The csv_to_oscal_cd task produces an component definition that is not well-formed when a profile is specified for a rule with no mapped controls.
To Reproduce
To show a reproduction of the issue, using an example repository with a validation component use case.
Repository is located here.
Steps to reproduce the behavior:
Clone repository linked above
Run trestle task csv-to-oscal-cd -c data/csv-to-oscal-cd.config
Generate the JSON schemas for OSCAL 1.1.2 per the OSCAL repository directions.
Validate the generated compdef at component-definitions/kube/component-definition.json against generated schema
Observe validation error
Expected behavior
I expected the control-implementations field removed with a warning or an error to inform me that I must specify at least one mapped control if a profile is set.
Screenshots / Logs.
Note: When hovering over the warning Array has too few items. Expected 1 or more.
Describe the bug
The
csv_to_oscal_cdtask produces an component definition that is not well-formed when a profile is specified for a rule with no mapped controls.To Reproduce
To show a reproduction of the issue, using an example repository with a validation component use case. Repository is located here.
Steps to reproduce the behavior:
trestle task csv-to-oscal-cd -c data/csv-to-oscal-cd.configcomponent-definitions/kube/component-definition.jsonagainst generated schemaExpected behavior
I expected the
control-implementationsfield removed with a warning or an error to inform me that I must specify at least one mapped control if a profile is set.Screenshots / Logs.
Note: When hovering over the warning
Array has too few items. Expected 1 or more.Environment
compliance-trestlev.3.2.0