search

oscal-compass / compliance-trestle

An opinionated tooling platform for managing compliance as code, using continuous integration and NIST's OSCAL standard.
https://oscal-compass.github.io/compliance-trestle
Apache License 2.0
165 stars 61 forks source link

`csv_to_oscal_cd` task produces component definition that is not well-formed in some scenarios #1606

Open jpower432 opened 4 months ago

jpower432 commented 4 months ago

Describe the bug

The csv_to_oscal_cd task produces an component definition that is not well-formed when a profile is specified for a rule with no mapped controls.

To Reproduce

To show a reproduction of the issue, using an example repository with a validation component use case. Repository is located here.

Steps to reproduce the behavior:

  1. Clone repository linked above
  2. Run trestle task csv-to-oscal-cd -c data/csv-to-oscal-cd.config
  3. Generate the JSON schemas for OSCAL 1.1.2 per the OSCAL repository directions.
  4. Validate the generated compdef at component-definitions/kube/component-definition.json against generated schema
  5. Observe validation error

Expected behavior

I expected the control-implementations field removed with a warning or an error to inform me that I must specify at least one mapped control if a profile is set.

Screenshots / Logs.

Screenshot from 2024-06-28 07-48-55

Note: When hovering over the warning Array has too few items. Expected 1 or more.

Environment

github-actions[bot] commented 1 week ago

This issue has been automatically marked as stale because it has not had activity within 90 days. It will be automatically closed if no further activity occurs within 30 days.

jpower432 commented 1 week ago

This issue is still needed