{"id":37080320,"url":"https://github.com/seppzer0/atternio","last_synced_at":"2026-01-14T09:45:06.066Z","repository":{"id":139241450,"uuid":"609718653","full_name":"seppzer0/atternio","owner":"seppzer0","description":"[PoC] Prioritize CWE records according to CAPEC patterns. Mirrored from: https://gitlab.com/seppzer0/atternio","archived":true,"fork":false,"pushed_at":"2023-11-23T16:32:59.000Z","size":173,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-11-22T05:20:25.304Z","etag":null,"topics":["capec","cwe","prioritizing"],"latest_commit_sha":null,"homepage":"https://pypi.org/project/atternio","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/seppzer0.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2023-03-05T02:39:11.000Z","updated_at":"2024-03-19T15:34:37.000Z","dependencies_parsed_at":"2023-11-23T17:34:54.994Z","dependency_job_id":null,"html_url":"https://github.com/seppzer0/atternio","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/seppzer0/atternio","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/seppzer0%2Fatternio","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/seppzer0%2Fatternio/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/seppzer0%2Fatternio/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/seppzer0%2Fatternio/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/seppzer0","download_url":"https://codeload.github.com/seppzer0/atternio/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/seppzer0%2Fatternio/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28416120,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-14T08:38:59.149Z","status":"ssl_error","status_checked_at":"2026-01-14T08:38:43.588Z","response_time":107,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["capec","cwe","prioritizing"],"created_at":"2026-01-14T09:45:05.581Z","updated_at":"2026-01-14T09:45:06.049Z","avatar_url":"https://github.com/seppzer0.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# atternio\n\natternio is a PoC tool powered by [flawfinder](https://github.com/david-a-wheeler/flawfinder) that is designed to prioritize CWE identificators according to [MITRE CAPEC](https://capec.mitre.org) dictionary.\n\nThe data used for conducting this procedure is open source CAPEC data provided in the form of JSON (STIX 2.x) files.\n\n## Contents\n\n- [atternio](#atternio)\n  - [Contents](#contents)\n  - [Algorithm](#algorithm)\n  - [Usage](#usage)\n  - [Installation](#installation)\n    - [From PyPI (recommended)](#from-pypi-recommended)\n    - [Local from source](#local-from-source)\n    - [No installation, direct run from source](#no-installation-direct-run-from-source)\n\n## Algorithm\n\natternio receives a path to C/C++ sources as an input, which is then passed to flawfinder for finding out CWEs.\n\nEach CWE identificator is searched through CAPEC data to determine the attack patterns (CAPEC-IDs) it can be a part of.\n\nWhen analyzing CAPEC data, the following metrics are taken into account:\n\n- severity (`x_capec_severity`);\n- likelihood (`x_capec_likelihood_of_attack`).\n\nAn individual CWE can be found in multiple CAPEC patterns.\n\nFor each CWE (CWE-ID) in a CAPEC pattern (CAPEC-ID) risk points are calculated using the following formula:\n\n```text\ncwe_risk = severity + likelihood\n```\n\nEach CAPEC-ID can contain multiple detected CWE-IDs:\n\n```text\ncapec_risk = sum(cwe_risk)\n```\n\nFinally, the total number of risk points:\n\n```text\ntotal_risk = sum(capec_risk)\n```\n\nWhen the risk enumeration is complete, the tool will output 2 tables:\n\n- **CWE Records** - all CWEs detected with their location in provided sources;\n- **Prioritized CWE Records** - prioritized CWEs with related CAPECs and percentage of shared risk.\n\n## Usage\n\n```help\n$ python3 -m atternio --help\nusage: [-h] --source PATH_INPUT [--install-dictionary] [-o OUTPUT] [--results]\n\nAtternio - a PoC tool for CWE prioritization according to MITRE CAPEC dictionary.\n\noptions:\n  -h, --help            show this help message and exit\n  --source PATH_INPUT   path to file or directory\n  --install-dictionary  if CAPEC dictionary is not present, install it automatically\n  -o OUTPUT, --output OUTPUT\n                        path to output file\n  --results             show only RESULTS section\n ```\n\n## Installation\n\n### From PyPI (recommended)\n\nTo install latest atternio package from PyPI, use:\n\n```sh\npython3 -m pip install atternio\n```\n\n### Local from source\n\nTo install and debug atternio locally, in the root of repository use:\n\n```sh\npython3 -m pip install -e .\n```\n\n### No installation, direct run from source\n\nTo run atternio without any installation into local cache, in the root of repository use:\n\n```sh\nexport PYTHONPATH=$(pwd)\npython3 -m poetry install --no-root\npython3 atternio \u003carguments\u003e\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fseppzer0%2Fatternio","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fseppzer0%2Fatternio","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fseppzer0%2Fatternio/lists"}