CWL

Jan 1, 0001

Definition

CWL, or Common Workflow Language, is a specification for describing data analysis workflows in a way that is portable and scalable across a variety of computing environments. It allows for the definition of workflows and tools using a standardized YAML or JSON format, enabling interoperability and reuse of workflows across different platforms. CWL is designed to be platform-agnostic, facilitating the execution of complex data processing tasks in a reproducible manner.

Secure Settings Example

cwlVersion: v1.0
class: CommandLineTool
baseCommand: echo
inputs:
  message:
    type: string
    inputBinding:
      position: 1
outputs: []
requirements:
  InlineJavascriptRequirement: {}
  NetworkAccess:
    networkAccess: false

In this example, the NetworkAccess requirement is set to false, ensuring that the tool does not have network access, which is a best practice to prevent unauthorized data exfiltration or external attacks.

Insecure Settings Example

cwlVersion: v1.0
class: CommandLineTool
baseCommand: echo
inputs:
  message:
    type: string
    inputBinding:
      position: 1
outputs: []
requirements:
  InlineJavascriptRequirement: {}
  NetworkAccess:
    networkAccess: true

Here, the NetworkAccess requirement is set to true, which can be insecure as it allows the tool to access the network, potentially exposing sensitive data or allowing for external attacks.

CWL

Definition

Secure Settings Example

Insecure Settings Example

Ask AppSec: free security newsletter

Ask AppSec: free security newsletter