feat: initial version

.gitignore

@@ -0,0 +1,83 @@
+# Covers JetBrains IDEs: IntelliJ, RubyMine, PhpStorm, AppCode, PyCharm, CLion, Android Studio, WebStorm and Rider
+# Reference: https://intellij-support.jetbrains.com/hc/en-us/articles/206544839
+
+# Exclude dot-env file
+.env
+
+# Exclude IntelliJ project settings
+.idea/
+
+# User-specific stuff
+.idea/**/workspace.xml
+.idea/**/tasks.xml
+.idea/**/usage.statistics.xml
+.idea/**/dictionaries
+.idea/**/shelf
+
+# AWS User-specific
+.idea/**/aws.xml
+
+# Generated files
+.idea/**/contentModel.xml
+
+# Sensitive or high-churn files
+.idea/**/dataSources/
+.idea/**/dataSources.ids
+.idea/**/dataSources.local.xml
+.idea/**/sqlDataSources.xml
+.idea/**/dynamic.xml
+.idea/**/uiDesigner.xml
+.idea/**/dbnavigator.xml
+
+# Gradle
+.idea/**/gradle.xml
+.idea/**/libraries
+
+# Gradle and Maven with auto-import
+# When using Gradle or Maven with auto-import, you should exclude module files,
+# since they will be recreated, and may cause churn.  Uncomment if using
+# auto-import.
+# .idea/artifacts
+# .idea/compiler.xml
+# .idea/jarRepositories.xml
+# .idea/modules.xml
+# .idea/*.iml
+# .idea/modules
+# *.iml
+# *.ipr
+
+# CMake
+cmake-build-*/
+
+# Mongo Explorer plugin
+.idea/**/mongoSettings.xml
+
+# File-based project format
+*.iws
+
+# IntelliJ
+out/
+
+# mpeltonen/sbt-idea plugin
+.idea_modules/
+
+# JIRA plugin
+atlassian-ide-plugin.xml
+
+# Cursive Clojure plugin
+.idea/replstate.xml
+
+# SonarLint plugin
+.idea/sonarlint/
+
+# Crashlytics plugin (for Android Studio and IntelliJ)
+com_crashlytics_export_strings.xml
+crashlytics.properties
+crashlytics-build.properties
+fabric.properties
+
+# Editor-based Rest Client
+.idea/httpRequests
+
+# Android studio 3.1+ serialized cache file
+.idea/caches/build_file_checksums.ser

Dockerfile

@@ -0,0 +1,16 @@
+FROM python:3
+
+LABEL org.opencontainers.image.title="OWASP DSOMM metricCA collector for confluence"
+LABEL org.opencontainers.image.source="https://github.com/devsecopsmaturitymodel/collector-confluence/"
+
+COPY requirements.txt /app/requirements.txt
+RUN cd /app && pip install --target=./ --no-cache-dir -r requirements.txt
+COPY *.py /app
+COPY schemata /app
+
+ENV CONFLUENCE_URL ""
+ENV CONFLUENCE_LOGIN ""
+ENV CONFLUENCE_PASSWORD ""
+
+CMD "/app/confluence_collector.py"
+

README.md

@@ -0,0 +1,67 @@
+# Collector for Confluence
+Collects meta-information about conducted threat modeling activities from Confluence wiki pages.
+
+## Meta-information about a Threat Modeling Activity
+
+In the OWASP Foundation community article (Nov 2023) [Threat Modeling Process](https://owasp.org/www-community/Threat_Modeling_Process#threat-model-information),
+lists following meta-information for a threat model:
+
+> Information identifying the threat model typically includes the following:
+>
+> 1. Application Name: The name of the application examined.
+> 2. Application Version: The version of the application examined.
+> 3. Description: A high level description of the application.
+> 4. Document Owner: The owner of the threat modeling document.
+> 5. Participants: The participants involved in the threat modeling process for this application.
+> 6. Reviewer: The reviewer(s) of the threat model.
+
+However, for the purpose of metric collection for DSOMM we adjusted our information demand to:
+
+1. **Application Name**: The name of the application examined.
+2. **Team Name**: The name of the team that owns/maintains the application.
+3. **Title**: The title summarizing the scope or question of the threat modeling.
+4. **Date**: The date when the threat modeling activity was conducted.
+5. **Links**: The list of links to the _threat modeling document_ (main source) 
+   and to supplementary reference material like:
+   - recorded drawings or pictures from physical/virtual whiteboards (e.g. Miro boards)
+   - resulting tickets (e.g. JIRA issues)
+
+See also:
+
+* Blog "Let's Talk About MedSec" (24 Apr 2022): [Threat Modeling Knowledge Bases and Templates](https://tmart234.github.io/threat-model-template/)
+* GitHub Repository from [Izar Tarandach](https://owasp.org/www-board-candidates/2023/izar_tarandach): [izar/pytm](https://github.com/izar/pytm) :
+  A Pythonic framework for threat modeling
+
+## Quickstart
+Prerequisite: Python 3 must be installed.
+
+### Installation
+Steps:
+
+1. Clone the repository source-code
+2. Make sure all required packages are installed
+
+Example:
+```shell
+git clone https://github.com/devsecopsmaturitymodel/collector-confluence.git
+cd collector-confluence
+pip install -r requirements.txt
+```
+
+### Configuration
+We recommend to prepare a `.env` file and specify the confluence URL, account and credentials there.
+
+Example file `.env` (with anonymized data):
+```
+CONFLUENCE_URL='https://example.atlassian.net/wiki'  # change to your Confluence cloud URL
+CONFLUENCE_LOGIN='[email protected]'  # change to your account name/email 
+CONFLUENCE_PASSWORD=''  # fill in your API token from your Atlassian profile
+```
+However, you can also set those environment-variables separately.
+In case both are present, the `.env` file and environment-variables, then the environment-variables are finally used. 
+
+### Run
+Run the Python executable script (e.g. on Linux and macOS):
+```shell
+./confluence_collector.py
+```