asar:js:capability:fileAccess') = true
+        or $propBool($, 'cdx:asar:js:capability:hardware') = true
+        or $propBool($, 'cdx:asar:js:hasDynamicFetch') = true
+      )
+    ]
+  location: |
+    {
+      "bomRef": $. "bom-ref",
+      "srcFile": $prop($, 'SrcFile'),
+      "archivePath": $prop($, 'cdx:asar:path')
+    }
+  message: "Archived JavaScript '{{ name }}' combines network behavior with sensitive local access capabilities"
+  mitigation: "Review outbound endpoints, local file access, and hardware APIs. Limit packaged code to explicit allowlisted operations and sign release artifacts."
+  evidence: |
+    {
+      "archivePath": $prop($, 'cdx:asar:path'),
+      "capabilities": $prop($, 'cdx:asar:js:capabilities'),
+      "networkIndicators": $prop($, 'cdx:asar:js:networkIndicators'),
+      "hardwareIndicators": $prop($, 'cdx:asar:js:hardwareIndicators'),
+      "fileAccessIndicators": $prop($, 'cdx:asar:js:fileAccessIndicators')
+    }
+
+- id: ASAR-003
+  name: "Declared ASAR integrity mismatch"
+  description: "An ASAR entry whose declared integrity hash does not match the computed file hash may indicate tampering or packaging defects."
+  severity: high
+  category: asar-archive
+  dry-run-support: full
+  condition: |
+    components[
+      $prop($, 'cdx:file:kind') = 'asar-entry'
+      and $prop($, 'cdx:asar:integrityVerified') = 'false'
+    ]
+  location: |
+    {
+      "bomRef": $. "bom-ref",
+      "srcFile": $prop($, 'SrcFile'),
+      "archivePath": $prop($, 'cdx:asar:path')
+    }
+  message: "Archived entry '{{ name }}' has a declared integrity hash mismatch inside an ASAR package"
+  mitigation: "Rebuild the archive from trusted sources, verify signing provenance, and compare the packaged file to the expected release artifact."
+  evidence: |
+    {
+      "archivePath": $prop($, 'cdx:asar:path'),
+      "declaredHash": $prop($, 'cdx:asar:declaredIntegrityHash'),
+      "verified": $prop($, 'cdx:asar:integrityVerified')
+    }
+
+- id: ASAR-004
+  name: "Embedded npm package with install-time scripts inside ASAR"
+  description: "Node packages shipped inside ASAR archives that declare install/preinstall hooks are still useful compromise indicators during artifact review."
+  severity: high
+  category: asar-archive
+  dry-run-support: partial
+  condition: |
+    components[
+      $propBool($, 'cdx:npm:hasInstallScript') = true
+      and $contains($prop($, 'SrcFile'), '.asar#/')
+    ]
+  location: |
+    {
+      "bomRef": $. "bom-ref",
+      "purl": purl,
+      "srcFile": $prop($, 'SrcFile')
+    }
+  message: "Embedded npm package '{{ name }}@{{ version }}' inside ASAR declares install-time lifecycle scripts"
+  mitigation: "Review the embedded package source and build provenance. Remove unnecessary lifecycle hooks or vendor only prebuilt trusted artifacts."
+  evidence: |
+    {
+      "srcFile": $prop($, 'SrcFile'),
+      "lifecycleScripts": $prop($, 'cdx:npm:risky_scripts'),
+      "executionIndicators": $prop($, 'cdx:npm:lifecycleExecutionIndicators'),
+      "obfuscationIndicators": $prop($, 'cdx:npm:lifecycleObfuscationIndicators')
+    }
+
+- id: ASAR-005
+  name: "Electron ASAR signing metadata failed verification"
+  description: "Electron Info.plist signing metadata that fails verification is a high-signal indicator of packaging defects or release-artifact tampering."
+  severity: high
+  category: asar-archive
+  dry-run-support: full
+  condition: |
+    components[
+      $prop($, 'cdx:file:kind') = 'asar-archive'
+      and $propBool($, 'cdx:asar:hasSigningMetadata') = true
+      and $prop($, 'cdx:asar:signingVerified') = 'false'
+    ]
+  location: |
+    {
+      "bomRef": $. "bom-ref",
+      "srcFile": $prop($, 'SrcFile')
+    }
+  message: "ASAR archive '{{ name }}' has Electron signing metadata that failed verification"
+  mitigation: "Rebuild the Electron package from trusted sources, verify the Info.plist ElectronAsarIntegrity data, and confirm the shipped ASAR matches the expected signed release artifact."
+  evidence: |
+    {
+      "signingDeclaredHash": $prop($, 'cdx:asar:signingDeclaredHash'),
+      "signingAlgorithm": $prop($, 'cdx:asar:signingAlgorithm'),
+      "signingSource": $prop($, 'cdx:asar:signingSource'),
+      "signingScope": $prop($, 'cdx:asar:signingScope'),
+      "signingVerified": $prop($, 'cdx:asar:signingVerified')
+    }

package/data/rules/chrome-extensions.yaml

@@ -7,6 +7,7 @@
   description: "Browser extensions with <all_urls> or wildcard host permissions can access and manipulate content on most websites"
   severity: high
   category: chrome-extension
+  dry-run-support: full
   condition: |
     components[
       $startsWith(purl, 'pkg:chrome-extension/')
@@ -35,6 +36,7 @@
   description: "Extensions that combine webRequest and webRequestBlocking can intercept and modify browser network traffic"
   severity: critical
   category: chrome-extension
+  dry-run-support: full
   condition: |
     components[
       $startsWith(purl, 'pkg:chrome-extension/')
@@ -60,6 +62,7 @@
   description: "Extensions injecting content scripts at document_start together with broad host permissions increase pre-DOM execution risk"
   severity: high
   category: chrome-extension
+  dry-run-support: full
   condition: |
     components[
       $startsWith(purl, 'pkg:chrome-extension/')
@@ -89,6 +92,7 @@
   description: "Autofill features handling credential or PII flows should be reviewed when broad host permissions are granted"
   severity: medium
   category: chrome-extension
+  dry-run-support: full
   condition: |
     components[
       $startsWith(purl, 'pkg:chrome-extension/')
@@ -119,6 +123,7 @@
   description: "Extensions requesting file or device-adjacent capabilities alongside broad host scope can increase data collection and exfiltration risk."
   severity: high
   category: chrome-extension
+  dry-run-support: full
   condition: |
     components[
       $startsWith(purl, 'pkg:chrome-extension/')
@@ -153,6 +158,7 @@
   description: "Extensions with explicit code-injection capability and broad host scope may execute arbitrary script logic across many origins."
   severity: critical
   category: chrome-extension
+  dry-run-support: full
   condition: |
     components[
       $startsWith(purl, 'pkg:chrome-extension/')
@@ -183,6 +189,7 @@
   description: "Fingerprinting-related capability indicators combined with broad host access can increase tracking and privacy risk."
   severity: high
   category: chrome-extension
+  dry-run-support: full
   condition: |
     components[
       $startsWith(purl, 'pkg:chrome-extension/')
@@ -213,6 +220,7 @@
   description: "Extensions targeting AI assistant domains (OpenAI/ChatGPT/Claude/Copilot) with code-injection capability should be reviewed for prompt/session manipulation risk."
   severity: high
   category: chrome-extension
+  dry-run-support: full
   condition: |
     components[
       $startsWith(purl, 'pkg:chrome-extension/')

package/data/rules/ci-permissions.yaml

@@ -7,8 +7,9 @@
   description: "GitHub Actions referenced by tag/branch in workflows with write permissions pose supply chain risk"
   severity: high
   category: ci-permission
+  dry-run-support: full
   attack:
-    tactics: [TA0001, TA0004]
+    tactics: [TA0001]
     techniques: [T1195.001]
   condition: |
     $auditComponents($)[
@@ -37,6 +38,7 @@
   description: "Workflows or jobs granting id-token:write to third-party actions may enable token exfiltration"
   severity: high
   category: ci-permission
+  dry-run-support: full
   attack:
     tactics: [TA0006]
     techniques: [T1528]
@@ -68,8 +70,9 @@
   description: "GitHub Actions pinned to tags (vs SHA) can change behavior unexpectedly if tag is moved"
   severity: medium
   category: ci-permission
+  dry-run-support: full
   attack:
-    tactics: [TA0001, TA0005]
+    tactics: [TA0001]
     techniques: [T1195.001]
   condition: |
     $auditComponents($)[
@@ -89,6 +92,7 @@
   description: "pull_request_target can execute code in the context of the base branch, risking secret exposure"
   severity: medium
   category: ci-permission
+  dry-run-support: full
   attack:
     tactics: [TA0001, TA0004]
   condition: |
@@ -112,8 +116,9 @@
   description: "actions/checkout with persist-credentials=true (default) exposes GITHUB_TOKEN to subsequent steps"
   severity: medium
   category: ci-permission
+  dry-run-support: full
   attack:
-    tactics: [TA0004, TA0006]
+    tactics: [TA0006]
     techniques: [T1552]
   condition: |
     $auditComponents($)[
@@ -142,8 +147,9 @@
   description: "GitHub Actions cache can be poisoned when used in workflows triggered by untrusted input (e.g., pull_request from forks)"
   severity: high
   category: ci-permission
+  dry-run-support: full
   attack:
-    tactics: [TA0001, TA0005]
+    tactics: [TA0001]
     techniques: [T1195.001]
   condition: |
     $auditComponents($)[
@@ -180,8 +186,9 @@
   description: "Direct interpolation of github.event.* or inputs.* into run: blocks enables command injection"
   severity: critical
   category: ci-permission
+  dry-run-support: full
   attack:
-    tactics: [TA0002, TA0004]
+    tactics: [TA0002]
     techniques: [T1059]
   condition: |
     $auditComponents($)[
@@ -205,6 +212,7 @@
   description: "Triggers like pull_request_target, issue_comment, or workflow_run combined with write permissions enable privilege escalation"
   severity: high
   category: ci-permission
+  dry-run-support: full
   attack:
     tactics: [TA0001, TA0004]
   condition: |
@@ -234,6 +242,7 @@
   description: "Hidden Unicode in workflow files can disguise malicious logic, comments, or diffs and should be reviewed before merge"
   severity: medium
   category: ci-permission
+  dry-run-support: full
   attack:
     tactics: [TA0005]
     techniques: [T1027]
@@ -260,8 +269,9 @@
   description: "npm and PyPI publishing should prefer trusted publishing or OIDC-backed flows instead of long-lived token secrets or explicit --token arguments"
   severity: medium
   category: ci-permission
+  dry-run-support: full
   attack:
-    tactics: [TA0006, TA0010]
+    tactics: [TA0006]
     techniques: [T1528]
   condition: |
     $auditComponents($)[
@@ -287,8 +297,9 @@
   description: "Reusable workflows invoked from external repositories with secrets: inherit expand the trust boundary and can expose repository credentials"
   severity: high
   category: ci-permission
+  dry-run-support: full
   attack:
-    tactics: [TA0006, TA0008]
+    tactics: [TA0006]
     techniques: [T1528, T1552]
   condition: |
     $auditComponents($)[
@@ -315,8 +326,9 @@
   description: "Reusable workflows referenced by tag or branch can change behavior without review and should be pinned to immutable SHAs"
   severity: medium
   category: ci-permission
+  dry-run-support: full
   attack:
-    tactics: [TA0001, TA0005]
+    tactics: [TA0001]
     techniques: [T1195.001]
   condition: |
     $auditComponents($)[
@@ -342,6 +354,7 @@
   description: "High-risk triggers executing on self-hosted runners can expose internal network access, credentials, and long-lived runner state"
   severity: high
   category: ci-permission
+  dry-run-support: full
   attack:
     tactics: [TA0004, TA0008]
   condition: |
@@ -373,8 +386,9 @@
   description: "Writing to GITHUB_ENV, GITHUB_PATH, or GITHUB_OUTPUT in privileged workflows can persist attacker-controlled state across later steps and jobs"
   severity: high
   category: ci-permission
+  dry-run-support: full
   attack:
-    tactics: [TA0003, TA0004, TA0005]
+    tactics: [TA0002]
     techniques: [T1059]
   condition: |
     $auditComponents($)[
@@ -406,8 +420,9 @@
   description: "Run steps that invoke outbound network tools while transmitting secrets, github.token, or OIDC request context are strong exfiltration indicators"
   severity: high
   category: ci-permission
+  dry-run-support: full
   attack:
-    tactics: [TA0006, TA0010]
+    tactics: [TA0010]
     techniques: [T1048]
   condition: |
     $auditComponents($)[
@@ -436,8 +451,9 @@
   description: "workflow_call producers that request caller-provided secrets while also holding write or OIDC permissions expand the blast radius across repositories and workflows"
   severity: high
   category: ci-permission
+  dry-run-support: full
   attack:
-    tactics: [TA0006, TA0008]
+    tactics: [TA0006]
     techniques: [T1528, T1552]
   condition: |
     $auditWorkflows($)[
@@ -468,6 +484,7 @@
   description: "workflow_call producers that both accept caller-controlled inputs and emit outputs from privileged execution contexts can propagate unsafe values into downstream trusted jobs"
   severity: medium
   category: ci-permission
+  dry-run-support: full
   attack:
     tactics: [TA0003, TA0004]
   condition: |
@@ -500,8 +517,9 @@
   description: "Dispatching workflow_dispatch or repository_dispatch from fork-reachable or privileged jobs can create a lateral-movement path into downstream workflows with broader credentials"
   severity: high
   category: ci-permission
+  dry-run-support: full
   attack:
-    tactics: [TA0004, TA0008]
+    tactics: [TA0006]
     techniques: [T1528]
   condition: |
     $auditComponents($)[
@@ -543,8 +561,9 @@
   description: "Dispatch chains that inspect pull_request head-repository or fork context before invoking downstream workflows are strong signals of fork-to-privileged lateral movement"
   severity: critical
   category: ci-permission
+  dry-run-support: full
   attack:
-    tactics: [TA0004, TA0008]
+    tactics: [TA0006]
     techniques: [T1528, T1552]
   condition: |
     $auditComponents($)[
@@ -581,8 +600,9 @@
   description: "Checking out github.event.pull_request.head.* repository or ref inside pull_request_target executes untrusted fork code with base-repository privileges"
   severity: critical
   category: ci-permission
+  dry-run-support: full
   attack:
-    tactics: [TA0001, TA0004]
+    tactics: [TA0001, TA0006]
     techniques: [T1195.001, T1552]
   condition: |
     $auditComponents($)[
@@ -616,8 +636,9 @@
   description: "High-risk GitHub Actions workflows that omit explicit permissions blocks while still performing sensitive operations may rely on repository-default token scopes. This is a review heuristic, not proof of write access."
   severity: medium
   category: ci-permission
+  dry-run-support: full
   attack:
-    tactics: [TA0004, TA0006]
+    tactics: [TA0006]
     techniques: [T1528, T1552]
   condition: |
     $auditComponents($)[
@@ -649,8 +670,9 @@
   description: "Explicitly disabling setup-node caching reduces tamper resistance and reviewability when npm dependencies are resolved from remote package distributions"
   severity: medium
   category: ci-permission
+  dry-run-support: full
   attack:
-    tactics: [TA0005]
+    tactics: [TA0001]
     techniques: [T1195.001]
   condition: |
     $auditComponents($)[
@@ -706,8 +728,9 @@
   description: "Explicitly disabling setup-python caching reduces tamper resistance and reviewability when PyPI dependencies are resolved from remote archives or VCS sources"
   severity: medium
   category: ci-permission
+  dry-run-support: full
   attack:
-    tactics: [TA0005]
+    tactics: [TA0001]
     techniques: [T1195.001]
   condition: |
     $auditComponents($)[
@@ -747,8 +770,9 @@
   description: "Explicitly disabling Cargo setup caching reduces tamper resistance and reviewability when Cargo manifests rely on git dependencies"
   severity: medium
   category: ci-permission
+  dry-run-support: full
   attack:
-    tactics: [TA0005]
+    tactics: [TA0001]
     techniques: [T1195.001]
   condition: |
     $auditComponents($)[