Included feedback from PR.

Added tags (scannig, sca, ...)

Author: vbakke

src/assets/YAML/default/BuildAndDeployment/Build.yaml

@@ -160,6 +160,7 @@ Build and Deployment:
           - 5.9
           - 5.12
       isImplemented: false
+      tags: ["inventory", "scanning", "sca"]
       evidence: ""
       comments: ""
     Signing of artifacts:

src/assets/YAML/default/BuildAndDeployment/Deployment.yaml

@@ -241,6 +241,8 @@ Build and Deployment:
       tags:
         - inventory
         - sbom
+        - scanning
+        - sca
     Inventory of production components:
       uuid: 2a44b708-734f-4463-b0cb-86dc46344b2f
       description: |

src/assets/YAML/default/BuildAndDeployment/PatchManagement.yaml

@@ -225,7 +225,7 @@ Build and Deployment:
       comments: ""
       tags:
         - patching
-    Automated merge of automated PRs: &automerge-PR
+    Automated merge of automated PRs:
       uuid: f2594f8f-1cd6-45f9-af29-eaf3315698eb
       description: |-
         Automated merges of automated created PRs for outdated dependencies.

src/assets/YAML/default/InformationGathering/Logging.yaml

@@ -37,7 +37,7 @@ Information Gathering:
         Locally stored system logs can be manipulated by attackers unauthorized or might be corrupt or lost after an incident. In addition, it is hard to perform aggregation of logs.
       measure: |
         - Implement a centralized logging solution for all critical systems.
-        - System logs must be securely transmitted and stored in a central repository, protected from unauthorized access and modification.
+        - System logs must be stored in a central repository, protected from unauthorized access and modification.
         - Ensure that log collection is automated and covers all relevant system events.
       level: 1
       difficultyOfImplementation:

src/assets/YAML/default/TestAndVerification/Consolidation.yaml

@@ -180,6 +180,7 @@ Test and Verification:
           - Not explicitly covered by ISO 27001 - too specific
           - 5.27
       isImplemented: false
+      tags: ["false-positive", "defect-management", "scanning", "sca", "sats", "dast"]
       evidence: ""
       comments: ""
     Artifact-based false positive treatment:
@@ -221,7 +222,7 @@ Test and Verification:
         iso27001-2022:
           - 5.25
           - 5.27
-      tags: ["false-positive", "defect-management"]
+      tags: ["false-positive", "defect-management", "scanning", "sca", "sats", "dast"]
     Simple visualization of defects:
       uuid: 55f4c916-3a34-474d-ad96-9a9f7a4f6a83
       risk:

src/assets/YAML/default/TestAndVerification/StaticDepthForApplications.yaml

@@ -379,6 +379,7 @@ Test and Verification:
         iso27001-2022:
           - 8.8
       isImplemented: false
+      tags: ["defect-management", "sca"]
       evidence: ""
       comments: ""
     Software Composition Analysis (server side):
@@ -414,6 +415,7 @@ Test and Verification:
           - 8.8
       tags:
         - vmm-testing
+      tags: ["false-positive", "defect-management", "scanning", "sca", "sats", "dast"]
     Usage of multiple analyzers:
       uuid: 297be001-8d94-41ee-ab29-207020d423c0
       risk:

src/assets/YAML/default/TestAndVerification/StaticDepthForInfrastructure.yaml

@@ -53,6 +53,7 @@ Test and Verification:
         iso27001-2022:
           - 8.8
       isImplemented: false
+      tags: ["scanning", "sca"]
       evidence: ""
       comments: ""
     Test for malware: