feat(cra): route secure-dev breadth to code_security (atom-grain)
Both network_security and code_security are now atom-grain. Per-sub_topic use_case routing: secure_development -> code_security (best for secure-dev findings), everything else -> network_security. Findings carry breadth_use_case so the source context (which atom corpus) is visible under the best-practice depth. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
Benjamin Admin
@@ -130,7 +130,8 @@ function FindingsTable({ findings }: { findings: CRAFinding[] }) {
|
||||
{f.regulatory_breadth && f.regulatory_breadth.length > 0 && (
|
||||
<div className="mt-2">
|
||||
<p className="text-[10px] text-gray-400 mb-1">
|
||||
Regulatorische Breite{f.sub_topic ? ` — ${f.sub_topic}` : ''} (NIST/ENISA/ISO-Quellen)
|
||||
Regulatorische Breite{f.sub_topic ? ` — ${f.sub_topic}` : ''}
|
||||
{f.breadth_use_case ? ` · ${f.breadth_use_case}` : ''} (NIST/OWASP/ENISA-Quellen)
|
||||
</p>
|
||||
<ul className="space-y-0.5">
|
||||
{f.regulatory_breadth.map((c) => (
|
||||
|
||||
@@ -58,6 +58,7 @@ function merge(live: any): CRADemo {
|
||||
measures: m.measures || [],
|
||||
evidence_type: m.evidence_type,
|
||||
sub_topic: m.sub_topic,
|
||||
breadth_use_case: m.breadth_use_case,
|
||||
regulatory_breadth: m.regulatory_breadth || [],
|
||||
priority_tier: m.priority_tier,
|
||||
priority_score: m.priority_score,
|
||||
|
||||
@@ -28,8 +28,9 @@ export interface CRAFinding {
|
||||
risk_level: string
|
||||
measures: string[]
|
||||
evidence_type?: string // code | process | hybrid | document — drives the remediation-class badge
|
||||
// network_security regulatory breadth (atom-grain shared Controls-API), live only
|
||||
// regulatory breadth (atom-grain shared Controls-API: network_security / code_security), live only
|
||||
sub_topic?: string
|
||||
breadth_use_case?: string
|
||||
regulatory_breadth?: { control_id: string; title: string; source_regulation: string; severity?: string }[]
|
||||
// priority layer (set live by the backend prioritizer; optional in the static fallback)
|
||||
priority_tier?: string
|
||||
|
||||
@@ -38,10 +38,22 @@ _REQ_TO_SUBTOPIC = {
|
||||
}
|
||||
|
||||
|
||||
# Which atom-grain use_case is most relevant per sub_topic. Both network_security
|
||||
# and code_security are atom-grain; secure-dev is best served by code_security.
|
||||
_SUBTOPIC_TO_USECASE = {
|
||||
"secure_development": "code_security",
|
||||
}
|
||||
_DEFAULT_USECASE = "network_security"
|
||||
|
||||
|
||||
def subtopic_for(req_id: str):
|
||||
return _REQ_TO_SUBTOPIC.get(req_id)
|
||||
|
||||
|
||||
def usecase_for(sub_topic: str) -> str:
|
||||
return _SUBTOPIC_TO_USECASE.get(sub_topic, _DEFAULT_USECASE)
|
||||
|
||||
|
||||
def enrich_findings_with_breadth(mapped: list, db, limit: int = 5) -> None:
|
||||
"""Attach `sub_topic` + `regulatory_breadth` (atom controls) to each finding.
|
||||
|
||||
@@ -55,15 +67,19 @@ def enrich_findings_with_breadth(mapped: list, db, limit: int = 5) -> None:
|
||||
m["sub_topic"] = st
|
||||
if not st:
|
||||
m["regulatory_breadth"] = []
|
||||
m["breadth_use_case"] = None
|
||||
continue
|
||||
if st not in cache:
|
||||
uc = usecase_for(st)
|
||||
m["breadth_use_case"] = uc
|
||||
key = (uc, st)
|
||||
if key not in cache:
|
||||
try:
|
||||
res = svc.controls_for_use_case("network_security", sub_topic=st, limit=limit)
|
||||
cache[st] = [
|
||||
res = svc.controls_for_use_case(uc, sub_topic=st, limit=limit)
|
||||
cache[key] = [
|
||||
{"control_id": c.get("control_id"), "title": c.get("title"),
|
||||
"source_regulation": c.get("source_regulation"), "severity": c.get("severity")}
|
||||
for c in res.get("controls", [])
|
||||
]
|
||||
except Exception:
|
||||
cache[st] = []
|
||||
m["regulatory_breadth"] = cache[st]
|
||||
cache[key] = []
|
||||
m["regulatory_breadth"] = cache[key]
|
||||
|
||||
Reference in New Issue
Block a user