fix: de-duplicate API design validation

wurstbrot · wurstbrot · commit c6d82427ddc2 · 2024-08-17T17:07:11.000+02:00
diff --git a/src/assets/YAML/default/Implementation/DevelopmentAndSourceControl.yaml b/src/assets/YAML/default/Implementation/DevelopmentAndSourceControl.yaml
@@ -27,32 +27,6 @@ Implementation:
       isImplemented: false
       evidence: ""
       comments: ""
-    API design validation:
-      uuid: 948a4d51-ceb5-4ebd-bdc7-d74ea25e171c
-      risk: Creation of insecure or non-compliant API.
-      measure: |
-        Design contract-first APIs using an interface description language such as OpenAPI, AsyncAPI or SOAP
-        and validate the specification using specific tools.
-        Checks should be integrated in IDEs and CI/CD pipelines.
-      difficultyOfImplementation:
-        knowledge: 2
-        time: 2
-        resources: 2
-      usefulness: 4
-      level: 3
-      implementation:
-        - $ref: src/assets/YAML/default/implementations.yaml#/implementations/stoplight-spectral
-        - $ref: src/assets/YAML/default/implementations.yaml#/implementations/api-oas-checker
-      references:
-        samm2:
-          - V-ST-1-A
-        iso27001-2017:
-          - 14.2.1
-          - 14.2.5
-        iso27001-2022:
-          - 8.25 # Secure development lifecycle
-          - 8.27 # Secure system architecture and engineering principles
-          - 8.28 # Secure coding
     Require a PR before merging:
       uuid: e7598ac4-b082-4e56-b7df-e2c6b426a5e2
       risk: Intentional or accidental alterations in critical branches like main (or master).
diff --git a/src/assets/YAML/default/TestAndVerification/StaticDepthForApplications.yaml b/src/assets/YAML/default/TestAndVerification/StaticDepthForApplications.yaml
@@ -140,8 +140,8 @@ Test and Verification:
         knowledge: 2
         time: 2
         resources: 2
-      usefulness: 4
-      level: 2
+      usefulness: 3
+      level: 3
       implementation:
         - $ref: src/assets/YAML/default/implementations.yaml#/implementations/stoplight-spectral
         - $ref: src/assets/YAML/default/implementations.yaml#/implementations/api-oas-checker
@@ -158,7 +158,6 @@ Test and Verification:
       isImplemented: false
       dependsOn:
         - uuid:2a44b708-734f-4463-b0cb-86dc46344b2f # Inventory of production components
-      comments: ""
     Static analysis for all components/libraries:
       uuid: f4ff841d-3b2a-45d9-853e-5ec7ecbcb054
       risk: Used components like libraries and legacy applications might have vulnerabilities
