Reporting of number of controls met by component definitions - Githubissues

defenseunicorns / lula

The Compliance Validator

Apache License 2.0

152 stars 23 forks source link

Reporting of number of controls met by component definitions #223

Open brandtkeller opened 10 months ago

brandtkeller commented 10 months ago

Is your feature request related to a problem? Please describe.

Ability to report on the number of controls present in a component definition - filtered by control-implementation source and framework.

Describe the solution you'd like

Given a component definition is present
When lula report is executed
Then a report logged to stdout to capture number of controls based on the above filter

Additional context

This would pave the way for future reporting on percentage of controls (when Lula can properly process both catalogs and profiles).

Expected Deliverable

[ ] Report Command added
[ ] Ability to ingest component-definition files (error otherwise)
[ ] Aggregate number of controls by control-implementation source and framework
[ ] Log report to stdout
[ ] Tests
[ ] Docs

brandtkeller commented 5 months ago

flowchart TD
    A[Report] -->|default/specified OSCAL files| B(Build Report)
    B --> C{Check for existence of models & Collect/identify Catalog}
    C -->|Components Exist| D[Component Report]
    C -->|SSP Exists| E[System Report]
    C -->|Assessment Results Exist| F[Assessment Report]

CloudBeard commented 5 months ago

That makes perfect sense ^