Benchmark and STIG support

defenseunicorns / lula

The Compliance Validator

Apache License 2.0

146 stars 23 forks source link

Benchmark and STIG support #386

Open brandtkeller opened 5 months ago

brandtkeller commented 5 months ago

Is your feature request related to a problem? Please describe.

Ability for Lula to support the validation of STIG or other benchmarks as parallel efforts to authorization or accreditation processes.

Describe the solution you'd like

Given a benchmark artifact is supplied to Lula
When performing a validation
Then Lula will perform analysis and provide a result of that benchmark in an OSCAL format

Describe alternatives you've considered

Integration with KubeBench

Additional context

May require direct shell access (Not uncommon for various STIG tooling)

brandtkeller commented 5 months ago

This issue is intended to be an investigation with docs/ADR as the output.

brandtkeller commented 3 months ago

In consideration of a shell domain - review the capability for Lula offer the generic shell domain with an optional allow list or configuration for commands that are permitted without execute escalation. Shifting initial responsibility for managing what is permitted and permissions to the end-user.