feat(security): expand canonical asset coverage
Some checks failed
CD Pipeline / workflow-shape (push) Successful in 0s
CD Pipeline / cancel-stale-cd (push) Has been skipped
CD Pipeline / tests (push) Successful in 4m3s
CD Pipeline / build-and-deploy (push) Failing after 10m5s
CD Pipeline / post-deploy-checks (push) Has been skipped
Some checks failed
CD Pipeline / workflow-shape (push) Successful in 0s
CD Pipeline / cancel-stale-cd (push) Has been skipped
CD Pipeline / tests (push) Successful in 4m3s
CD Pipeline / build-and-deploy (push) Failing after 10m5s
CD Pipeline / post-deploy-checks (push) Has been skipped
This commit is contained in:
File diff suppressed because it is too large
Load Diff
@@ -745,6 +745,9 @@ def build_iwooos_security_asset_control_plane(
|
||||
for row in automation_source
|
||||
if str(_value(row, "status", "")) == "failed"
|
||||
)
|
||||
# Aggregate stage receipts cannot prove that every stage belongs to one
|
||||
# trace. Keep strict runtime completion closed until a same-run join exists.
|
||||
same_run_closed_loop_proven = False
|
||||
|
||||
relationship_count = int(_value(relationship_row, "relationship_count", 0) or 0)
|
||||
orphan_asset_count = int(
|
||||
@@ -972,6 +975,39 @@ def build_iwooos_security_asset_control_plane(
|
||||
sum(domain["controlled_percent"] for domain in security_program_domains)
|
||||
/ len(security_program_domains)
|
||||
)
|
||||
strict_runtime_closure_percent = 100 if same_run_closed_loop_proven else 0
|
||||
completion_dimensions = [
|
||||
{
|
||||
"dimension_id": "asset_scope",
|
||||
"completion_percent": type_coverage_percent,
|
||||
},
|
||||
{
|
||||
"dimension_id": "nist_control",
|
||||
"completion_percent": overall_control_percent,
|
||||
},
|
||||
{
|
||||
"dimension_id": "security_program",
|
||||
"completion_percent": security_program_percent,
|
||||
},
|
||||
{
|
||||
"dimension_id": "siem_pipeline",
|
||||
"completion_percent": _percent(siem_observed_stages, len(_SIEM_STAGES)),
|
||||
},
|
||||
{
|
||||
"dimension_id": "ai_loop_stages",
|
||||
"completion_percent": _percent(
|
||||
observed_automation_stages, len(_AI_LOOP_STAGES)
|
||||
),
|
||||
},
|
||||
{
|
||||
"dimension_id": "strict_same_run_runtime_closure",
|
||||
"completion_percent": strict_runtime_closure_percent,
|
||||
},
|
||||
]
|
||||
overall_security_completion_percent = round(
|
||||
sum(row["completion_percent"] for row in completion_dimensions)
|
||||
/ len(completion_dimensions)
|
||||
)
|
||||
|
||||
return {
|
||||
"schema_version": _SCHEMA_VERSION,
|
||||
@@ -1012,6 +1048,9 @@ def build_iwooos_security_asset_control_plane(
|
||||
if domain["status"] == "controlled"
|
||||
),
|
||||
"security_program_controlled_percent": security_program_percent,
|
||||
"overall_security_completion_percent": (
|
||||
overall_security_completion_percent
|
||||
),
|
||||
"siem_stage_count": len(_SIEM_STAGES),
|
||||
"siem_observed_stage_count": siem_observed_stages,
|
||||
"siem_stage_coverage_percent": _percent(
|
||||
@@ -1031,6 +1070,13 @@ def build_iwooos_security_asset_control_plane(
|
||||
"compliance_dimensions": compliance,
|
||||
"nist_csf_functions": control_functions,
|
||||
"security_program_domains": security_program_domains,
|
||||
"completion": {
|
||||
"method": "equal_weighted_runtime_conservative_v1",
|
||||
"dimension_count": len(completion_dimensions),
|
||||
"overall_percent": overall_security_completion_percent,
|
||||
"strict_runtime_closure_percent": strict_runtime_closure_percent,
|
||||
"dimensions": completion_dimensions,
|
||||
},
|
||||
"siem": {**siem, "pipeline": siem_pipeline},
|
||||
"ai_automation": {
|
||||
"window_hours": _WINDOW_HOURS,
|
||||
@@ -1042,7 +1088,7 @@ def build_iwooos_security_asset_control_plane(
|
||||
"verified_remediation_receipt_count": verified_receipts,
|
||||
"rollback_receipt_count": rollback_receipts,
|
||||
"failed_operation_count": failed_operations,
|
||||
"same_run_closed_loop_proven": False,
|
||||
"same_run_closed_loop_proven": same_run_closed_loop_proven,
|
||||
"same_run_closed_loop_count": 0,
|
||||
},
|
||||
"security_audit": audit,
|
||||
@@ -1093,6 +1139,7 @@ def build_unavailable_iwooos_security_asset_control_plane(
|
||||
"security_program_domain_count": 16,
|
||||
"security_program_controlled_domain_count": 0,
|
||||
"security_program_controlled_percent": 0,
|
||||
"overall_security_completion_percent": 0,
|
||||
"siem_stage_count": len(_SIEM_STAGES),
|
||||
"siem_observed_stage_count": 0,
|
||||
"siem_stage_coverage_percent": 0,
|
||||
@@ -1175,6 +1222,23 @@ def build_unavailable_iwooos_security_asset_control_plane(
|
||||
("compliance_audit", "合規、稽核與證據保存"),
|
||||
)
|
||||
],
|
||||
"completion": {
|
||||
"method": "equal_weighted_runtime_conservative_v1",
|
||||
"dimension_count": 6,
|
||||
"overall_percent": 0,
|
||||
"strict_runtime_closure_percent": 0,
|
||||
"dimensions": [
|
||||
{"dimension_id": dimension_id, "completion_percent": 0}
|
||||
for dimension_id in (
|
||||
"asset_scope",
|
||||
"nist_control",
|
||||
"security_program",
|
||||
"siem_pipeline",
|
||||
"ai_loop_stages",
|
||||
"strict_same_run_runtime_closure",
|
||||
)
|
||||
],
|
||||
},
|
||||
"siem": {
|
||||
"pipeline": [
|
||||
{
|
||||
|
||||
Reference in New Issue
Block a user