Vulnerability Templates
Vulnerability Templates can be deployed using a simple directory structure.
These templates can be imported into the database using the import_vulnerability_templates
management command.
The default templates repository include a set of vulnerability templates. However, these templates are not required, you can also start from scratch and create your own templates using the UI or local files.
A vulnerability template needs an info.yaml
file which describes some metadata of the vulnerability.
An example of the default Broken Access Control vulnerability is shown below:
- id: broken-access-control
severity: high
references:
- https://cwe.mitre.org/data/definitions/284.html
cwe: 284
category: access-control
locale:
en:
name: Broken Access Control
de:
name: Fehlerhafte Zugriffskontrolle
A locale
directory contains a directory for multiple languages.
In the subdirectories, a description.md
and recommendation.md
file is required.
The default templates repo comes with a _template
directory, which is not imported into the PeCoReT database, but can be used as a template for your new vulnerability.