diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 641eb97..b6c2be2 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -6,4 +6,4 @@ updates: schedule: interval: "daily" commit-message: - prefix: ":arrow_up:" \ No newline at end of file + prefix: ":arrow_up:" diff --git a/.github/workflows/autofix-cd.yml b/.github/workflows/autofix-cd.yml index 9c2f50b..c5acec4 100644 --- a/.github/workflows/autofix-cd.yml +++ b/.github/workflows/autofix-cd.yml @@ -21,7 +21,7 @@ jobs: - name: Generate app token uses: tibdex/github-app-token@v2.1.0 id: get_installation_token - with: + with: app_id: ${{ secrets.APP_ID }} private_key: ${{ secrets.PRIVATE_KEY }} permissions: >- @@ -40,4 +40,4 @@ jobs: branch: ${{ inputs.branch }} file_pattern: "*.json,markdown/*" commit_user_name: "trestle-bot[bot]" - commit_user_email: "136850459+trestle-bot[bot]@users.noreply.github.com" \ No newline at end of file + commit_user_email: "136850459+trestle-bot[bot]@users.noreply.github.com" diff --git a/.github/workflows/create-new.yml b/.github/workflows/create-new.yml index 6dfa54a..6a20f0c 100644 --- a/.github/workflows/create-new.yml +++ b/.github/workflows/create-new.yml @@ -1,7 +1,7 @@ name: Component Definitions Create on: workflow_dispatch: - inputs: + inputs: import_name: required: true description: Name of profile in trestle workspace to be imported into the component definition @@ -17,7 +17,7 @@ on: filter_by_profile: required: false description: Filter the component definition control by a separate profile - + jobs: create-component: @@ -27,7 +27,7 @@ jobs: - name: Generate app token uses: tibdex/github-app-token@v2.1.0 id: get_installation_token - with: + with: app_id: ${{ secrets.APP_ID }} private_key: ${{ secrets.PRIVATE_KEY }} permissions: >- @@ -53,4 +53,4 @@ jobs: commit_message: "adds ${{ github.event.inputs.component_name }} component to ${{ github.event.inputs.output }} component definition [skip ci]" pull_request_title: "Add ${{ github.event.inputs.component_name }} component to ${{ github.event.inputs.output }} component definition" github_token: ${{ steps.get_installation_token.outputs.token }} - filter_by_profile: ${{ github.event.inputs.filter_by_profile }} \ No newline at end of file + filter_by_profile: ${{ github.event.inputs.filter_by_profile }} diff --git a/.github/workflows/linters.yml b/.github/workflows/linters.yml index e398d48..fbd49c7 100644 --- a/.github/workflows/linters.yml +++ b/.github/workflows/linters.yml @@ -4,7 +4,7 @@ name: MegaLinter on: push: pull_request: - branches: + branches: - main concurrency: diff --git a/.github/workflows/manual-autofix.yml b/.github/workflows/manual-autofix.yml index 0bb4296..9d0f2e9 100644 --- a/.github/workflows/manual-autofix.yml +++ b/.github/workflows/manual-autofix.yml @@ -8,4 +8,4 @@ jobs: uses: ./.github/workflows/autofix-cd.yml with: branch: ${{ github.ref_name }} - secrets: inherit \ No newline at end of file + secrets: inherit diff --git a/.github/workflows/manual-transform.yml b/.github/workflows/manual-transform.yml index f0a21bd..ff3d16e 100644 --- a/.github/workflows/manual-transform.yml +++ b/.github/workflows/manual-transform.yml @@ -8,4 +8,4 @@ jobs: uses: ./.github/workflows/transform-rules.yml with: branch: ${{ github.ref_name }} - secrets: inherit \ No newline at end of file + secrets: inherit diff --git a/.github/workflows/transform-on-push.yml b/.github/workflows/transform-on-push.yml index 6164c89..26a33db 100644 --- a/.github/workflows/transform-on-push.yml +++ b/.github/workflows/transform-on-push.yml @@ -15,4 +15,4 @@ jobs: uses: ./.github/workflows/transform-rules.yml with: branch: ${{ github.ref_name }} - secrets: inherit \ No newline at end of file + secrets: inherit diff --git a/.github/workflows/transform-rules.yml b/.github/workflows/transform-rules.yml index 9094eac..99f2c6b 100644 --- a/.github/workflows/transform-rules.yml +++ b/.github/workflows/transform-rules.yml @@ -20,7 +20,7 @@ jobs: - name: Generate app token uses: tibdex/github-app-token@v2.1.0 id: get_installation_token - with: + with: app_id: ${{ secrets.APP_ID }} private_key: ${{ secrets.PRIVATE_KEY }} permissions: >- @@ -36,7 +36,7 @@ jobs: with: file_pattern: "*.json,rules/*" branch: ${{ inputs.branch }} - commit_message: "Transform rules to OSCAL [skip-ci]" + commit_message: "Transform rules to OSCAL [skip ci]" commit_user_name: "trestle-bot[bot]" commit_user_email: "136850459+trestle-bot[bot]@users.noreply.github.com" - name: Regenerate component definitions @@ -47,6 +47,6 @@ jobs: file_pattern: "markdown/*" branch: ${{ inputs.branch }} skip_assemble: true - commit_message: "Generate markdown changes [skip-ci]" + commit_message: "Generate markdown changes [skip ci]" commit_user_name: "trestle-bot[bot]" - commit_user_email: "136850459+trestle-bot[bot]@users.noreply.github.com" \ No newline at end of file + commit_user_email: "136850459+trestle-bot[bot]@users.noreply.github.com" diff --git a/.github/workflows/update-profiles.yml b/.github/workflows/update-profiles.yml index 66e4703..0982454 100644 --- a/.github/workflows/update-profiles.yml +++ b/.github/workflows/update-profiles.yml @@ -1,6 +1,6 @@ name: Update upstream content -on: +on: workflow_dispatch: jobs: @@ -11,7 +11,7 @@ jobs: - name: Generate app token uses: tibdex/github-app-token@v2.1.0 id: get_installation_token - with: + with: app_id: ${{ secrets.APP_ID }} private_key: ${{ secrets.PRIVATE_KEY }} permissions: >- @@ -45,3 +45,4 @@ jobs: commit_message: "Generate markdown changes [skip ci]" commit_user_name: "trestle-bot[bot]" commit_user_email: "136850459+trestle-bot[bot]@users.noreply.github.com" + diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index c3df565..75290ce 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -27,7 +27,7 @@ jobs: markdown_path: "markdown/components" oscal_model: "compdef" check_only: true - + # Only autofix if the test job fails and the PR is from the same repo call-autofix: needs: [test] @@ -37,4 +37,4 @@ jobs: uses: ./.github/workflows/autofix-cd.yml with: branch: ${{ github.head_ref }} - secrets: inherit \ No newline at end of file + secrets: inherit diff --git a/.mega-linter.yml b/.mega-linter.yml index 05810d2..99c99ca 100644 --- a/.mega-linter.yml +++ b/.mega-linter.yml @@ -3,6 +3,7 @@ ENABLE_LINTERS: - REPOSITORY_GITLEAKS - ACTION_ACTIONLINT - MARKDOWN_MARKDOWNLINT + - YAML_YAMLLINT - BASH_SHELLCHECK - REPOSITORY_KICS diff --git a/.yamllint.yml b/.yamllint.yml new file mode 100644 index 0000000..94c08b6 --- /dev/null +++ b/.yamllint.yml @@ -0,0 +1,5 @@ +extends: relaxed + +rules: + line-length: + max: 105 diff --git a/component-definitions/example/component-definition.json b/component-definitions/example/component-definition.json index 8fd118f..50774e0 100644 --- a/component-definitions/example/component-definition.json +++ b/component-definitions/example/component-definition.json @@ -1,53 +1,53 @@ { "component-definition": { - "uuid": "231abb61-81ad-4c0e-b2a9-09128de8e67a", + "uuid": "3172756f-df6b-4f45-bb91-83c228963c1a", "metadata": { "title": "Component definition for example", - "last-modified": "2023-10-25T21:25:22+00:00", + "last-modified": "2024-03-15T00:07:34.346682+00:00", "version": "1.0", "oscal-version": "1.0.4" }, "components": [ { - "uuid": "5c3e6d1f-8a90-42d4-97c4-9af36d916ae6", + "uuid": "7b595bb9-c6ec-409c-b109-95e71ddf2f56", "type": "service", "title": "Example", "description": "Example Application", "props": [ { "name": "Rule_Id", - "ns": "https://ibm.github.io/compliance-trestle/schemas/oscal", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal", "value": "Test-rule_001", "remarks": "rule_set_0" }, { "name": "Rule_Description", - "ns": "https://ibm.github.io/compliance-trestle/schemas/oscal", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal", "value": "Ensure all of the services are running these tests", "remarks": "rule_set_0" }, { "name": "Parameter_Id", - "ns": "https://ibm.github.io/compliance-trestle/schemas/oscal", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal", "value": "prm_1", "remarks": "rule_set_0" }, { "name": "Parameter_Description", - "ns": "https://ibm.github.io/compliance-trestle/schemas/oscal", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal", "value": "prm_1 description", "remarks": "rule_set_0" }, { "name": "Parameter_Value_Alternatives", - "ns": "https://ibm.github.io/compliance-trestle/schemas/oscal", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal", "value": "{'default': '5%', '5pc': '5%', '10pc': '10%', '15pc': '15%', '20pc': '20%'}", "remarks": "rule_set_0" } ], "control-implementations": [ { - "uuid": "8f45e213-a818-4d61-80df-2b8563e3641d", + "uuid": "21db09e0-ce6f-4e67-9116-b2358a2f4074", "source": "profiles/fedramp_rev5_high/profile.json", "description": "FedRAMP REV5 High Baseline", "set-parameters": [ @@ -60,14 +60,18 @@ ], "implemented-requirements": [ { - "uuid": "b34fa867-a4a9-44b1-86c5-d3517e8d8d81", + "uuid": "fac395f0-1a36-4c97-b7c4-805c08051a81", "control-id": "ac-1", "description": "", "props": [ { "name": "Rule_Id", - "ns": "https://ibm.github.io/compliance-trestle/schemas/oscal", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal", "value": "Test-rule_001" + }, + { + "name": "implementation-status", + "value": "planned" } ] } diff --git a/markdown/components/example/Example/source_001/ac/ac-1.md b/markdown/components/example/Example/source_001/ac/ac-1.md index a6d75d4..ea23dcb 100644 --- a/markdown/components/example/Example/source_001/ac/ac-1.md +++ b/markdown/components/example/Example/source_001/ac/ac-1.md @@ -18,6 +18,28 @@ x-trestle-global: title: FedRAMP Rev 5 High Baseline href: profiles/fedramp_rev5_high/profile.json sort-id: ac-01 +x-trestle-rules-params: + Example: + - name: prm_1 + description: prm_1 description + options: "{'default': '5%', '5pc': '5%', '10pc': '10%', '15pc': '15%', '20pc': + '20%'}" + rule-id: Test-rule_001 +x-trestle-comp-def-rules-param-vals: + # You may set new values for rule parameters by adding + # + # component-values: + # - value 1 + # - value 2 + # + # below a section of values: + # The values list refers to the values as set by the components, and the component-values are the new values + # to be placed in SetParameters of the component definition. + # + Example: + - name: prm_1 + values: + - 5% --- # ac-1 - \[Access Control\] Policy and Procedures diff --git a/rules/example/Example/rule_1.yml b/rules/example/Example/rule_1.yml index 50b6de5..c35f537 100644 --- a/rules/example/Example/rule_1.yml +++ b/rules/example/Example/rule_1.yml @@ -14,4 +14,4 @@ x-trestle-rule-info: x-trestle-component-info: name: Example description: Example Application - type: service \ No newline at end of file + type: service