Finding Flowcharts To Feed Severity Ratings

[TrimarcJake]

In order to build out automated severity ratings, we need to know what the severities are first! Then we can build code to match. These should help.

[github-actions[bot]]

🦙 MegaLinter status: ⚠️ WARNING

Descriptor	Linter	Files	Fixed	Errors	Elapsed time
⚠️ COPYPASTE	jscpd	yes		16	2.02s
⚠️ EDITORCONFIG	editorconfig-checker	42		1	0.46s
⚠️ MARKDOWN	markdownlint	9		22	1.37s
⚠️ MARKDOWN	markdown-link-check	9		9	2.13s
✅ MARKDOWN	markdown-table-formatter	9		0	0.28s
⚠️ POWERSHELL	powershell	25		17	38.03s
✅ POWERSHELL	powershell_formatter	25		0	24.92s
⚠️ REPOSITORY	checkov	yes		1	12.95s
✅ REPOSITORY	gitleaks	yes		no	0.44s
✅ REPOSITORY	git_diff	yes		no	0.01s
✅ REPOSITORY	grype	yes		no	13.43s
✅ REPOSITORY	secretlint	yes		no	0.94s
✅ REPOSITORY	trivy	yes		no	5.14s
✅ REPOSITORY	trivy-sbom	yes		no	1.47s
✅ REPOSITORY	trufflehog	yes		no	7.19s
⚠️ SPELL	cspell	43		287	9.46s

See detailed report in MegaLinter reports _Set VALIDATE_ALL_CODEBASE: true in mega-linter.yml to validate all sources, not only the diff_

_MegaLinter is graciously provided by _

[SamErde]

Nice! The docs and visuals should help a lot. I haven't had a chance to review the actual flow for each severity evaluation yet, but the rest looks great.

One question: would it be worth creating a future-proof 'Docs' folder that contains 'Flowcharts' as well as any future documentation that is created (or generated with platyPS)?

[TrimarcJake]

I think the flowcharts are just a starting point, so if you like the way they look, we should merge them. We can iterate on them as we build more subtle rating methods.

"Docs" does make more sense, tho! Maybe a structure like this:

~/iCloud Drive/Development/PowerShell/Locksmith/Docs finding-flowcharts* ⇣
❯ tree
.
└── Flowcharts
    ├── Auditing.md
    ├── ESC1.md
    ├── ESC2.md
    ├── ESC3.md
    ├── ESC4.md
    ├── ESC5.md
    ├── ESC6.md
    └── ESC8.md

[techspence]

Really nice work. I think these flowcharts are a great addition to the project! Question: Do we think having a key or a glossary to explain some of these terms may be useful to folks not super familiar with these concepts? Or maybe just clarify what we mean? Such as BuiltIn/PKI Admin, AD Admin. It may be utterly trivial, just thinking edge cases with terminology.

[TrimarcJake]

Really nice work. I think these flowcharts are a great addition to the project! Question: Do we think having a key or a glossary to explain some of these terms may be useful to folks not super familiar with these concepts? Or maybe just clarify what we mean? Such as BuiltIn/PKI Admin, AD Admin. It may be utterly trivial, just thinking edge cases with terminology.

Yeah, I think a glossary is a great idea now that we have a Docs folder! :D