|
375 | 375 | ], |
376 | 376 | "created_at": "2024-01-17T14:00:00Z", |
377 | 377 | "modified_at": "2024-01-17T14:00:00Z", |
378 | | - "uri": "https://example.com/docs/security-policy.pdf" |
| 378 | + "uri": "https://example.com/docs/security-policy.pdf", |
| 379 | + "include_in_report": true |
379 | 380 | } |
380 | 381 | }, |
381 | 382 | "BaseDiagram": { |
|
464 | 465 | "nullable": true, |
465 | 466 | "description": "Optional description of the diagram", |
466 | 467 | "pattern": "^[^<>\\x00-\\x08\\x0B\\x0C\\x0E-\\x1F]*$" |
| 468 | + }, |
| 469 | + "include_in_report": { |
| 470 | + "type": "boolean", |
| 471 | + "description": "Whether this item should be included in generated reports", |
| 472 | + "default": true |
467 | 473 | } |
468 | 474 | }, |
469 | 475 | "required": [ |
|
485 | 491 | "name": "System Architecture", |
486 | 492 | "description": "High-level system architecture diagram", |
487 | 493 | "created_at": "2024-01-15T10:00:00Z", |
488 | | - "modified_at": "2024-01-15T10:00:00Z" |
| 494 | + "modified_at": "2024-01-15T10:00:00Z", |
| 495 | + "include_in_report": true |
489 | 496 | } |
490 | 497 | }, |
491 | 498 | "BaseDiagramInput": { |
|
544 | 551 | "nullable": true, |
545 | 552 | "description": "Optional description of the diagram", |
546 | 553 | "pattern": "^[^\\x00-\\x08\\x0B\\x0C\\x0E-\\x1F]*$" |
| 554 | + }, |
| 555 | + "include_in_report": { |
| 556 | + "type": "boolean", |
| 557 | + "description": "Whether this item should be included in generated reports", |
| 558 | + "default": true |
547 | 559 | } |
548 | 560 | }, |
549 | 561 | "required": [ |
|
559 | 571 | "example": { |
560 | 572 | "type": "DFD-1.0.0", |
561 | 573 | "name": "New Architecture Diagram", |
562 | | - "description": "Draft architecture for microservices migration" |
| 574 | + "description": "Draft architecture for microservices migration", |
| 575 | + "include_in_report": true |
563 | 576 | } |
564 | 577 | }, |
565 | 578 | "DfdDiagram": { |
|
628 | 641 | "width": 140, |
629 | 642 | "height": 70 |
630 | 643 | } |
631 | | - ] |
| 644 | + ], |
| 645 | + "include_in_report": true |
632 | 646 | }, |
633 | 647 | "description": "Data Flow Diagram with cells, edges, and visual styling for JointJS rendering" |
634 | 648 | }, |
|
695 | 709 | "width": 60, |
696 | 710 | "height": 60 |
697 | 711 | } |
698 | | - ] |
| 712 | + ], |
| 713 | + "include_in_report": true |
699 | 714 | }, |
700 | 715 | "description": "Input schema for creating or updating a Data Flow Diagram" |
701 | 716 | }, |
|
1232 | 1247 | "modified_at": "2024-01-16T09:00:00Z", |
1233 | 1248 | "threat_type": [ |
1234 | 1249 | "spoofing" |
1235 | | - ] |
| 1250 | + ], |
| 1251 | + "include_in_report": true |
1236 | 1252 | }, |
1237 | 1253 | "description": "A security threat identified during threat modeling, with severity, status, and mitigation details" |
1238 | 1254 | }, |
|
1605 | 1621 | }, |
1606 | 1622 | "nullable": true, |
1607 | 1623 | "additionalProperties": false |
| 1624 | + }, |
| 1625 | + "include_in_report": { |
| 1626 | + "type": "boolean", |
| 1627 | + "description": "Whether this item should be included in generated reports", |
| 1628 | + "default": true |
1608 | 1629 | } |
1609 | 1630 | }, |
1610 | 1631 | "required": [ |
|
1622 | 1643 | "description": "Data flow diagram showing payment processing flow", |
1623 | 1644 | "created_at": "2025-01-15T10:30:00Z", |
1624 | 1645 | "modified_at": "2025-01-15T14:22:00Z", |
1625 | | - "image": null |
| 1646 | + "image": null, |
| 1647 | + "include_in_report": true |
1626 | 1648 | } |
1627 | 1649 | }, |
1628 | 1650 | "TMListItem": { |
|
2721 | 2743 | }, |
2722 | 2744 | "minItems": 1, |
2723 | 2745 | "maxItems": 10 |
| 2746 | + }, |
| 2747 | + "include_in_report": { |
| 2748 | + "type": "boolean", |
| 2749 | + "description": "Whether this item should be included in generated reports", |
| 2750 | + "default": true |
2724 | 2751 | } |
2725 | 2752 | }, |
2726 | 2753 | "required": [ |
|
2742 | 2769 | "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", |
2743 | 2770 | "score": 9.8 |
2744 | 2771 | } |
2745 | | - ] |
| 2772 | + ], |
| 2773 | + "include_in_report": true |
2746 | 2774 | } |
2747 | 2775 | }, |
2748 | 2776 | "ThreatInput": { |
|
2766 | 2794 | ], |
2767 | 2795 | "threat_type": [ |
2768 | 2796 | "spoofing" |
2769 | | - ] |
| 2797 | + ], |
| 2798 | + "include_in_report": true |
2770 | 2799 | } |
2771 | 2800 | }, |
2772 | 2801 | "User": { |
|
2947 | 2976 | ], |
2948 | 2977 | "created_at": "2024-01-15T10:00:00Z", |
2949 | 2978 | "modified_at": "2024-01-15T10:00:00Z", |
2950 | | - "uri": "https://github.com/example/repo" |
| 2979 | + "uri": "https://github.com/example/repo", |
| 2980 | + "include_in_report": true |
2951 | 2981 | } |
2952 | 2982 | }, |
2953 | 2983 | "Note": { |
|
3152 | 3182 | "maxLength": 128, |
3153 | 3183 | "nullable": true, |
3154 | 3184 | "pattern": "^[^\\x00-\\x1F]*$" |
| 3185 | + }, |
| 3186 | + "include_in_report": { |
| 3187 | + "type": "boolean", |
| 3188 | + "description": "Whether this item should be included in generated reports", |
| 3189 | + "default": true |
3155 | 3190 | } |
3156 | 3191 | }, |
3157 | 3192 | "example": { |
3158 | 3193 | "name": "Payment Database", |
3159 | 3194 | "type": "data", |
3160 | 3195 | "description": "PostgreSQL database storing customer payment information", |
3161 | | - "criticality": "high" |
| 3196 | + "criticality": "high", |
| 3197 | + "include_in_report": true |
3162 | 3198 | } |
3163 | 3199 | }, |
3164 | 3200 | "AssetInput": { |
|
3171 | 3207 | "example": { |
3172 | 3208 | "name": "User Database", |
3173 | 3209 | "type": "data", |
3174 | | - "description": "Primary database storing user credentials" |
| 3210 | + "description": "Primary database storing user credentials", |
| 3211 | + "include_in_report": true |
3175 | 3212 | } |
3176 | 3213 | }, |
3177 | 3214 | "DocumentBase": { |
|
3208 | 3245 | "binding": "required,url" |
3209 | 3246 | }, |
3210 | 3247 | "pattern": "^[a-zA-Z][a-zA-Z0-9+.-]*://[^\\s]*$" |
| 3248 | + }, |
| 3249 | + "include_in_report": { |
| 3250 | + "type": "boolean", |
| 3251 | + "description": "Whether this item should be included in generated reports", |
| 3252 | + "default": true |
3211 | 3253 | } |
3212 | 3254 | }, |
3213 | 3255 | "example": { |
3214 | 3256 | "name": "Payment System Architecture", |
3215 | 3257 | "uri": "https://docs.example.com/architecture/payment-system.pdf", |
3216 | | - "description": "High-level architecture diagram and documentation" |
| 3258 | + "description": "High-level architecture diagram and documentation", |
| 3259 | + "include_in_report": true |
3217 | 3260 | } |
3218 | 3261 | }, |
3219 | 3262 | "DocumentInput": { |
|
3234 | 3277 | "value": "SecureTest Inc" |
3235 | 3278 | } |
3236 | 3279 | ], |
3237 | | - "uri": "https://example.com/docs/security-policy.pdf" |
| 3280 | + "uri": "https://example.com/docs/security-policy.pdf", |
| 3281 | + "include_in_report": true |
3238 | 3282 | } |
3239 | 3283 | }, |
3240 | 3284 | "NoteBase": { |
|
3271 | 3315 | "maxLength": 1024, |
3272 | 3316 | "nullable": true, |
3273 | 3317 | "pattern": "^[^<>\\x00-\\x08\\x0B\\x0C\\x0E-\\x1F]*$" |
| 3318 | + }, |
| 3319 | + "include_in_report": { |
| 3320 | + "type": "boolean", |
| 3321 | + "description": "Whether this item should be included in generated reports", |
| 3322 | + "default": true |
3274 | 3323 | } |
3275 | 3324 | }, |
3276 | 3325 | "example": { |
3277 | 3326 | "name": "Security Review Notes", |
3278 | | - "content": "Reviewed payment flow with security team. Key findings:\n- Need additional input validation\n- Consider rate limiting on payment endpoint" |
| 3327 | + "content": "Reviewed payment flow with security team. Key findings:\n- Need additional input validation\n- Consider rate limiting on payment endpoint", |
| 3328 | + "include_in_report": true |
3279 | 3329 | } |
3280 | 3330 | }, |
3281 | 3331 | "NoteInput": { |
|
3287 | 3337 | ], |
3288 | 3338 | "example": { |
3289 | 3339 | "name": "Security Analysis Notes", |
3290 | | - "content": "Initial security analysis of the authentication flow." |
| 3340 | + "content": "Initial security analysis of the authentication flow.", |
| 3341 | + "include_in_report": true |
3291 | 3342 | } |
3292 | 3343 | }, |
3293 | 3344 | "NoteListItem": { |
|
3347 | 3398 | "description": "Last modification timestamp (RFC3339)", |
3348 | 3399 | "readOnly": true, |
3349 | 3400 | "pattern": "^[0-9]*-[0-9]*-[0-9]*T[0-9]*:[0-9]*:[0-9]*(\\.[0-9]*)?(Z|[+-][0-9]*:[0-9]*)$" |
| 3401 | + }, |
| 3402 | + "include_in_report": { |
| 3403 | + "type": "boolean", |
| 3404 | + "description": "Whether this item should be included in generated reports", |
| 3405 | + "default": true |
3350 | 3406 | } |
3351 | 3407 | }, |
3352 | 3408 | "additionalProperties": false, |
3353 | 3409 | "example": { |
3354 | 3410 | "id": "ff0e8400-e29b-41d4-a716-44665544000a", |
3355 | 3411 | "name": "Security Review Notes", |
3356 | 3412 | "created_at": "2024-01-17T14:30:00Z", |
3357 | | - "modified_at": "2024-01-17T15:00:00Z" |
| 3413 | + "modified_at": "2024-01-17T15:00:00Z", |
| 3414 | + "include_in_report": true |
3358 | 3415 | } |
3359 | 3416 | }, |
3360 | 3417 | "RepositoryBase": { |
|
3428 | 3485 | "description": "URL to retrieve the referenced source code", |
3429 | 3486 | "maxLength": 1000, |
3430 | 3487 | "pattern": "^[a-zA-Z][a-zA-Z0-9+.-]*://[^\\s]*$" |
| 3488 | + }, |
| 3489 | + "include_in_report": { |
| 3490 | + "type": "boolean", |
| 3491 | + "description": "Whether this item should be included in generated reports", |
| 3492 | + "default": true |
3431 | 3493 | } |
3432 | 3494 | }, |
3433 | 3495 | "example": { |
3434 | 3496 | "uri": "https://github.com/example/payment-service", |
3435 | | - "description": "Main repository for payment processing service" |
| 3497 | + "description": "Main repository for payment processing service", |
| 3498 | + "include_in_report": true |
3436 | 3499 | } |
3437 | 3500 | }, |
3438 | 3501 | "RepositoryInput": { |
|
3453 | 3516 | "value": "Security" |
3454 | 3517 | } |
3455 | 3518 | ], |
3456 | | - "uri": "https://github.com/example/repo" |
| 3519 | + "uri": "https://github.com/example/repo", |
| 3520 | + "include_in_report": true |
3457 | 3521 | } |
3458 | 3522 | }, |
3459 | 3523 | "WebhookSubscription": { |
|
13599 | 13663 | "threat_model_id": "550e8400-e29b-41d4-a716-446655440000", |
13600 | 13664 | "created_at": "2025-01-15T10:30:00Z", |
13601 | 13665 | "modified_at": "2025-01-15T14:45:00Z", |
13602 | | - "metadata": [] |
| 13666 | + "metadata": [], |
| 13667 | + "include_in_report": true |
13603 | 13668 | }, |
13604 | 13669 | { |
13605 | 13670 | "id": "550e8400-e29b-41d4-a716-446655440004", |
|
13615 | 13680 | "threat_model_id": "550e8400-e29b-41d4-a716-446655440000", |
13616 | 13681 | "created_at": "2025-01-15T11:00:00Z", |
13617 | 13682 | "modified_at": "2025-01-15T11:00:00Z", |
13618 | | - "metadata": [] |
| 13683 | + "metadata": [], |
| 13684 | + "include_in_report": true |
13619 | 13685 | } |
13620 | 13686 | ], |
13621 | 13687 | "total": 2, |
|
14213 | 14279 | ], |
14214 | 14280 | "threat_type": [ |
14215 | 14281 | "tampering" |
14216 | | - ] |
| 14282 | + ], |
| 14283 | + "include_in_report": true |
14217 | 14284 | } |
14218 | 14285 | } |
14219 | 14286 | } |
|
0 commit comments