Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

docs: adds contributing guide and usage examples #38

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
+137 −20
Open

docs: adds contributing guide and usage examples #38

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
73 changes: 73 additions & 0 deletions CONTRIBUTING.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,73 @@
# Contributing to oscal-sdk-go

Thank you for your interest in `oscal-sdk-go`!
Our project welcomes external contributions.

## How to Contribute

To contribute code or documentation, please submit a [pull request](https://github.com/oscal-compass/oscal-sdk-go/pulls).

It is preferable that a pull request relates to an existing issue. If you find a bug or want to suggest a feature, please submit
a GitHub [issue](https://github.com/oscal-compass/oscal-sdk-go/issues) first.
This is not required for minor changes like typos in documentation.

## Development

### Run tests

```bash
make test-unit
```

### Format and Style

**Requires [`golangci-lint`](https://golangci-lint.run/welcome/quick-start/)**

```bash
make format
# For issue identification
make vet
# Linting
make lint
```

## Legal

Each source file must include a license header for the Apache
Software License 2.0. Using the SPDX format is the simplest approach.

e.g.
```text
/*
Copyright 2025 The OSCAL Compass Authors
SPDX-License-Identifier: Apache-2.0
*/
```

### Sign your work

We have tried to make it as easy as possible to make contributions. This
applies to how we handle the legal aspects of contribution.

We use the same approach - the [Developer's Certificate of Origin 1.1 (DCO)](https://oscal-compass.github.io/compliance-trestle/latest/contributing/DCO/) - that the Linux® Kernel [community](https://developercertificate.org/)
uses to manage code contributions.

We simply ask that when submitting a patch for review, the developer
must include a sign-off statement in the commit message.

Here is an example Signed-off-by line, which indicates that the
submitter accepts the DCO:

```text
Signed-off-by: John Doe <[email protected]>
```

You can include this automatically when you commit a change to your
local git repository using the following command:

```bash
git commit --signoff
```

Note that DCO signoff is enforced by [DCO bot](https://github.com/probot/dco). Missing DCO's will be required to be rebased
with a signed off commit before being accepted.
84 changes: 64 additions & 20 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,9 @@
# oscal-sdk-go

[![Go Report Card](https://goreportcard.com/badge/github.com/oscal-compass/oscal-sdk-go)](https://goreportcard.com/report/github.com/oscal-compass/oscal-sdk-go)
[![GoDoc](https://img.shields.io/static/v1?label=godoc&message=reference&color=blue)](https://pkg.go.dev/github.com/oscal-compass/oscal-sdk-go)
[![OpenSSF Scorecard](https://api.scorecard.dev/projects/github.com/oscal-compass/oscal-sdk-go/badge)](https://scorecard.dev/viewer/?uri=github.com/oscal-compass/oscal-sdk-go)

`oscal-sdk-go` complements the `compliance-trestle` SDK by providing the core SDK functionality in Go.

> WARNING: This project is currently under initial development. APIs may be changed incompatibly from one commit to another.
Expand All @@ -8,33 +12,73 @@

Below is a table to show what is currently supported by the SDK.

| SDK Functionality | Supported |
|-------------------------------------------|-----------|
| OSCAL Types with Basic Trestle Extensions | &#10003; |
| OSCAL Schema Validation | |
| Target Components Extension | |
| Multiple Parameters per Rule | |
| OSCAL to OSCAL Transformation | &#10003; |
| OSCAL Constraints Validation | |
| SDK Functionality | Supported |
|-------------------------------------------|--------------------|
| OSCAL Types with Basic Trestle Extensions | :heavy_check_mark: |
| OSCAL Schema Validation | :x: |
| Target Components Extension | :x: |
| Multiple Parameters per Rule | :x: |
| OSCAL to OSCAL Transformation | :heavy_check_mark: |
| OSCAL Constraints Validation | :x: |


## Get Started

## Run tests
Add the module as dependency to your project:

```bash
make test-unit
```console
go get github.com/oscal-compass/oscal-sdk-go
```

## Format and Style
### SDK Terms

[`Extensions`](https://github.com/oscal-compass/oscal-sdk-go/tree/main/extensions): `oscal-compass` uses OSCAL properties to [extend](https://pages.nist.gov/OSCAL/learn/tutorials/general/extension/#props) OSCAL.
[`Rules`](https://github.com/oscal-compass/oscal-sdk-go/tree/main/rules): Rules are associated with Components and define a mechanism to verify the proper implementation of technical controls.
[`Settings`](https://github.com/oscal-compass/oscal-sdk-go/tree/main/settings): Settings define adjustments to fine-tune pre-defined options in Rules for the implementation of a specific compliance framework.

### Perform a Transformation

```go
import (
...
oscalTypes "github.com/defenseunicorns/go-oscal/src/types/oscal-1-1-2"

**Requires [`golangci-lint`](https://golangci-lint.run/welcome/quick-start/)**
"github.com/oscal-compass/oscal-sdk-go/generators"
"github.com/oscal-compass/oscal-sdk-go/transformers"
)

```bash
make format
# For issue identification
make vet
# Linting
make lint
func main() {
file, err := os.Open("path-to-my-compdef")
if err != nil {
log.Fatalf("failed to open component definition, %v", err)
}
definition, err := generators.NewComponentDefinition(file)
if err != nil {
log.Fatalf("failed to read component definition, %v", err)
}

if definition != nil {
assessmentPlan, err := transformers.ComponentDefinitionsToAssessmentPlan(context.Background(), []oscalTypes.ComponentDefinition{*definition}, "example-framework")
if err != nil {
log.Fatalf("failed to create assessment plan, %v", err)
}
assessmentPlanJSON, err := json.MarshalIndent(assessmentPlan, "", " ")
if err != nil {
log.Fatalf("failed to marshal assessment plan, %v", err)
}
fmt.Println(assessmentPlanJSON)
}
}
```

# Acknowledgments
## Contributing

Our project welcomes external contributions. Please see `CONTRIBUTING.md` to get started.

## Code of Conduct

Participation in the OSCAL Compass community is governed by the [Code of Conduct](https://github.com/oscal-compass/community/blob/main/CODE_OF_CONDUCT.md).

## Acknowledgments

This project leverages [`go_oscal`](https://github.com/defenseunicorns/go-oscal) to provide Go types for the OSCAL schema.