GRC Store

Search / finos-ccc/ccc.build.th / v2026.06-rc5

Release · v2026.06-rc5

FINOS-CCC/CCC.Build.TH Threat Catalog

FINOS-CCC/CCC.Build.TH

Threats for Build technologies, as defined by the FINOS Common Cloud Controls project.

Published by FINOS Common Cloud Controls

Install

OCI v1.1
$grcli unpack --repository finos-ccc/ccc.build.th --tag v2026.06-rc5
Coordinate
oci.grc.store/finos-ccc/ccc.build.th:v2026.06-rc5
Manifest digest
sha256:2aca5db587f828b9507a6c19dbafbe83bb0dec422db3ded55ffae30f8ea5bd55

Provenance

1 layer
Digest Media type Size
26b980ec6b10… application/vnd.gemara.artifact.v1+yaml 3.3 KiB
Bundle config blob 
{
  "bundle-version": "1.0",
  "gemara-version": "v1.2.0",
  "metadata": {
    "provenance": {
      "buildDefinition": {
        "buildType": "https://grc.store/grcli/buildtype/v0",
        "externalParameters": {
          "artifact": {
            "id": "CCC.Build.TH",
            "type": "ThreatCatalog"
          },
          "target": {
            "registry": "oci.grc.store",
            "repository": "finos-ccc/ccc.build.th",
            "tag": "v2026.06-rc5"
          }
        },
        "internalParameters": {
          "CI": "true",
          "GITHUB_ACTIONS": "true",
          "GITHUB_ACTOR": "eddie-knight",
          "GITHUB_REF": "refs/heads/main",
          "GITHUB_REPOSITORY": "eddie-knight/common-cloud-controls",
          "GITHUB_RUN_ATTEMPT": "1",
          "GITHUB_RUN_ID": "26771723499",
          "GITHUB_SHA": "a9503345caf59a144d8ab9b4bede212b393ca56a",
          "GITHUB_WORKFLOW": "Batch Release All Catalogs",
          "RUNNER_OS": "Linux"
        },
        "resolvedDependencies": [
          {
            "name": "artifacts/devtools/build/threats.yaml",
            "uri": "file://artifacts/devtools/build/threats.yaml",
            "digest": {
              "sha256": "26b980ec6b10337013bf692cbcb662d1d4712974f77c945634447bca39805cf5"
            }
          },
          {
            "name": "source",
            "uri": "git+https://github.com/eddie-knight/common-cloud-controls@a9503345caf59a144d8ab9b4bede212b393ca56a",
            "digest": {
              "gitCommit": "a9503345caf59a144d8ab9b4bede212b393ca56a"
            }
          }
        ]
      },
      "runDetails": {
        "builder": {
          "id": "https://github.com/eddie-knight/common-cloud-controls/actions/runs/26771723499",
          "version": {
            "go": "go1.25.0",
            "go-arch": "amd64",
            "go-os": "linux",
            "grcli": "v0.2.2"
          }
        },
        "metadata": {
          "invocationId": "26771723499-1",
          "startedOn": "2026-06-01T17:47:44.967392966Z",
          "finishedOn": "2026-06-01T17:47:45.059231708Z"
        },
        "byproducts": [
          {
            "name": "threats.yaml",
            "digest": {
              "sha256": "26b980ec6b10337013bf692cbcb662d1d4712974f77c945634447bca39805cf5"
            }
          }
        ]
      }
    }
  },
  "artifacts": [
    {
      "name": "threats.yaml",
      "type": "ThreatCatalog",
      "id": "CCC.Build.TH",
      "role": "artifact"
    }
  ]
}

CCC Build Threats

Threats for Build technologies, as defined by the FINOS Common Cloud Controls project.

ID
CCC.Build.TH
Version
v2026.06-rc5
Gemara version
v1.2.0
Author
FINOS Common Cloud Controls

Orchestration

The Orchestration group covers entries related to coordinating and managing workloads across distributed systems. This includes container orchestration, job scheduling, CI/CD pipelines, build automation, and service mesh management.

  1. CCC.Build.TH01 Unauthorized Build Execution

    Attackers may trigger builds using unauthorized build agents or external services, leading to unauthorized code execution or deployment of malicious code.

    Capabilities
    • CCC.Build.Capabilities
      • CCC.Build.CP01
      • CCC.Build.CP04

Access Control

The Access Control group covers entries related to authentication, authorization, and trust perimeter enforcement. This includes multi-factor authentication, least privilege access, network access rules, and prevention of unauthorized access or reconnaissance.

  1. CCC.Build.TH02 External Exposure of Build Environments

    If build environments have external network access, they may be accessed by unauthorized parties, leading to data exfiltration or tampering.

    Capabilities
    • CCC.Build.Capabilities
      • CCC.Build.CP03