Compliance as Code

Mutation Patterns

Common patterns for mutating resource properties, enriching connections, and attaching controls to graph nodes.

Mutation Patterns

Common Patterns for Modifying the Graph

Common Mutation Patterns

1. Mutating Resource Properties Directly

Use Case: Add or change properties directly on the targeted resources without creating a new resource or connection. This is often used to enforce explicit states, tags, or statuses.

If you omit the [control.target.resource] block’s type definition but define [control.target.resource.properties], those properties will be applied directly to the matching origin resources.

[[control]]
id = "TVM-04"
name = "Detection Updates"
description = """Define, implement and evaluate processes, procedures and technical
measures to update detection tools, threat signatures, and indicators of compromise
on a weekly, or more frequent basis."""

[[control.target]]
description = "Ensure patch level is latest on all applications and packages."
# You can iterate over multiple resource types by providing an array
origin_resource_types = [ "application", "package" ]

# Because [control.target.resource] type definition is omitted, 
# these properties are applied directly to the origin resources.
[control.target.resource.properties]
patch_level = "latest"
  • Result: Every application and package resource will have its patch_level property updated to "latest".