Skip to content

davevs/pySCS

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

31 Commits

.gitbook/assets

.gitbook/assets

 
 

.github

.github

 
 

build/lib/pySCS

build/lib/pySCS

 
 

dist

dist

 
 

doc

doc

 
 

pySCS

pySCS

 
 

.gitattributes

.gitattributes

 
 

.gitignore

.gitignore

 
 

CONTRIBUTING.md

CONTRIBUTING.md

 
 

CONTRIBUTORS.md

CONTRIBUTORS.md

 
 

LICENSE

LICENSE

 
 

MANIFEST.in

MANIFEST.in

 
 

Makefile

Makefile

 
 

README.md

README.md

 
 

SUMMARY.md

SUMMARY.md

 
 

TODO

TODO

 
 

requirements-dev.txt

requirements-dev.txt

 
 

setup.cfg

setup.cfg

 
 

setup.py

setup.py

 
 

tox.ini

tox.ini

 
 

Repository files navigation

WARNING: this project is no longer maintained

Background:

pySCS is a heavily customized fork of pytm that tried to fix 2 things:

  • load threats from an excel file
  • run everything from python

pySCS is a pythonic framework to automate security control selection

Define your system in Python using the elements and properties described in the pySCS framework. Based on your definition, pySCS can generate a Data Flow Diagram (DFD), a Sequence Diagram, and a list of applicable controls to your system.

Requirements

  • Linux/MacOS/Windows 10
  • Python 3.x
  • Graphviz package

Python modules

  • pandas
  • pyplot
  • pypandoc
  • pillow

Usage

pySCS.py folder [-h] [--file FILENAME] [--debug] [--template TEMPLATE] [format FORMAT] [--list] [--listfull] [--describe DESCRIBE] 

required arguments:
  folder               location of model to process
  
optional arguments:
  -h, --help           show this help message and exit
  --file               filename of model to use (defaut is model.py)
  --debug              print debug messages
  --template TEMPLATE  output report using the specified markup template file
  --format FORMAT      choose html or pdf (html is default)
  --list               list used controls in model
  --listfull           same as --list but with full details
  --describe DESCRIBE  describe the contents of a given class

Models

Models are descriptions of your system written in python. As such they can be treated as any other piece of code. Models consist of the following components (with the graph counterpart in brackets):

  • Elements (nodes)
  • Dataflows (edges)
  • Boundaries (subgraphs)

Elements use the following hiarchy for inhereting properties:

Element
  +-Actor
  +-Dataflow
  +-System
      +-Server
      +-Datastore
      +-Process
      +-SetOfProcesses
      +-Dataflow
      +-ExternalEntity
      +-Lambda

The available properties of an element can be listed by using `--describe` followed by the name of an element.

Elements should at least contain the following properties:
* name
* description
* inBoundary

Controls

Controls are loaded via the csv files in the 'controls' folder. You can add your own lists by simply creating a csv file with the following structure:

ID;Description;Source;Target;Condition;Comments

Sample

The sample file provided in this repo contains a simple sample of a description; you can find it under 'models\sample\model.py'

Output

The tool creates a report containing a Dataflow Diagram (generated with pyplot)

An example Dataflow Diagram: dfd.png

The diagrams and findings can be included in the template to create a final report. The report is created with a markup template. A sample report is provided under 'templates'.

About

Security Control Selector

Resources

Readme

License

MIT license
Activity

Stars

3 stars

Watchers

32 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages