UNPKG

ssvc

Version:

TypeScript implementation of SSVC (Stakeholder-Specific Vulnerability Categorization). A prioritization framework to triage CVE vulnerabilities as an alternative or compliment to CVSS

github.com/trivialsec/typescript-ssvc

trivialsec/typescript-ssvc

118 lines (97 loc) 4.78 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
/** * SSVC TypeScript Library * * Stakeholder-Specific Vulnerability Categorization with Plugin Architecture */ // Export core functionality export { Decision, PluginRegistry, SSVCDecision, SSVCOutcome, SSVCPlugin, AuditableDecision } from './core'; // Export plugins export { AILLMTriagePlugin } from './plugins/ai-llm-triage'; export { CISAPlugin } from './plugins/cisa'; export { CoordinatorPublicationPlugin } from './plugins/coordinator_publication'; export { CoordinatorTriagePlugin } from './plugins/coordinator_triage'; export { DeployerPlugin } from './plugins/deployer'; export { EngineerTriagePlugin } from './plugins/engineer_triage'; export { SupplierPlugin } from './plugins/supplier'; // Auto-register built-in plugins import { Decision, PluginRegistry } from './core'; import { AILLMTriagePlugin } from './plugins/ai-llm-triage'; import { CISAPlugin } from './plugins/cisa'; import { CoordinatorPublicationPlugin } from './plugins/coordinator_publication'; import { CoordinatorTriagePlugin } from './plugins/coordinator_triage'; import { DeployerPlugin } from './plugins/deployer'; import { EngineerTriagePlugin } from './plugins/engineer_triage'; import { SupplierPlugin } from './plugins/supplier'; // Register plugins on module load const registry = PluginRegistry.getInstance(); registry.register(new CISAPlugin()); registry.register(new CoordinatorTriagePlugin()); registry.register(new CoordinatorPublicationPlugin()); registry.register(new SupplierPlugin()); registry.register(new DeployerPlugin()); registry.register(new EngineerTriagePlugin()); registry.register(new AILLMTriagePlugin()); // Export legacy compatibility (deprecated) export * from './decision'; // Convenience functions export function createDecision(methodology: string, options: Record<string, any> = {}) { return new Decision(methodology, options); } export function listMethodologies(): string[] { return PluginRegistry.getInstance().list().map(plugin => plugin.name); } // Re-export generated plugin types for advanced usage (with prefixes to avoid conflicts) export { AutomatableStatus as CISAAutomatableStatus, ExploitationStatus as CISAExploitationStatus, MissionWellbeingImpactLevel as CISAMissionWellbeingImpactLevel, TechnicalImpactLevel as CISATechnicalImpactLevel, DecisionCisa, OutcomeCisa } from './plugins/cisa-generated'; export { UtilityLevel as CoordinatorUtilityLevel, DecisionCoordinatorTriage, OutcomeCoordinatorTriage, PublicSafetyImpactLevel, ReportCredibilityLevel, ReportPublicStatus, SupplierCardinalityLevel, SupplierContactedStatus } from './plugins/coordinator_triage-generated'; export { DecisionCoordinatorPublication, OutcomeCoordinatorPublication, ExploitationStatus as PublicationExploitationStatus, PublicValueAddedLevel, SupplierInvolvementLevel } from './plugins/coordinator_publication-generated'; export { DecisionSupplier, OutcomeSupplier, ExploitationStatus as SupplierExploitationStatus, PublicSafetyImpactLevel as SupplierPublicSafetyImpactLevel, TechnicalImpactLevel as SupplierTechnicalImpactLevel, UtilityLevel as SupplierUtilityLevel } from './plugins/supplier-generated'; export { DecisionDeployer, ExploitationStatus as DeployerExploitationStatus, UtilityLevel as DeployerUtilityLevel, HumanImpactLevel, OutcomeDeployer, SystemExposureLevel } from './plugins/deployer-generated'; export { ExploitationStatus as AILLMExploitationStatus, ApplicationAttackVector, DecisionAiLlmTriage, DeployerAttackVector, OutcomeAiLlmTriage, StakeholderRole, UserAttackVector } from './plugins/ai_llm_triage-generated'; export { DecisionEngineerTriage, OutcomeEngineerTriage, Reachability, RemediationOption, MitigationOption, ReportedPriority } from './plugins/engineer_triage-generated'; // Runtime YAML Evaluation API (completely isolated from generated plugins) export * as Runtime from './runtime'; // Evidence Mapping and Data-Driven Evaluation System export * from './evidence/types'; export * from './mapping/types'; export * from './audit/types'; // Configuration and Building export { MethodologyConfigBuilder, DataSourceFactory } from './mapping/config'; // Data-Driven Evaluation Engine export { DataDrivenEvaluator } from './evaluator/data-driven'; export { DataExtractor } from './evaluator/extractor'; export { TransformEngine, CommonTransforms, RuleValidator } from './evaluator/transformer'; export { DataValidator } from './evaluator/validator'; // Simple User-Facing API export { SSVCEvaluator, quickEvaluate, quickValidate, SimpleEvaluationResult, SimpleValidationResult } from './api/simple'; // Auditable Decision Wrapper export { AuditableDecisionWrapper, AuditableDecisionFactory, AuditableDecisionUtils } from './audit/wrapper';