Merge pull request #105 from pbom-dev/oscar-content-2023-10

updating cicd related techniques

content/oscar/techniques/T0120 - Dependency Confusion.yaml

@@ -7,6 +7,7 @@ realm:
   - Artifact Security
   - Container Security
   - Open Source Security
+  - CI/CD Posture
 
 summary: Dependency confusion
 

content/oscar/techniques/T0121 - Compromised legitimate artifact.yaml

@@ -6,6 +6,7 @@ tactic: Resource Development
 realm: 
   - Container Security
   - Open Source Security
+  - CI/CD Posture
 
 summary: Compromised legitimate artifact
 

content/oscar/techniques/T0124 - Unencrypted data at rest.yaml

@@ -6,6 +6,7 @@ tactic: Collection
 realm: 
   - Cloud Security
   - Infrastructure as code
+  - CI/CD Posture
 
 summary: Unencrypted data at rest
 

content/oscar/techniques/T0125 - Unencrypted data at transit.yaml

@@ -6,6 +6,7 @@ tactic: Collection
 realm: 
   - Cloud Security
   - Infrastructure as code
+  - CI/CD Posture  
 
 summary: Unencrypted data in transit
 

content/oscar/techniques/T0128 - Permissive network access.yaml

@@ -6,6 +6,7 @@ tactic: Initial Access
 realm: 
   - Cloud Security
   - Infrastructure as code
+  - CI/CD Posture
 
 summary: Permissive network access
 

content/oscar/techniques/T0129 - Typosquatting.yaml

@@ -6,6 +6,7 @@ tactic: Initial Access
 realm: 
   - Container Security
   - Open Source Security
+  - CI/CD Posture
 
 summary: Typosquatting
 

content/oscar/techniques/T0134 - Add user.yaml

@@ -6,6 +6,7 @@ tactic: Persistence
 realm: 
   - CI/CD Posture
   - SCM Posture
+  - Cloud Security
 
 summary: Add user
 

content/oscar/techniques/T0137 - Weak authentication methods.yaml

@@ -7,6 +7,7 @@ realm:
   - Cloud Security
   - Code Security
   - Infrastructure as code
+  - CI/CD Posture
 
 summary: Weak authentication methods
 

content/oscar/techniques/T0138 - Backdoor in code.yaml

@@ -7,6 +7,7 @@ realm:
   - Code Security
   - Open Source Security
   - SCM Posture
+  - CI/CD Posture
 
 summary: Backdoor in code
 

content/oscar/techniques/T0145 - Bypass of outbound traffic control.yaml

@@ -5,6 +5,7 @@ tactic: Exfiltration
 
 realm: 
   - Cloud Security
+  - CI/CD Posture
 
 summary: Bypass of outbound traffic control
 

content/oscar/techniques/T0156 - Webhook.yaml

@@ -5,6 +5,7 @@ tactic: Exfiltration
 
 realm: 
   - SCM Posture
+  - CI/CD Posture
 
 summary: Exfiltration over webhooks
 

content/oscar/techniques/T0159 - Malicious artifact execution.yaml

@@ -6,6 +6,7 @@ tactic: Execution
 realm: 
   - Artifact Security
   - Open Source Security
+  - CI/CD Posture
 
 summary: Malicious artifact execution
 

content/oscar/techniques/T0169 - Push implants across repositories .yaml

@@ -6,6 +6,7 @@ tactic: Lateral Movement
 realm: 
   - Code Security
   - SCM Posture
+  - CI/CD Posture
 
 summary: Push implants across repositories 
 

content/oscar/techniques/T0176 - Misconfiguration of security measures.yaml

@@ -5,6 +5,7 @@ tactic: Defense Evasion
 
 realm: 
   - Cloud Security
+  - CI/CD Posture
 
 summary: Misconfigured security measures
 

content/oscar/techniques/T0182 - Bypass Review using admin permission.yaml

@@ -4,8 +4,8 @@ type: Technique
 tactic: Defense Evasion
 
 realm: 
-  - CI/CD Posture
   - SCM Posture
+  - Code Security
 
 summary: Bypass review using admin permission
 

content/oscar/techniques/T0189 - Secrets in configuration files.yaml

@@ -5,6 +5,7 @@ tactic: Credential Access
 
 realm:
   - Secrets Hygiene
+  - CI/CD Posture
 
 summary: Secrets in configuration files
 

content/oscar/techniques/T0193 - Sensitive information in environment variables.yaml

@@ -5,6 +5,7 @@ tactic: Collection
 
 realm: 
   - Cloud Security
+  - CI/CD Posture
 
 summary: Sensitive information in environment variables
 

content/oscar/techniques/T0196 - Backdoor in code.yaml

@@ -7,6 +7,7 @@ realm:
   - Code Security
   - Open Source Security
   - SCM Posture
+  - CI/CD Posture
 
 summary: Backdoor in code