Add devcontainer and design docs

ctcampbell · ctcampbell · commit 1da96bdd4969 · 2023-04-26T22:29:39.000+01:00
diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
@@ -0,0 +1,4 @@
+{
+    "name": "Node.js",
+    "image": "mcr.microsoft.com/devcontainers/javascript-node:20-bullseye"
+}
diff --git a/design/implementation.md b/design/implementation.md
@@ -0,0 +1,7 @@
+### Useful Libraries etc. ###
+
+* https://github.com/microsoft/sarif-js-sdk
+* https://cwe.mitre.org/data/xml/views/1344.xml.zip
+* https://rgrove.github.io/parse-xml/
+* https://docs.sigstore.dev/cosign/overview/#quick-start
+
diff --git a/design/requirements.md b/design/requirements.md
@@ -0,0 +1,10 @@
+### Requirements ###
+
+* Input a SARIF file
+* Output a report detailing alerts that map to the OWASP Top 10 2021
+  * And include alerts that are above a configurable (default high) severity rating that are not in the OWASP Top 10 2021.
+* Allow to be run as an Action
+
+#### Stretch Goals ####
+
+* Allow timestamping via online service using hash of report

-Original file line number
+Diff line change
@@ @@ -0,0 +1,4 @@ @@
 +{
 +    "name": "Node.js",
 +    "image": "mcr.microsoft.com/devcontainers/javascript-node:20-bullseye"
 +}