Merge branch 'dev' into feature/OPT-792

.github/workflows/semgrep.yml

@@ -17,4 +17,43 @@ jobs:
 
     steps:
       - uses: actions/checkout@v3
-      - run: semgrep ci --config=p/owasp-top-ten --config=p/cwe-top-25 --config=p/gitleaks -q --exclude="tests" --exclude="*/tests" --skip-unknown-extensions --suppress-errors
+
+      - id: semgrep
+        run: semgrep ci --config=p/owasp-top-ten --config=p/cwe-top-25 --config=p/gitleaks -q --exclude="tests" --exclude="*/tests" --skip-unknown-extensions --suppress-errors
+        continue-on-error: true
+
+      - name: Get branch name (merge)
+        if: github.event_name != 'pull_request'
+        run: echo "BRANCH_NAME=$(echo ${GITHUB_REF#refs/heads/} | tr / -)" >> $GITHUB_ENV
+
+      - name: Get branch name (pull request)
+        if: github.event_name == 'pull_request'
+        run: echo "BRANCH_NAME=${{ github.event.pull_request.base.ref }}" >> $GITHUB_ENV
+
+      - name: Set failure message vars
+        if: steps.semgrep.outcome == 'failure'
+        run: echo "icon=fire" >> $GITHUB_ENV
+
+      - name: Set success message vars
+        if: steps.semgrep.outcome == 'success'
+        run: echo "icon=checkered_flag" >> $GITHUB_ENV
+
+      - name: Format Branch name
+        shell: bash
+        run: echo "BRANCH_NAME=${BRANCH_NAME^^}" >> $GITHUB_ENV
+
+      - name: Semgrep report to Slack
+        if: ${{ env.BRANCH_NAME }} == 'DEV' || ${{ env.BRANCH_NAME }} == 'MAIN'
+        id: slack-report
+        uses: slackapi/slack-github-action@e28cf165c92ffef168d23c5c9000cffc8a25e117 #v1.24.0
+        with:
+          payload: |
+            {
+              "text": ":${{ env.icon }}: Semgrep-Startleft-${{ env.BRANCH_NAME }} vulnerability test result: ${{ steps.semgrep.outcome }} <https://github.com/${{github.repository}}/actions/runs/${{github.run_id}}|Pipeline logs>"
+            }
+        env:
+           SLACK_WEBHOOK_URL: ${{ secrets.SLACK_NOTIFICATION_WEBHOOK_URL }}
+
+      - name: Stop if Semgrep finds a vulnerability
+        if: steps.semgrep.outcome == 'failure'
+        run: exit 1

docs/startleft-processors/external-threat-model/mtmt/MTMT-Mapping.md

@@ -14,25 +14,36 @@ Let's see how to identify the different elements:
 
 
 ## Trustzones
-For the TrustZones we need to write two fields: ``label`` and ``id``
+For the TrustZones we need to write two fields: ``label`` and ``type``
 
-The label will identify the MTMT TrustZone by its type. 
+The label will identify the MTMT TrustZone by its MTMT type or by its name. 
 
 Let's see an example with a TrustZone in the MTMT_example.tm7:
 
 ![](img/MTMT_example.png)
 
-Our TrustZone named ``Internet`` is of ``Generic Trust Border Boundary`` type.
+Our ``Generic Trust Border Boundary`` TrustZone is named ``Internet``.
+
 
 
 
 ![](img/mtmt_generic_trust_boundary.png)
 
-So we need to put this
-type in the label value.
+We can map it by either of the two: ``Generic Trust Border Boundary`` (MTMT type) or ``Internet`` (MTMT name).
+
+```yaml
+  - label: Generic Trust Border Boundary
+    type:  6376d53e-6461-412b-8e04-7b3fe2b397de
+```
+or
+```yaml
+  - label: Internet
+    type:  6376d53e-6461-412b-8e04-7b3fe2b397de
+```
+---
 
 The type in the mapping file will be the type in the OTM trust zone output.
-In this example, the `Generic Trust Border Boundary` source trust zones
+In this example, the `Generic Trust Border Boundary` source trust zone
 will be mapped to a OTM trust zone which type will be the value of the `type`
 in our mapping file.
 
@@ -59,7 +70,7 @@ The TrustZone OTM output will be:
     }]}
 ```
 
-In case we have two trust zones with the same type, the OTM will have two trust zones
+In case we have two trust zones with the same MTMT type (e.g: ``Generic Trust Border Boundary``), the OTM will have two trust zones
 with the same type but different id. In the mapping file is enough having mapped once:
 ```yaml
   - label: Generic Trust Border Boundary