security-report

Compare original and translation side by side

🇺🇸

Original

English

🇨🇳

Translation

Chinese

Security Report

安全报告

Generate security compliance reports using Harness Software Supply Chain (SCS) and Security Testing Orchestration (STO) via MCP.

通过MCP使用Harness Software Supply Chain (SCS)和Security Testing Orchestration (STO)生成安全合规报告。

Instructions

操作说明

Step 1: List Vulnerabilities

步骤1：列出漏洞

Call MCP tool: harness_list
Parameters:
  resource_type: "security_issue"
  org_id: "<organization>"
  project_id: "<project>"

调用MCP工具: harness_list
参数:
  resource_type: "security_issue"
  org_id: "<organization>"
  project_id: "<project>"

Step 2: Get Vulnerability Details

步骤2：获取漏洞详情

Call MCP tool: harness_get
Parameters:
  resource_type: "security_issue"
  resource_id: "<issue_id>"

调用MCP工具: harness_get
参数:
  resource_type: "security_issue"
  resource_id: "<issue_id>"

Step 3: List SBOMs

步骤3：列出SBOM

Call MCP tool: harness_list
Parameters:
  resource_type: "scs_sbom"
  org_id: "<organization>"
  project_id: "<project>"

调用MCP工具: harness_list
参数:
  resource_type: "scs_sbom"
  org_id: "<organization>"
  project_id: "<project>"

Step 4: Get SBOM Details

步骤4：获取SBOM详情

Call MCP tool: harness_get
Parameters:
  resource_type: "scs_sbom"
  resource_id: "<sbom_id>"

调用MCP工具: harness_get
参数:
  resource_type: "scs_sbom"
  resource_id: "<sbom_id>"

Step 5: Check Artifact Components

步骤5：检查工件组件

Call MCP tool: harness_list
Parameters:
  resource_type: "scs_artifact_component"
  org_id: "<organization>"
  project_id: "<project>"

调用MCP工具: harness_list
参数:
  resource_type: "scs_artifact_component"
  org_id: "<organization>"
  project_id: "<project>"

Step 6: Get Remediation Guidance

步骤6：获取修复指导

Call MCP tool: harness_list
Parameters:
  resource_type: "scs_artifact_remediation"
  org_id: "<organization>"
  project_id: "<project>"

调用MCP工具: harness_list
参数:
  resource_type: "scs_artifact_remediation"
  org_id: "<organization>"
  project_id: "<project>"

Step 7: Check Compliance

步骤7：检查合规性

Call MCP tool: harness_list
Parameters:
  resource_type: "scs_compliance_result"
  org_id: "<organization>"
  project_id: "<project>"

调用MCP工具: harness_list
参数:
  resource_type: "scs_compliance_result"
  org_id: "<organization>"
  project_id: "<project>"

Step 8: Manage Exemptions

步骤8：管理豁免

List existing exemptions:

Call MCP tool: harness_list
Parameters:
  resource_type: "security_exemption"
  org_id: "<organization>"
  project_id: "<project>"

Create an exemption:

Call MCP tool: harness_create
Parameters:
  resource_type: "security_exemption"
  org_id: "<organization>"
  project_id: "<project>"
  body: <exemption details>

Approve or revoke an exemption:

Call MCP tool: harness_execute
Parameters:
  resource_type: "security_exemption"
  action: "approve"    # or "revoke"
  resource_id: "<exemption_id>"

列出现有豁免:

调用MCP工具: harness_list
参数:
  resource_type: "security_exemption"
  org_id: "<organization>"
  project_id: "<project>"

创建豁免:

调用MCP工具: harness_create
参数:
  resource_type: "security_exemption"
  org_id: "<organization>"
  project_id: "<project>"
  body: <exemption details>

批准或撤销豁免:

调用MCP工具: harness_execute
参数:
  resource_type: "security_exemption"
  action: "approve"    # 或 "revoke"
  resource_id: "<exemption_id>"

Report Format

报告格式

undefined

undefined

Security Compliance Report

安全合规报告

Date: <date> Scope: <project/artifact>

日期: <date> 范围: <project/artifact>

Vulnerability Summary

漏洞摘要

Severity	Count	New	Fixed
Critical	X	X	X
High	X	X	X
Medium	X	X	X
Low	X	X	X

严重程度	数量	新增	已修复
关键	X	X	X
高	X	X	X
中	X	X	X
低	X	X	X

Top Critical Vulnerabilities

顶级关键漏洞

CVE-XXXX-XXXXX - <description> (Package: <name>)
- Remediation: Upgrade to version X.Y.Z

CVE-XXXX-XXXXX - <描述> (包: <名称>)
- 修复建议: 升级至版本 X.Y.Z

SBOM Status

SBOM状态

Artifacts with SBOMs: X/Y
Compliance checks passing: X/Y

生成SBOM的工件数量: X/Y
通过合规检查的数量: X/Y

Active Exemptions

有效豁免

X exemptions active, Y pending review

X项豁免有效，Y项待审核

Recommendations

建议

<prioritized fix action>
<next fix action>

undefined

<优先修复操作>
<后续修复操作>

undefined

Security Resource Types

安全资源类型

Resource Type	Operations	Description
`security_issue`	list, get	Vulnerabilities from scans
`security_exemption`	list, get, create, update	Exemption management
`scs_sbom`	list, get	Software Bill of Materials
`scs_artifact_component`	list	Components in artifacts
`scs_artifact_remediation`	list	Fix recommendations
`scs_compliance_result`	list	Policy compliance results
`scs_opa_policy`	list	OPA policy status

资源类型	操作	描述
`security_issue`	list, get	扫描发现的漏洞
`security_exemption`	list, get, create, update	豁免管理
`scs_sbom`	list, get	软件物料清单（SBOM）
`scs_artifact_component`	list	工件中的组件
`scs_artifact_remediation`	list	修复建议
`scs_compliance_result`	list	策略合规结果
`scs_opa_policy`	list	OPA策略状态

Examples

示例

"Generate security report for backend-service" - List security_issue filtered by service
"Show critical vulnerabilities" - List security_issue, filter by severity
"Download SBOM for api-service:v2.3" - Get scs_sbom by artifact
"Create exemption for CVE-2024-1234" - Create security_exemption

"为backend-service生成安全报告" - 按服务筛选列出security_issue
"显示关键漏洞" - 列出security_issue并按严重程度筛选
"下载api-service:v2.3的SBOM" - 按工件获取scs_sbom
"为CVE-2024-1234创建豁免" - 创建security_exemption

Performance Notes

性能说明

Gather the complete vulnerability list before summarizing. Do not report on partial scan results.
Cross-reference vulnerabilities with SBOM data for accurate component attribution.
Quality and accuracy of the security report is more important than speed.

在汇总前收集完整的漏洞列表，请勿基于部分扫描结果生成报告。
将漏洞与SBOM数据交叉引用，确保组件归属准确。
安全报告的质量和准确性比速度更重要。