Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

diff --sensitivity flag #619

Open
tstromberg opened this issue Nov 13, 2024 · 0 comments
Open

diff --sensitivity flag #619

tstromberg opened this issue Nov 13, 2024 · 0 comments
Labels
enhancement New feature or request

Comments

@tstromberg
Copy link
Collaborator

Now that we've improved rule categorization by moving to the MITRE Malware Behavior Catalog, I'm interested in adding a --sensitivity flag that CI/CD pipelines can use to adjust how noisy mal diff is in CI/CD pipelines based on the context of what kind of update is being processed. Here's my initial thinking:

--sensitivity=(1|file): show diff only if file risk changes. Obsoletes --file-risk-change.
--sensitivity=(2|major): show diff if top-level namespace (objective) changes.
--sensitivity=(3|minor): show diff only if second-level namespace (resource) changes
--sensitivity=(4|patch): show diff if 3rd-level namespace (technique) changes
--sensitivity=(5|full) show diff if anything changes

For example, Wolfi knows the versions on both sides of the update: we can use to keep the noise low for major version changes (1.0 -> 2.0), and dial the sensitivity up for subsequent minor releases (2.0->2.0.1). For simple epoch changes, we can dial the sensitivity up to 5.

As part of this, we should rename --file-risk-increase to something like --increased-risk

cc @egibs @hectorj2f @tdunlap607 for thoughts.

@tstromberg tstromberg added the enhancement New feature or request label Nov 13, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

No branches or pull requests

1 participant