UNPKG

ssvc

Version:

TypeScript implementation of SSVC (Stakeholder-Specific Vulnerability Categorization). A prioritization framework to triage CVE vulnerabilities as an alternative or compliment to CVSS

github.com/trivialsec/typescript-ssvc

trivialsec/typescript-ssvc

91 lines (79 loc) 3.07 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
/** * SSVC TypeScript Library * * Stakeholder-Specific Vulnerability Categorization with Plugin Architecture */ // Export core functionality export { Decision, PluginRegistry, SSVCPlugin, SSVCDecision, SSVCOutcome } from './core'; // Export plugins export { CISAPlugin } from './plugins/cisa'; export { CoordinatorTriagePlugin } from './plugins/coordinator_triage'; export { CoordinatorPublicationPlugin } from './plugins/coordinator_publication'; export { SupplierPlugin } from './plugins/supplier'; export { DeployerPlugin } from './plugins/deployer'; // Auto-register built-in plugins import { PluginRegistry, Decision } from './core'; import { CISAPlugin } from './plugins/cisa'; import { CoordinatorTriagePlugin } from './plugins/coordinator_triage'; import { CoordinatorPublicationPlugin } from './plugins/coordinator_publication'; import { SupplierPlugin } from './plugins/supplier'; import { DeployerPlugin } from './plugins/deployer'; // Register plugins on module load const registry = PluginRegistry.getInstance(); registry.register(new CISAPlugin()); registry.register(new CoordinatorTriagePlugin()); registry.register(new CoordinatorPublicationPlugin()); registry.register(new SupplierPlugin()); registry.register(new DeployerPlugin()); // Export legacy compatibility (deprecated) export * from './decision'; // Convenience functions export function createDecision(methodology: string, options: Record<string, any> = {}) { return new Decision(methodology, options); } export function listMethodologies(): string[] { return PluginRegistry.getInstance().list().map(plugin => plugin.name); } // Re-export generated plugin types for advanced usage (with prefixes to avoid conflicts) export { ExploitationStatus as CISAExploitationStatus, AutomatableStatus as CISAAutomatableStatus, TechnicalImpactLevel as CISATechnicalImpactLevel, MissionWellbeingImpactLevel as CISAMissionWellbeingImpactLevel, DecisionCisa, OutcomeCisa } from './plugins/cisa-generated'; export { ReportPublicStatus, SupplierContactedStatus, ReportCredibilityLevel, SupplierCardinalityLevel, SupplierEngagementLevel, UtilityLevel as CoordinatorUtilityLevel, PublicSafetyImpactLevel, DecisionCoordinatorTriage, OutcomeCoordinatorTriage } from './plugins/coordinator_triage-generated'; export { SupplierInvolvementLevel, ExploitationStatus as PublicationExploitationStatus, PublicValueAddedLevel, DecisionCoordinatorPublication, OutcomeCoordinatorPublication } from './plugins/coordinator_publication-generated'; export { ExploitationStatus as SupplierExploitationStatus, UtilityLevel as SupplierUtilityLevel, TechnicalImpactLevel as SupplierTechnicalImpactLevel, PublicSafetyImpactLevel as SupplierPublicSafetyImpactLevel, DecisionSupplier, OutcomeSupplier } from './plugins/supplier-generated'; export { ExploitationStatus as DeployerExploitationStatus, SystemExposureLevel, UtilityLevel as DeployerUtilityLevel, HumanImpactLevel, DecisionDeployer, OutcomeDeployer } from './plugins/deployer-generated';