Add OSCAL content and configure CI processing.

cloud-native-security-controls / controls-catalog

Apache License 2.0

16 stars 7 forks source link

Add OSCAL content and configure CI processing. #25

Closed xee5ch closed 1 year ago

xee5ch commented 1 year ago

Closes #3.

xee5ch commented 1 year ago

There is much work to be done @JonZeolla, but perhaps I can come to the bi-weekly sync, talk about how I would envision catalog processing work in a CI system to meet your needs. I also have some questions about controls. Sounds good?

JonZeolla commented 1 year ago

@xee5ch sounds great! Also happy to discuss anything async as you have time. Whatever is easiest for you

JonZeolla commented 1 year ago

@xee5ch have you had a chance to look at this lately? Let me know if I can help - thanks!

xee5ch commented 1 year ago

@xee5ch have you had a chance to look at this lately? Let me know if I can help - thanks!

Sorry it has been so long, I will get back on this tonight and during the course of the week!

JonZeolla commented 1 year ago

@xee5ch can you share a bit of how you're generating these outputs? I would love something we could put as a github action or have others run to perform updates. That will be especially useful for the CNSWPv3 work

xee5ch commented 1 year ago

@xee5ch can you share a bit of how you're generating these outputs? I would love something we could put as a github action or have others run to perform updates. That will be especially useful for the CNSWPv3 work

Let me plug away at this and we meet later this week? I actually pushed out a new GitHub Action in the interim to address some of these needs and simplify some of the content management use cases we need.

xee5ch commented 1 year ago

OK, @JonZeolla, let's meet again later this week to sync up. trestle looks viable with the PR as-is, but the output is messy for now.

https://gist.github.com/xee5ch/f74bbc8d4cafcff0e6413d32a3a102e0

I am not sure about what is the "right way" (or maybe only way) to clean up all the nulls (it'd be super preferable to just drop any JSON object map property that is null and not even specify them) and we need to talk about the metadata info and backmatter stuff. The latter things are a matter of taste, and we can hard-code them into the Python tool or we can parameterize those in a settings file and work around it.

JonZeolla commented 1 year ago

Looks like we need to fill out - some examples below, but look at the JSON schema (good example here):

"published": Datetime
"revisions": [Github URI]
"document_ids": CNSWPv1
"links": ["link to the white paper"]
"roles": null,
"locations": Insert website (github repo?)
"parties": null,
"responsible_parties": null,
"remarks": null