CERTCC · ahouseholder · Aug 26, 2025 · Aug 19, 2025 · Aug 19, 2025 · Aug 19, 2025
@@ -29,19 +29,14 @@ jobs:
 
       - name: Install dependencies
         run: |
-          python -m pip install --upgrade pip
-          python -m pip install -r requirements.txt
-          python -m pip install linkchecker
-
-      - name: Install our python stuff
-        run: |
-          python -m pip install -e src
+          python -m pip install --upgrade pip uv
+          uv sync --dev --project src
 
       - name: Build Site
         run: |
-          mkdocs build --verbose --clean --config-file mkdocs.yml       
+          uv run --project=src mkdocs build --verbose --clean --config-file mkdocs.yml
 
       - name: Check links
         run: |
-          linkchecker site/index.html
+          uv run --project=src linkchecker site/index.html
 
@@ -27,16 +27,17 @@ jobs:
         python-version: "3.12"
     - name: Install dependencies
       run: |
-        python -m pip install --upgrade pip
-        pip install pytest build
-        if [ -f requirements.txt ]; then pip install -r requirements.txt; fi
+        python -m pip install --upgrade pip uv
+        uv sync --project=src --dev --frozen
+#        pip install pytest build
+#        if [ -f requirements.txt ]; then pip install -r requirements.txt; fi
 #    - uses: psf/black@stable
     - name: Test with pytest
       run: |
-        pytest
+        uv run --project=src pytest
     - name: Build
       run: |
-        python -m build src
+        uv build --project=src
     - name: Upload Artifacts
       uses: actions/upload-artifact@v4
       with:

@@ -1,37 +1,56 @@
 # Project-specific vars
 MKDOCS_PORT=8765
 DOCKER_DIR=docker
+PROJECT_DIR = ./src
+DOCKER_COMPOSE=docker-compose --project-directory $(DOCKER_DIR)
+UV_RUN=uv run --project $(PROJECT_DIR)
 
 # Targets
-.PHONY: all test docs docker_test clean help mdlint_fix up down regenerate_json
+.PHONY: all test docs api docker_test clean help mdlint_fix up down regenerate_json
+
 
 all: help
 
+dev:
+	@echo "Set up dev environment..."
+	uv sync --dev --project $(PROJECT_DIR)
+
 mdlint_fix:
 	@echo "Running markdownlint..."
 	markdownlint --config .markdownlint.yml --fix .
 
 test:
 	@echo "Running tests locally..."
-	pytest -v src/test
+	uv run --project $(PROJECT_DIR) pytest -v
 
 docker_test:
 	@echo "Building the latest test image..."
-	pushd $(DOCKER_DIR) && docker-compose build test
+	$(DOCKER_COMPOSE) build test
 	@echo "Running tests in Docker..."
-	pushd $(DOCKER_DIR) && docker-compose run --rm test
+	$(DOCKER_COMPOSE) run --rm test
+
+docs_local:
+	@echo "Building and running docs locally..."
+	$(UV_RUN) mkdocs serve
 
 docs:
 	@echo "Building and running docs in Docker..."
-	pushd $(DOCKER_DIR) && docker-compose up docs
+	$(DOCKER_COMPOSE) up docs
+
+api:
+	@echo "Building and running API in Docker..."
+	$(DOCKER_COMPOSE) up api
+
+api_dev:
+	$(UV_RUN) uvicorn ssvc.api.main:app --reload
 
 up:
 	@echo "Starting Docker services..."
-	pushd $(DOCKER_DIR) && docker-compose up -d
+	$(DOCKER_COMPOSE) up -d
 
 down:
 	@echo "Stopping Docker services..."
-	pushd $(DOCKER_DIR) && docker-compose down
+	$(DOCKER_COMPOSE) down
 
 regenerate_json:
 	@echo "Regenerating JSON files..."
@@ -40,20 +59,30 @@ regenerate_json:
 
 clean:
 	@echo "Cleaning up Docker resources..."
-	pushd $(DOCKER_DIR) && docker-compose down --rmi local || true
-
+	$(DOCKER_COMPOSE) down --rmi local || true
+	rm -rf $(PROJECT_DIR)/.venv $(PROJECT_DIR)/uv.lock
 help:
 	@echo "Usage: make [target]"
 	@echo ""
 	@echo "Targets:"
 	@echo " all         - Display this help message"
+
+	@echo " dev        - Set up development environment"
 	@echo " mdlint_fix  - Run markdownlint with fix"
 	@echo " test       - Run tests locally"
 	@echo " docker_test - Run tests in Docker"
+
 	@echo " docs       - Build and run documentation in Docker"
+	@echo " docs_local - Build and run documentation locally"
+
+	@echo " api        - Build and run API in Docker"
+	@echo " api_dev    - Run API locally with auto-reload"
+
 	@echo " up         - Start Docker services"
 	@echo " down       - Stop Docker services"
+
 	@echo " regenerate_json - Regenerate JSON files from python modules"
+
 	@echo " clean      - Clean up Docker resources"
 	@echo " help       - Display this help message"
 

@@ -0,0 +1,40 @@
+{
+  "namespace": "x_com.yahooinc#prioritized-risk-remediation",
+  "key": "PARANOIDS",
+  "version": "1.0.0",
+  "name": "theParanoids",
+  "description": "PrioritizedRiskRemediation outcome group based on TheParanoids.",
+  "schemaVersion": "2.0.0",
+  "values": [
+    {
+      "key": "5",
+      "name": "Track 5",
+      "description": "Track"
+    },
+    {
+      "key": "4",
+      "name": "Track Closely 4",
+      "description": "Track Closely"
+    },
+    {
+      "key": "3",
+      "name": "Attend 3",
+      "description": "Attend"
+    },
+    {
+      "key": "2",
+      "name": "Attend 2",
+      "description": "Attend"
+    },
+    {
+      "key": "1",
+      "name": "Act 1",
+      "description": "Act"
+    },
+    {
+      "key": "0",
+      "name": "Act ASAP 0",
+      "description": "Act ASAP"
+    }
+  ]
+}
@@ -0,0 +1,79 @@
+{
+  "namespace": "ssvc",
+  "key": "DT_PSI",
+  "version": "1.0.0",
+  "name": "Public Safety Impact",
+  "description": "Public Safety Impact Decision Table",
+  "schemaVersion": "2.0.0",
+  "decision_points": {
+    "ssvc:SI:2.0.0": {
+      "namespace": "ssvc",
+      "key": "SI",
+      "version": "2.0.0",
+      "name": "Safety Impact",
+      "description": "The safety impact of the vulnerability. (based on IEC 61508)",
+      "schemaVersion": "2.0.0",
+      "values": [
+        {
+          "key": "N",
+          "name": "Negligible",
+          "description": "Any one or more of these conditions hold.<br/><br/>- *Physical harm*: Minor injuries at worst (IEC 61508 Negligible).<br/>- *Operator resiliency*: Requires action by system operator to maintain safe system state as a result of exploitation of the vulnerability where operator actions would be well within expected operator abilities; OR causes a minor occupational safety hazard.<br/>- *System resiliency*: Small reduction in built-in system safety margins; OR small reduction in system functional capabilities that support safe operation.<br/>- *Environment*: Minor externalities (property damage, environmental damage, etc.) imposed on other parties.<br/>- *Financial*: Financial losses, which are not readily absorbable, to multiple persons.<br/>- *Psychological*: Emotional or psychological harm, sufficient to be cause for counselling or therapy, to multiple persons."
+        },
+        {
+          "key": "M",
+          "name": "Marginal",
+          "description": "Any one or more of these conditions hold.<br/><br/>- *Physical harm*: Major injuries to one or more persons (IEC 61508 Marginal).<br/>- *Operator resiliency*: Requires action by system operator to maintain safe system state as a result of exploitation of the vulnerability where operator actions would be within their capabilities but the actions require their full attention and effort; OR significant distraction or discomfort to operators; OR causes significant occupational safety hazard.<br/>- *System resiliency*: System safety margin effectively eliminated but no actual harm; OR failure of system functional capabilities that support safe operation.<br/>- *Environment*: Major externalities (property damage, environmental damage, etc.) imposed on other parties.<br/>- *Financial*: Financial losses that likely lead to bankruptcy of multiple persons.<br/>- *Psychological*: Widespread emotional or psychological harm, sufficient to be cause for counselling or therapy, to populations of people."
+        },
+        {
+          "key": "R",
+          "name": "Critical",
+          "description": "Any one or more of these conditions hold.<br/><br/>- *Physical harm*: Loss of life (IEC 61508 Critical).<br/>- *Operator resiliency*: Actions that would keep the system in a safe state are beyond system operator capabilities, resulting in adverse conditions; OR great physical distress to system operators such that they cannot be expected to operate the system properly.<br/>- *System resiliency*: Parts of the cyber-physical system break; system’s ability to recover lost functionality remains intact.<br/>- *Environment*: Serious externalities (threat to life as well as property, widespread environmental damage, measurable public health risks, etc.) imposed on other parties.<br/>- *Financial*: Socio-technical system (elections, financial grid, etc.) of which the affected component is a part is actively destabilized and enters unsafe state.<br/>- *Psychological*: N/A."
+        },
+        {
+          "key": "C",
+          "name": "Catastrophic",
+          "description": "Any one or more of these conditions hold.<br/><br/>- *Physical harm*: Multiple loss of life (IEC 61508 Catastrophic).<br/>- *Operator resiliency*: Operator incapacitated (includes fatality or otherwise incapacitated).<br/>- *System resiliency*: Total loss of whole cyber-physical system, of which the software is a part.<br/>- *Environment*: Extreme externalities (immediate public health threat, environmental damage leading to small ecosystem collapse, etc.) imposed on other parties.<br/>- *Financial*: Social systems (elections, financial grid, etc.) supported by the software collapse.<br/>- *Psychological*: N/A."
+        }
+      ]
+    },
+    "ssvc:PSI:2.0.1": {
+      "namespace": "ssvc",
+      "key": "PSI",
+      "version": "2.0.1",
+      "name": "Public Safety Impact",
+      "description": "A coarse-grained representation of impact to public safety.",
+      "schemaVersion": "2.0.0",
+      "values": [
+        {
+          "key": "M",
+          "name": "Minimal",
+          "description": "Safety Impact:Negligible"
+        },
+        {
+          "key": "S",
+          "name": "Significant",
+          "description": "Safety Impact:(Marginal OR Critical OR Catastrophic)"
+        }
+      ]
+    }
+  },
+  "outcome": "ssvc:PSI:2.0.1",
+  "mapping": [
+    {
+      "ssvc:SI:2.0.0": "N",
+      "ssvc:PSI:2.0.1": "M"
+    },
+    {
+      "ssvc:SI:2.0.0": "M",
+      "ssvc:PSI:2.0.1": "S"
+    },
+    {
+      "ssvc:SI:2.0.0": "R",
+      "ssvc:PSI:2.0.1": "S"
+    },
+    {
+      "ssvc:SI:2.0.0": "C",
+      "ssvc:PSI:2.0.1": "S"
+    }
+  ]
+}