Legal pillar · v0.16.0
penetration-test PenetrationTest
Pentest engagement record.
$id · https://corpospec.com/schemas/v0.16.0/penetration-test.schema.json
Fields
| Field | Type | Required | Description |
|---|---|---|---|
| confidentiality | Confidentiality | yes | Cross-cutting confidentiality classification used across privacy, security, knowledge, IR pillars. Default rendering rule: `corpospec-report` excludes `Restricted | BoardOnly | InvestorOnly` records from public output unless an explicit audience parameter overrides. See BDR 0076 §1. |
| ended_on | IsoDate | yes | ISO 8601 date (YYYY-MM-DD). |
| entity | PathRef | yes | Path-based cross-reference relative to .corpospec/ root. Pattern: `^[a-z0-9_-]+(/[a-z0-9_.-]+)+$` |
| findings | PentestFinding[] | yes | |
| id | PathRef | yes | Path-based cross-reference relative to .corpospec/ root. Pattern: `^[a-z0-9_-]+(/[a-z0-9_.-]+)+$` |
| in_scope_systems | PathRef[] | yes | PathRefs to systems within scope. |
| kind | PentestKind | yes | Pentest type. |
| knowledge_model | PentestKnowledgeModel | yes | Knowledge model. |
| methodology | PentestMethodology | yes | Methodology framework. |
| retest_due_date | IsoDate | yes | ISO 8601 date (YYYY-MM-DD). |
| scope | string | yes | |
| started_on | IsoDate | yes | Engagement start date. |
| status | PentestStatus | yes | Engagement lifecycle. |
| vendor | string | yes | Vendor / firm conducting the test. |
| attestation_ref | PathRef? | — | PathRef to the attestation letter (for SOC 2 / PCI auditors). |
| report_ref | PathRef? | — | PathRef to the final report. |
Definitions
Shared types referenced within this schema.
Confidentiality
Cross-cutting confidentiality classification used across privacy,
security, knowledge, IR pillars. Default rendering rule: `corpospec-report`
excludes `Restricted | BoardOnly | InvestorOnly` records from public output
unless an explicit audience parameter overrides. See BDR 0076 §1.
IsoDate
ISO 8601 date (YYYY-MM-DD).
type: string
PathRef
Path-based cross-reference relative to .corpospec/ root.
Pattern: `^[a-z0-9_-]+(/[a-z0-9_.-]+)+$`
pattern: ^[a-z0-9_-]+(/[a-z0-9_.-]+)+$
PentestFinding
One finding.
type: object
PentestFindingSeverity
Finding severity (CVSS-aligned).
enum: "informational", "low", "medium", "high", "critical"
PentestKind
Pentest type.
PentestKnowledgeModel
Knowledge model.
PentestMethodology
Methodology framework.
PentestStatus
Engagement lifecycle.
enum: "scoping", "in_progress", "reporting", "awaiting_retest", "closed"
Reference in your YAML
# yaml-language-server: $schema=https://corpospec.com/schemas/v0.16.0/penetration-test.schema.json