search

defenseunicorns / uds-core

A secure runtime platform for mission-critical capabilities
https://uds.defenseunicorns.com
Apache License 2.0
44 stars 18 forks source link

Decompose Istio OSCAL into OSCAL and validations #797

Open CloudBeard opened 1 week ago

CloudBeard commented 1 week ago

Is your feature request related to a problem? Please describe.

Currently the Istio OSCAL is composed using Lula compose prior to being brought into UDS-Core. After discussions with the UDS-Core team it would be good to follow a similar setup that we utilize in the compliance-artifacts repo where OSCAL and validations are developed currently.

By splitting the validations out of the OSCAL will give deeper insights into the items we are checking while enabling other developers to contribute to validations updates as needed.

Describe the solution you'd like

Describe alternatives you've considered

Leave the validations in the OSCAL. Harder to contribute and update as OSCAL is several hundred to thousands of lines of YAML with data/context most developers don't need to focus on. Also puts the burden of learning the OSCAL Schema.

CloudBeard commented 5 days ago

Small Lula bug prevents validating a component-definition that imports a component-definition that contains remote validations.

Link to bug https://github.com/defenseunicorns/lula/issues/683