ezavgorodniy
commented
2 weeks ago I commented at #52 and I think your request would be possible to fulfil with something similar to https://github.com/Threagile/threagile/blob/master/pkg/risks/scripts/accidental-secret-leak.yaml
I am wondering if there is a good example of implementing custom rules to enforce (local) organizational policies? For example, technology X with tag Y should have whatever property or communication link and output custom risk, which could be applied to all models.
I've dug through the code and noticed that there are some Yaml artifacts suggesting that there is a move away from code to Yaml defined policies. I would absolutely love to hear more about this approach, since the documentation is a little scarce.
I think this may also relate to: https://github.com/Threagile/threagile/issues/52