tohch4
commented
3 years ago - [x] Move from hard-coded files to parameters
- [x] Dynamically get component name from InSpec Profile JSON file
- [ ] Dynamically populate some metadata (or do so via parameters)
Open tohch4 opened 3 years ago
tohch4
commented
3 years ago tohch4
commented
3 years ago @gregelin I took a little longer than planned and might need to revisit this later in the evening. Just added reading in the component name from the Inspec name attribute raw to show approach, not sure that is what you want in our case.
Additionally, instead of prompting the user for the intermediate 800-53 control map filename and NDJSON filename, I just infix to the name of the result file add the stage name in between the final result component file and the extension (.json except for the NDJSON file, which I opt for .txt like you for obvious reasons).
Can you give me an example of some parameters you would want to see dynamically populated, and I move forward with that today/tomorrow by the afternoon?
Also I left that the original files as defaults for now. If you want to tune up or down the log level:
python3 utils/inspec_nist_mapper.py -h # See options, you probably knew this.
python3 utils/inspec_nist_mapper.py # Defaults to INFO log level for now.
LOGLEVEL=DEBUG python3 utils/inspec_nist_mapper.py # Also show DEBUG statements, only 1 or 2 for now, saves my bacon enough I copy this into util scripts all the time. 
aaronlippold
commented
3 years ago I think this is looking good.
Let's have a quick sync call with @rbclark @aaronlippold and team to make sure we are hitting the mark.
@aaronlippold notes this conversation should also be implemented using inspecjs as well so we have both a javascript approach and a python approach. Luckly, it should be easy.
tohch4
commented
3 years ago @aaronlippold cool, I too would be interested in experimenting with similar mapping activity from Inspec to the an OSCAL component with InspecJS, but I was of course leaning on GovReady's and its models and code to transform into an OSCAL component. I would like to find out more about getting the right shape of data in the SSP, SAP, and SAR (as I am not 100% confident that is right, but I can tell we got the approach down).
I forked InspecJS to play around, so maybe I can be of some use there.
Sadly, there are not many examples upstream, so can we bring this up in the upcoming ATARC meeting?
Also, should we throw up some tasks in the FreedCamp board or here? I have just been using the issue tracker in this repo for laziness and to be low friction.