fix errors

wurstbrot · wurstbrot · commit 719192dc00b6 · 2025-09-18T14:13:11.000+02:00
diff --git a/src/assets/YAML/default/BuildAndDeployment/Build.yaml b/src/assets/YAML/default/BuildAndDeployment/Build.yaml
@@ -105,14 +105,16 @@ Build and Deployment:
         resources: 2
       usefulness: 3
       level: 2
+      tags:
+        - inventory
       implementation:
          - $ref: src/assets/YAML/default/implementations.yaml#/implementations/signing-of-containers
          - $ref: src/assets/YAML/default/implementations.yaml#/implementations/immutable-images
       dependsOn:
         - Defined build process
       references:
         samm2:
-          - I-SB-1-A
+          - I-SB-1-B
         iso27001-2017:
           - 14.2.6
         iso27001-2022:
@@ -145,7 +147,8 @@ Build and Deployment:
       implementation: []
       references:
         samm2:
-          - I-SB-1-A
+          - I-SB-1-B
+          - D-TA-1-A
         iso27001-2017:
           - 8.1
           - 8.2
diff --git a/src/assets/YAML/default/BuildAndDeployment/Deployment.yaml b/src/assets/YAML/default/BuildAndDeployment/Deployment.yaml
@@ -20,7 +20,7 @@ Build and Deployment:
         - Smoke Test
       references:
         samm2:
-          - I-SD-2-A
+          - I-SD-3-A
         iso27001-2017:
           - 17.2.1 # Availability of information processing facilities
           - 12.1.1 # Documented operational procedures
@@ -231,6 +231,7 @@ Build and Deployment:
       references:
         samm2:
           - I-SB-1-B
+          - D-TA-1-B
         iso27001-2017:
           - 8.1
           - 8.2
@@ -262,6 +263,7 @@ Build and Deployment:
       references:
         samm2:
           - I-SB-1-B
+          - D-TA-1-B
         iso27001-2017:
           - 8.1
           - 8.2
@@ -288,7 +290,8 @@ Build and Deployment:
         - Defined deployment process
       references:
         samm2:
-          - I-SD-1-A
+          - I-SD-2-A
+          - I-SD-3-A
         iso27001-2017:
           - 12.5.1
           - 14.2.2
@@ -321,6 +324,7 @@ Build and Deployment:
       references:
         samm2:
           - I-SD-2-A
+          - I-SD-3-A
         iso27001-2017:
           - 14.3.1
           - 14.2.8
diff --git a/src/assets/YAML/default/BuildAndDeployment/PatchManagement.yaml b/src/assets/YAML/default/BuildAndDeployment/PatchManagement.yaml
@@ -93,7 +93,7 @@ Build and Deployment:
       implementation: []
       references:
         samm2:
-          - O-EM-1-B
+          - O-EM-2-B
         iso27001-2017:
           - 12.6.1
         iso27001-2022:
diff --git a/src/assets/YAML/default/CultureAndOrganization/Design.yaml b/src/assets/YAML/default/CultureAndOrganization/Design.yaml
@@ -71,7 +71,8 @@ Culture and Organization:
       implementation: []
       references:
         samm2:
-          - D-TA-2-B
+          - D-TA-1-B
+          - D-TA-2-A
         iso27001-2017:
           - Not explicitly covered by ISO 27001
           - May be part of risk assessment
@@ -185,6 +186,7 @@ Culture and Organization:
       references:
         samm2:
           - D-TA-2-B
+          - V-RT-B-2
         iso27001-2017:
           - Not explicitly covered by ISO 27001
           - May be part of project management
@@ -257,6 +259,7 @@ Culture and Organization:
       references:
         samm2:
           - D-TA-3-B
+          - D-TA-2-B
         iso27001-2017:
           - Not explicitly covered by ISO 27001
           - May be part of risk assessment
@@ -288,7 +291,7 @@ Culture and Organization:
       implementation: []
       references:
         samm2:
-          - G-PS-2
+          - G-SM-2-A
         iso27001-2017:
           - 5.1.1
           - 7.2.1
diff --git a/src/assets/YAML/default/CultureAndOrganization/EducationAndGuidance.yaml b/src/assets/YAML/default/CultureAndOrganization/EducationAndGuidance.yaml
@@ -143,6 +143,7 @@ Culture and Organization:
       references:
         samm2:
           - G-EG-2-A
+          - G-EG-2-B
         iso27001-2017:
           - Mutual review of source code is not explicitly required in ISO 27001 may
             be
@@ -201,6 +202,7 @@ Culture and Organization:
       references:
         samm2:
           - G-EG-2-A
+          - O-IM-B-2
         iso27001-2017:
           - War games are not explicitly required in ISO 27001 may be
           - 7.2.2
@@ -301,7 +303,7 @@ Culture and Organization:
         - $ref: src/assets/YAML/default/implementations.yaml#/implementations/owasp-cheatsheet-series
       references:
         samm2:
-          - G-EG-3-A
+          - G-EG-2-A
         iso27001-2017:
           - 7.2.2
         iso27001-2022:
@@ -424,6 +426,7 @@ Culture and Organization:
       references:
         samm2:
           - G-EG-1-A
+          - G-EG-1-B
         iso27001-2017:
           - security consulting is missing in ISO 27001 may be
           - 6.1.1
@@ -453,6 +456,7 @@ Culture and Organization:
       implementation: []
       references:
         samm2:
+          - G-EG-3-B
           - O-IM-3-B
         iso27001-2017:
           - 16.1.6
@@ -493,7 +497,7 @@ Culture and Organization:
         - $ref: src/assets/YAML/default/implementations.yaml#/implementations/damn-vulnerable-web
       references:
         samm2:
-          - G-EG-1-A
+          - G-EG-2-A
         iso27001-2017:
           - 7.2.2
         iso27001-2022:
diff --git a/src/assets/YAML/default/TestAndVerification/Consolidation.yaml b/src/assets/YAML/default/TestAndVerification/Consolidation.yaml
@@ -196,7 +196,7 @@ Test and Verification:
       usefulness: 3
       level: 2
       dependsOn:
-        - uuid: c1acc8af-312e-4503-a817-a26220c993a0 # Simple false positive treatment
+        - uuid:c1acc8af-312e-4503-a817-a26220c993a0 # Simple false positive treatment
       implementation:
         - $ref: src/assets/YAML/default/implementations.yaml#/implementations/owasp-defectdojo
         - $ref: src/assets/YAML/default/implementations.yaml#/implementations/purify
@@ -341,8 +341,8 @@ Test and Verification:
       usefulness: 4
       level: 3
       dependsOn:
-        - uuid: 8f2b4d5a-3c1e-4b7a-9d8f-2e6c4a1b5d7f # Artifact-based false positive treatment
-        - uuid: 85ba5623-84be-4219-8892-808837be582d # Usage of a vulnerability management system
+        - uuid:8f2b4d5a-3c1e-4b7a-9d8f-2e6c4a1b5d7f # Artifact-based false positive treatment
+        - uuid:85ba5623-84be-4219-8892-808837be582d # Usage of a vulnerability management system
       implementation:
       references:
         samm2:
diff --git a/src/assets/YAML/default/implementations.yaml b/src/assets/YAML/default/implementations.yaml
@@ -179,7 +179,7 @@ implementations:
     url: https://www.owasp.org/index.php/Agile_Software_Development
     description:
       "[Do not Forget EVIL User Stories](https://www.owasp.org/index.php/Agile_Software_Development:_Don%27t_Forget_EVIL_User_Stories)\
-      \ and [Practical Security Stories and Security Tasks for Agile Development Environments](http://safecode.org/publication/SAFECode_Agile_Dev_Security0712.pdf)"
+      \ and [Practical Security Stories and Security Tasks for Agile Development Environments](https://safecode.org/publication/SAFECode_Agile_Dev_Security0712.pdf)"
   libyear:
     uuid: 2fff917f-205e-4eab-2e0e-1fab8c04bf33
     name: libyear
@@ -253,7 +253,7 @@ implementations:
     uuid: edaec98d-dac7-4dfd-8ab3-42c471d5b9ff
     name: CIS Kubernetes Bench for Security
     tags: []
-    url: https://www.cisecurity.org/cis-benchmarks/
+    url: https://www.cisecurity.org/cis-benchmarks/#
   cis-docker-bench-for:
     uuid: 4dd23c4a-5a7e-4917-82cf-d00e0f04482f
     name: CIS Docker Bench for Security
@@ -359,7 +359,7 @@ implementations:
     uuid: e76a395a-8d6a-4e25-a175-6cf25409b755
     name: Smartcard
     tags: []
-    url: https://d3fend.mitre.org/technique/d3f:Multi-factorAuthentication/
+    url: https://d3fend.mitre.org/technique/d3f:Multi-factorAuthentication/#
   yubikey:
     uuid: d5981117-9bc2-45ed-b4a4-383135dc13d8
     name: YubiKey
diff --git a/src/assets/YAML/generated/generated.yaml b/src/assets/YAML/generated/generated.yaml
