Add Resource Inventory#33
Conversation
|
Recheck in EUCS and C5 which levels of manifestation exist and which are relevant. |
|
Some requirements from the EUCS:
But the first question is how we integrate an "inventory" into the ontology. Do you think it should be an Infrastructure resource @anatheka ? In practice, it could be a commercial inventory software or a cloud service. |
Yes, I believe you’re right—it could be either an infrastructure resource or a third-party tool/service. |
anatheka
left a comment
There was a problem hiding this comment.
I haven't looked at the ontology file. I do not understand why there are so many changes in one commit.
…ertification-Hub/security-metrics into 27-add-inventory-metrics
…ertification-Hub/security-metrics into 27-add-inventory-metrics
…ertification-Hub/security-metrics into 27-add-inventory-metrics
I'm not sure if this metric is sufficient. It’s possible that we may not have a discovery for a specific resource. In that case, the metric would appear compliant, but we would be missing that resource, which should classify the metric as non-compliant.
Another possibility is that the CSP or another provider has this inventory. In that scenario, we should consider adding a property to the Ontology and verifying it. This would be my preferred approach. @anatheka