.. # ******************************************************************************* # Copyright (c) 2025 Contributors to the Eclipse Foundation # # See the NOTICE file(s) distributed with this work for additional # information regarding copyright ownership. # # This program and the accompanying materials are made available under the # terms of the Apache License Version 2.0 which is available at # https://www.apache.org/licenses/LICENSE-2.0 # # SPDX-License-Identifier: Apache-2.0 # ******************************************************************************* # Some portions generated by Co-Pilot Getting Started ############### .. doc_getstrt:: Getting Started on Security Analysis :id: doc_getstrt__security_analysis :status: valid :tags: security_analysis This document outlines the steps for performing, monitoring, and verifying Security Analysis. Security Analysis is used as an umbrella term for different methods. The concept of performing Security Analysis is described in :need:`doc_concept__security_analysis`. The verification of the architecture is described in :need:`doc_concept__arch_process`. Security Analysis Steps *********************** The goal of the Security Analysis is to prove that the security requirements for functions and security controls are not violated and that they are complete, consistent and correct. The Security Analysis is performed in three steps. * Analyze the architecture with provided methods. * Monitor the Security Analyses and log any issues in the Issue Tracking system with the ``security`` label until the analysis is completed. * Verify the Security Analyses results by using :need:`gd_chklst__security_analysis`. The Security Analysis is completed when the verification is done, no issues are open and the status is "valid". The details of what needs to be done in each step are described in the :need:`gd_guidl__security_analysis`. For the Security Analysis templates are used. The templates are described in the :ref:`security_analysis_threat_templates` and :ref:`security_analysis_templates`.