Open Telos-sa opened 1 month ago
iMichaela
commented
1 month ago @Telos-sa - Please provide the oscal-cli version. Not clear this is an OSCAL bug. Further analysis is needed. Looking at the example above, I am guessing it is a FedRAMP example. Please confirm the origin of the example provided as valid and the oscal-cli version.
Telos-sa
commented
1 month ago Now using oscal-cli v1.0.3 from https://github.com/usnistgov/oscal-cli.
The same sections of the schema provided in the initial issue are still being flagged, its just slightly less descriptive:
iMichaela
commented
1 month ago @Telos-sa - Can you provide please the entire file (curated) via email at oscal@nist.gov. The snippets are not providing full proof that the data is in the right place.
The first error tells that the 3rd link of the 9th component from the list of components included in the system-implementation of your SSP is not found among the keys of the components listed in the system-implementation.
The second error tells that the 2rd link of the 11th component from the list of components included in the system-implementation of your SSP is not found among the keys of the components listed in the system-implementation.
Describe the bug
Errors from oscal-cli:
These uuid references are established correctly, but are being flagged by the oscal-cli: Error 1: Software being referenced:
Reference point from service component:
Error 2: Software being referenced:
Reference point from service component:
Who is the bug affecting
Any user attempting to accurately validate and OSCAL SSP that establishes 'provided-by' links between software and services.
What is affected by this bug
OSCAL Content
How do we replicate this issue
Expected behavior (i.e. solution)
No errors should be raised for 'provided-by' links that are established correctly
Other comments
No response
Revisions
No response