Criteria

Criteria is a common component that maps different security standards into a unified set of security requirements and vulnerabilities used by Fluid Attacks.

Criteria is published in a machine-readable YAML format and is used by:

Help
Integrates
Skims

Public Oath

Fluid Attacks will publish a machine-readable YAML file that contains the security requirements and vulnerabilities that Fluid Attacks uses to evaluate the security of a system.

Architecture

Criteria is managed as-code using YAML documents in order to make the information easily accessible to automated programs.
When a developer changes the data, a pipeline that validates it against a given JSON schema is triggered.
Other software can import criteria data directly. Note that for instance, Docs consumes this information and transforms it into the online version of Criteria.

Contributing

Please read the contributing page first.