Skip to main content

A Python implementation of the Stakeholder-Specific Vulnerability Categorization framework.

Project description

Python implementation of SSVC (Stakeholder-Specific Vulnerability Categorization)

Installation

From pypi.org pip install ssvc

From source

git clone https://github.com/chrisdlangton/py-cisa-ssvc.git
cd py-cisa-ssvc
python3.12 -m venv .venv
source .venv/bin/activate
pip install -U pip
pip install -e '.[dev]'

Example

To use SSVC:

  • Determine the exploitation status of the vulnerability
  • Assess the technical impact, considering the automatability
from ssvc import Decision, ExploitationLevel, Automatable, TechnicalImpact, MissionWellbeingImpact, DecisionAction
result = Decision(
    ExploitationLevel.POC,
    Automatable.YES,
    TechnicalImpact.PARTIAL,
    MissionWellbeingImpact.MEDIUM,
).outcome
assert result.impact == MissionWellbeingImpact.LOW, "SSVC decision should be LOW"
assert result.action == DecisionAction.TRACK, "SSVC decision should be TRACK"

Using strings also works

import ssvc

result: ssvc.DecisionOutcome = ssvc.Decision(
    exploitation='active',
    automatable='no',
    technical_impact='total',
    mission_wellbeing='high',
).outcome
assert result.impact == ssvc.MissionWellbeingImpact.HIGH, "SSVC decision should be HIGH"
assert result.action == ssvc.DecisionAction.ACT, "SSVC decision should be ACT"

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

ssvc-0.2.0.tar.gz (2.7 kB view hashes)

Uploaded Source

Built Distribution

ssvc-0.2.0-py3-none-any.whl (3.0 kB view hashes)

Uploaded Python 3

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page