Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
27 commits
Select commit Hold shift + click to select a range
b08321d
feat:add issue template
chaksaray Apr 14, 2026
68df3cf
doc: add 5 new AVE records (#2)
chaksaray Apr 19, 2026
e24df47
feat: add new ave rule records (#4)
chaksaray Apr 19, 2026
62f10b5
chore: resolve add/add conflict — keep develop AVE records 00004-00008
chaksaray Apr 19, 2026
4e7b31e
refactor: add number of ave display badge (#6)
chaksaray Apr 19, 2026
c858d7e
records: add AVE-2026-00009 through 00015 — full 15/15 attack class c…
chaksaray Apr 20, 2026
140953c
docs: update ave number badge
chaksaray Apr 20, 2026
2df3a9c
feat: AVE records 16-40 — 25 new agentic attack classes (#10)
chaksaray Apr 25, 2026
1db1da0
fix: updage ave record badge number
chaksaray Apr 25, 2026
68b9bc0
feat: Add 5 new ave rules (#13)
chaksaray May 3, 2026
186e4bb
fix: conflict
chaksaray May 3, 2026
8c50921
feat: add OWASP MCP Top 10 mapping (#15)
chaksaray May 3, 2026
9e7dd0b
feat: migrate to OWASP AIVSS (#17)
chaksaray May 12, 2026
32311c3
fix: resolve conflicts on the records
chaksaray May 12, 2026
da892b2
feat: add 3 new ave records (#19)
chaksaray May 16, 2026
8cf96e5
chore: resolve readme
chaksaray May 16, 2026
ce855cb
chore: release v1.0.0 — canonical schema, governance, registry, cross…
chaksaray Jun 18, 2026
3621055
chore: update badge
chaksaray Jun 18, 2026
d10536e
feat: add Backfills evidence description (#24)
chaksaray Jun 21, 2026
5cd16a9
fix: resolve conflic
chaksaray Jun 21, 2026
f8623ed
chore: Add governance (#26)
chaksaray Jun 24, 2026
822c46e
chore: update eve implementer section
chaksaray Jun 24, 2026
38b6cf0
AVE v1.1.0: vendor-neutral schema migration + 5 new critical/high rec…
chaksaray Jul 11, 2026
ae9da8b
Phase 0 hygiene: CI scanning, crosswalk regeneration, packaging fixes…
chaksaray Jul 12, 2026
1d991ae
AVE hotfix: vendor boilerplate + ASI/ATLAS mappings (52-56) (#39)
chaksaray Jul 13, 2026
c18a2ac
resolve confict
chaksaray Jul 13, 2026
22805e5
fix: update ave logo url (#47)
chaksaray Jul 15, 2026
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions .github/ISSUE_TEMPLATE/01_ave_submission.md
Original file line number Diff line number Diff line change
Expand Up @@ -34,8 +34,8 @@ assignees: ''
attack_class:
severity: (estimate — CRITICAL / HIGH / MEDIUM / LOW)
owasp_mcp: [MCPxx]
owasp_mapping: [ASIxx] (if applicable)
mitre_atlas_mapping: [AML.Txxxx] (if applicable)
owasp_asi: [ASIxx] (if applicable)
mitre_atlas: [AML.Txxxx] (if applicable)
detection_layer: content | server_card | registry_metadata | runtime | transport
detection_stage: static_detection | runtime_observed
evidence_basis_engines: [pattern | yara | semgrep | llm | sandbox]
Expand Down
4 changes: 2 additions & 2 deletions .github/ISSUE_TEMPLATE/03_schema_change.md
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
---
name: Schema change proposal
about: Propose a change to ave-record-1.0.0.schema.json
about: Propose a change to ave-record-1.1.0.schema.json
title: "[SCHEMA] <brief description>"
labels: schema
assignees: ''
Expand All @@ -21,7 +21,7 @@ assignees: ''

## Migration path for existing records

<!-- How will the 48 existing records be updated? Can this be done with an automated script? -->
<!-- How will the 51 existing records be updated? Can this be done with an automated script? -->

## Impact on consumers

Expand Down
22 changes: 22 additions & 0 deletions .github/dependabot.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
version: 2
updates:
- package-ecosystem: "npm"
directory: "/"
schedule:
interval: "weekly"
labels:
- "dependencies"

- package-ecosystem: "pip"
directory: "/"
schedule:
interval: "weekly"
labels:
- "dependencies"

- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "weekly"
labels:
- "dependencies"
6 changes: 3 additions & 3 deletions .github/pull_request_template.md
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@
### For new AVE record submissions

- [ ] Linked issue confirms the id and that this is a new class, not a variant
- [ ] Record validates against `schema/ave-record-1.0.0.schema.json`
- [ ] Record validates against `schema/ave-record-1.1.0.schema.json`
- [ ] All 15 required fields are present and non-empty
- [ ] `behavioral_fingerprint` is one clear sentence describing what the component DOES
- [ ] `indicators_of_compromise` has at least one entry a defender can actually search for
Expand All @@ -51,8 +51,8 @@
### For schema changes

- [ ] Issue opened first with 30-day comment period completed (structural changes only)
- [ ] `schema/ave-record-1.0.0.schema.json` updated
- [ ] New versioned schema file added (e.g. `schema/ave-record-1.1.0.schema.json`)
- [ ] `schema/ave-record.schema.json` (alias) updated to mirror the new canonical
- [ ] New versioned schema file added (e.g. `schema/ave-record-1.2.0.schema.json`) — prior versioned files stay frozen, never edited
- [ ] CHANGELOG.md updated
- [ ] Migration path for existing records documented

Expand Down
40 changes: 40 additions & 0 deletions .github/workflows/codeql.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
name: CodeQL

on:
push:
branches: ["main", "develop"]
pull_request:
branches: ["main", "develop"]
schedule:
- cron: '17 3 * * 2'

permissions: read-all

jobs:
analyze:
name: Analyze (${{ matrix.language }})
runs-on: ubuntu-latest
permissions:
security-events: write
packages: read
actions: read
contents: read

strategy:
fail-fast: false
matrix:
language: ["python", "javascript"]

steps:
- name: Checkout repository
uses: actions/checkout@v4

- name: Initialize CodeQL
uses: github/codeql-action/init@v3
with:
languages: ${{ matrix.language }}

- name: Perform CodeQL analysis
uses: github/codeql-action/analyze@v3
with:
category: "/language:${{ matrix.language }}"
21 changes: 21 additions & 0 deletions .github/workflows/dependency-review.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
name: Dependency review

on:
pull_request:
branches: ["main", "develop"]

permissions:
contents: read

jobs:
dependency-review:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4

- name: Dependency review
uses: actions/dependency-review-action@v4
with:
fail-on-severity: moderate
comment-summary-in-pr: always
45 changes: 45 additions & 0 deletions .github/workflows/scorecard.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,45 @@
name: Scorecard supply-chain security

on:
branch_protection_rule:
schedule:
- cron: '30 1 * * 6'
push:
branches: ["main"]

permissions: read-all

jobs:
analysis:
name: Scorecard analysis
runs-on: ubuntu-latest
permissions:
security-events: write
id-token: write
contents: read
actions: read

steps:
- name: Checkout code
uses: actions/checkout@v4
with:
persist-credentials: false

- name: Run analysis
uses: ossf/scorecard-action@v2.4.0
with:
results_file: results.sarif
results_format: sarif
publish_results: true

- name: Upload SARIF artifact
uses: actions/upload-artifact@v4
with:
name: SARIF file
path: results.sarif
retention-days: 5

- name: Upload to code-scanning
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: results.sarif
28 changes: 28 additions & 0 deletions .github/workflows/secret-scan.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
name: Secret scan

on:
pull_request:
branches: ["main", "develop"]
push:
branches: ["main", "develop"]

permissions:
contents: read

jobs:
gitleaks:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
fetch-depth: 0

# Runs the gitleaks CLI directly (AGPL-3.0, free) rather than gitleaks/gitleaks-action,
# whose v2 wrapper now requires a paid license for GitHub Organization accounts
# ("[org] is an organization. License key is required.") -- the underlying tool has
# no such restriction, only the maintained wrapper action added one.
- name: Run gitleaks
uses: docker://zricethezav/gitleaks:latest
with:
args: detect --source=/github/workspace --config=/github/workspace/.gitleaks.toml --redact --verbose
37 changes: 37 additions & 0 deletions .github/workflows/tests.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
name: Tests

on:
push:
branches: ["main", "develop"]
pull_request:
branches: ["main", "develop"]

permissions:
contents: read

jobs:
test:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4

- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: "3.11"

- name: Install dependencies
run: pip install -e ".[dev]"

- name: Validate all records against the schema
run: python scripts/validate_records.py

- name: Check every rule has positive and negative fixtures
run: python scripts/check_fixtures.py

- name: Check every record has a detection rule
run: python scripts/check_rule_coverage.py

- name: Run tests with coverage (rules/)
run: pytest tests/ -x -q --cov=rules --cov-report=term-missing --cov-fail-under=95
1 change: 1 addition & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -7,3 +7,4 @@ docs/agents/handoffs/
.env
.DS_Store
node_modules/
.coverage
12 changes: 12 additions & 0 deletions .gitleaks.toml
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
title = "gitleaks config for bawbel/ave"

# Extend the default gitleaks ruleset rather than replace it.
[extend]
useDefault = true

[allowlist]
description = "AVE test fixtures intentionally contain credential-shaped strings as positive-detection test data (e.g. AVE-2026-00047, hardcoded-credential detection). These are fake values, not real secrets. Covers both the generated fixture files and scripts/generate-rules-and-fixtures.js, the generator script that embeds the same synthetic values as a template."
paths = [
'''tests/fixtures/.*''',
'''scripts/generate-rules-and-fixtures\.js''',
]
3 changes: 2 additions & 1 deletion ARCHITECTURE.md
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,8 @@ the rules that implement detection, and the validation tooling.
records/ AVE record JSON files — the standard's data
schema/ JSON schema the records validate against
ave-record.schema.json alias — always points to current
ave-record-1.0.0.schema.json versioned canonical — permanent
ave-record-1.1.0.schema.json versioned canonical — current, permanent
ave-record-1.0.0.schema.json versioned canonical — frozen, permanent
rules/ Detection rule implementations
├── pattern/ Regex pattern rules (Python)
├── yara/ YARA rules (.yar)
Expand Down
Loading
Loading