GRC Store

Search / finos-ccc/ccc.build.th / v2026.06-rc3

Release · v2026.06-rc3

FINOS-CCC/CCC.Build.TH Threat Catalog

FINOS-CCC/CCC.Build.TH

Threats for Build technologies, as defined by the FINOS Common Cloud Controls project.

Published by FINOS Common Cloud Controls

Install

OCI v1.1
$grcli unpack --repository finos-ccc/ccc.build.th --tag v2026.06-rc3
Coordinate
oci.grc.store/finos-ccc/ccc.build.th:v2026.06-rc3
Manifest digest
sha256:e9d51cc44ca18b269753a278a0fe41dcf8ff53557fc3e69acedb945ae85da439

Provenance

1 layer
Digest Media type Size
95dd91083ea4… application/vnd.gemara.artifact.v1+yaml 3.3 KiB
Bundle config blob 
{
  "bundle-version": "1.0",
  "gemara-version": "v1.2.0",
  "metadata": {
    "provenance": {
      "buildDefinition": {
        "buildType": "https://grc.store/grcli/buildtype/v0",
        "externalParameters": {
          "artifact": {
            "id": "CCC.Build.TH",
            "type": "ThreatCatalog"
          },
          "target": {
            "registry": "oci.grc.store",
            "repository": "finos-ccc/ccc.build.th",
            "tag": "v2026.06-rc3"
          }
        },
        "internalParameters": {
          "CI": "true",
          "GITHUB_ACTIONS": "true",
          "GITHUB_ACTOR": "eddie-knight",
          "GITHUB_REF": "refs/heads/main",
          "GITHUB_REPOSITORY": "eddie-knight/common-cloud-controls",
          "GITHUB_RUN_ATTEMPT": "2",
          "GITHUB_RUN_ID": "26768391088",
          "GITHUB_SHA": "24594e28430c12318cacffe7fdda6a3ea272d975",
          "GITHUB_WORKFLOW": "Batch Release All Catalogs",
          "RUNNER_OS": "Linux"
        },
        "resolvedDependencies": [
          {
            "name": "artifacts/devtools/build/threats.yaml",
            "uri": "file://artifacts/devtools/build/threats.yaml",
            "digest": {
              "sha256": "95dd91083ea41c7b192dbb6c19ab605e8b1aa9d7036a3ea14f18676dac313b52"
            }
          },
          {
            "name": "source",
            "uri": "git+https://github.com/eddie-knight/common-cloud-controls@24594e28430c12318cacffe7fdda6a3ea272d975",
            "digest": {
              "gitCommit": "24594e28430c12318cacffe7fdda6a3ea272d975"
            }
          }
        ]
      },
      "runDetails": {
        "builder": {
          "id": "https://github.com/eddie-knight/common-cloud-controls/actions/runs/26768391088",
          "version": {
            "go": "go1.25.0",
            "go-arch": "amd64",
            "go-os": "linux",
            "grcli": "v0.2.2"
          }
        },
        "metadata": {
          "invocationId": "26768391088-2",
          "startedOn": "2026-06-01T16:44:31.276656318Z",
          "finishedOn": "2026-06-01T16:44:31.390216212Z"
        },
        "byproducts": [
          {
            "name": "threats.yaml",
            "digest": {
              "sha256": "95dd91083ea41c7b192dbb6c19ab605e8b1aa9d7036a3ea14f18676dac313b52"
            }
          }
        ]
      }
    }
  },
  "artifacts": [
    {
      "name": "threats.yaml",
      "type": "ThreatCatalog",
      "id": "CCC.Build.TH",
      "role": "artifact"
    }
  ]
}

CCC Build Threats

Threats for Build technologies, as defined by the FINOS Common Cloud Controls project.

ID
CCC.Build.TH
Version
v2026.06-rc3
Gemara version
v1.2.0
Author
FINOS Common Cloud Controls

Orchestration

The Orchestration group covers entries related to coordinating and managing workloads across distributed systems. This includes container orchestration, job scheduling, CI/CD pipelines, build automation, and service mesh management.

  1. CCC.Build.TH01 Unauthorized Build Execution

    Attackers may trigger builds using unauthorized build agents or external services, leading to unauthorized code execution or deployment of malicious code.

    Capabilities
    • CCC.Build.Capabilities
      • CCC.Build.CP01
      • CCC.Build.CP04

Access Control

The Access Control group covers entries related to authentication, authorization, and trust perimeter enforcement. This includes multi-factor authentication, least privilege access, network access rules, and prevention of unauthorized access or reconnaissance.

  1. CCC.Build.TH02 External Exposure of Build Environments

    If build environments have external network access, they may be accessed by unauthorized parties, leading to data exfiltration or tampering.

    Capabilities
    • CCC.Build.Capabilities
      • CCC.Build.CP03