diff --git a/.tool-versions b/.tool-versions index 7e05263d3..c1bdf69c1 100644 --- a/.tool-versions +++ b/.tool-versions @@ -1 +1,2 @@ -oscal-cli 2.4.0 \ No newline at end of file +oscal-cli 2.4.0 +oscal-server v1.0.0-SNAPSHOT-6363f60-20241202160440 \ No newline at end of file diff --git a/features/fedramp_extensions.feature b/features/fedramp_extensions.feature index a59781806..29eefbf85 100644 --- a/features/fedramp_extensions.feature +++ b/features/fedramp_extensions.feature @@ -36,6 +36,7 @@ Examples: | cia-impact-has-selected | | cloud-service-model | | component-has-authentication-method | + | component-has-provider-responsible-role | | component-type | | control-implementation-status | | data-center-alternate | @@ -108,9 +109,11 @@ Examples: | leveraged-authorization-has-authorization-type | | leveraged-authorization-has-impact-level | | leveraged-authorization-has-system-identifier | + | leveraged-authorization-has-valid-impact-level | | leveraged-authorization-nature-of-agreement | | marking | | missing-response-components | + | network-component-has-implementation-point | | party-has-name | | privilege-level | | prop-response-point-has-cardinality-one | @@ -177,6 +180,8 @@ Examples: | cloud-service-model-PASS.yaml | | component-has-authentication-method-FAIL.yaml | | component-has-authentication-method-PASS.yaml | + | component-responsible-role-references-party-FAIL.yaml | + | component-responsible-role-references-party-PASS.yaml | | component-type-FAIL.yaml | | component-type-PASS.yaml | | control-implementation-status-FAIL.yaml | @@ -321,12 +326,16 @@ Examples: | leveraged-authorization-has-impact-level-PASS.yaml | | leveraged-authorization-has-system-identifier-FAIL.yaml | | leveraged-authorization-has-system-identifier-PASS.yaml | + | leveraged-authorization-has-valid-impact-level-FAIL.yaml | + | leveraged-authorization-has-valid-impact-level-PASS.yaml | | leveraged-authorization-nature-of-agreement-FAIL.yaml | | leveraged-authorization-nature-of-agreement-PASS.yaml | | marking-FAIL.yaml | | marking-PASS.yaml | | missing-response-components-FAIL.yaml | | missing-response-components-PASS.yaml | + | network-component-has-implementation-point-FAIL.yaml | + | network-component-has-implementation-point-PASS.yaml | | party-has-name-FAIL.yaml | | party-has-name-PASS.yaml | | privilege-level-FAIL.yaml | diff --git a/package-lock.json b/package-lock.json index 698520ddb..60f071366 100644 --- a/package-lock.json +++ b/package-lock.json @@ -15,7 +15,7 @@ "inquirer": "^10.1.8", "js-yaml": "^4.1.0", "jsdom": "^25.0.0", - "oscal": "2.0.6", + "oscal": "2.0.7", "ts-node": "^10.9.2", "xml-formatter": "^3.6.3", "xml2js": "^0.6.2" @@ -2694,9 +2694,9 @@ } }, "node_modules/oscal": { - "version": "2.0.6", - "resolved": "https://registry.npmjs.org/oscal/-/oscal-2.0.6.tgz", - "integrity": "sha512-+hSDqr7Ddi3qqvAaSN8XRsrrgxrsORfvLVZIpgrTz/AzWum0R+PnCFlxQ9+KMuptxXW9kAcfAwyXmhdIjaZV8g==", + "version": "2.0.7", + "resolved": "https://registry.npmjs.org/oscal/-/oscal-2.0.7.tgz", + "integrity": "sha512-V924hmb+QZDuBJGLH63RZui7yzrpVvSQAq9TvWCt2XacrpXqiYwEst0ZyyWza9wrt4zEXJrhAP3wzz1oj38pHA==", "license": "MIT", "dependencies": { "@terascope/fetch-github-release": "^0.8.10", diff --git a/package.json b/package.json index 91480fb81..c78d588e4 100644 --- a/package.json +++ b/package.json @@ -28,7 +28,7 @@ "inquirer": "^10.1.8", "js-yaml": "^4.1.0", "jsdom": "^25.0.0", - "oscal": "2.0.6", + "oscal": "2.0.7", "ts-node": "^10.9.2", "xml-formatter": "^3.6.3", "xml2js": "^0.6.2" diff --git a/src/validations/constraints/content/ssp-all-VALID.xml b/src/validations/constraints/content/ssp-all-VALID.xml index ead67e6a6..009f791bb 100644 --- a/src/validations/constraints/content/ssp-all-VALID.xml +++ b/src/validations/constraints/content/ssp-all-VALID.xml @@ -264,7 +264,7 @@ GovCloud - + f0bc13a4-3303-47dd-80d3-380e159c8362 2015-01-01 @@ -301,21 +301,47 @@

This is the primary application server for the system.

- + + Firebase CLI Connection + +

CLI for updating firebase Secure connection to an external API for data enrichment.

+
+ + +

Some description of the authentication method.

+
+
+ + + + + + + + 11111111-0000-4000-9000-000000000001 + + +

This connection is used for secure data exchange with external systems.

+
+
An External Leveraged System

An external leveraged system.

+ -

Some description of the authentication method.

+

Some description of the external authentication method.

-
+ + 11111111-0000-4000-9000-000000000001 + + External API Connection @@ -323,6 +349,7 @@

Secure connection to an external API for data enrichment.

+ @@ -332,6 +359,9 @@ + + 11111111-0000-4000-9000-000000000001 + 11111111-0000-4000-9000-000000000001 @@ -348,6 +378,9 @@ + + +

Some description of the authentication method.

@@ -355,6 +388,9 @@
+ + 11111111-0000-4000-9000-000000000001 +
diff --git a/src/validations/constraints/content/ssp-component-has-provider-responsible-role-INVALID.xml b/src/validations/constraints/content/ssp-component-has-provider-responsible-role-INVALID.xml new file mode 100644 index 000000000..32eef91e2 --- /dev/null +++ b/src/validations/constraints/content/ssp-component-has-provider-responsible-role-INVALID.xml @@ -0,0 +1,12 @@ + + + + + + + 11111111-0000-4000-9000-000000000001 + 11111111-0000-4000-9000-000000000002 + + + + \ No newline at end of file diff --git a/src/validations/constraints/content/ssp-leveraged-authorization-has-valid-impact-level-INVALID.xml b/src/validations/constraints/content/ssp-leveraged-authorization-has-valid-impact-level-INVALID.xml new file mode 100644 index 000000000..13bf1f266 --- /dev/null +++ b/src/validations/constraints/content/ssp-leveraged-authorization-has-valid-impact-level-INVALID.xml @@ -0,0 +1,10 @@ + + + fips-199-moderate + + + + + + + \ No newline at end of file diff --git a/src/validations/constraints/content/ssp-leveraged-authorization-has-valid-impact-level-VALID.xml b/src/validations/constraints/content/ssp-leveraged-authorization-has-valid-impact-level-VALID.xml new file mode 100644 index 000000000..f3c9ec506 --- /dev/null +++ b/src/validations/constraints/content/ssp-leveraged-authorization-has-valid-impact-level-VALID.xml @@ -0,0 +1,532 @@ + + + + Enhanced Example System Security Plan + 2024-08-01T14:30:00Z + 2024-08-01T14:30:00Z + 1.1 + 1.1.2 + SSP-2024-002 + + + + Authorizing Official + +

Senior official with authority to formally assume responsibility for operating a system at an acceptable level of risk.

+
+
+ + Prepared By + +

This party prepared the SSP.

+
+
+ + Prepared For + +

The organization for which this SSP was prepared. Typically the CSP.

+
+
+ + Document Creator + + + Content Approver + + + System Administrator + + + Asset Owner + + + System Owner + + + Authorizing Official Point of Contact + + + Information System Security Officer (or Equivalent) + + + Information System Management Point of Contact (POC) + +

The highest level manager who is responsible for system operation on behalf of the System Owner.

+
+
+ + Information System Technical Point of Contact + +

The individual or individuals leading the technical operation of the system.

+
+
+ + General Point of Contact (POC) + +

A general point of contact for the system, designated by the system owner.

+
+
+ + + CSP HQ +
+ Suite 0000 + 1234 Some Street + Haven + ME + 00000 + US +
+
+ +
+ US +
+ +
+ +
+ US +
+ +
+ + Person Name 1 + + + name@example.com + 2020000001 + 27b78960-59ef-4619-82b0-ae20b9c709ac + 6b286b5d-8f07-4fa7-8847-1dd0d88f73fb + + + Cloud Service Provider (CSP) Name + CSP Acronym/Short Name + + 27b78960-59ef-4619-82b0-ae20b9c709ac + + + Example Organization + ExOrg + + + + Jane Doe + jane.doe@example.com +
+ + + + 3360e343-9860-4bda-9dfc-ff427c3dfab6 + + + 6b286b5d-8f07-4fa7-8847-1dd0d88f73fb + + + 11111111-0000-4000-9000-000000000001 + + + 22222222-0000-4000-9000-000000000002 + + + + 22222222-0000-4000-9000-000000000002 + + + 22222222-0000-4000-9000-000000000002 + + + 22222222-0000-4000-9000-000000000002 + + + 22222222-0000-4000-9000-000000000002 + + + 22222222-0000-4000-9000-000000000002 + + + 22222222-0000-4000-9000-000000000002 + + + 22222222-0000-4000-9000-000000000002 + + + +

This SSP is an example for demonstration purposes.

+
+ + + + + + F00000001 + Enhanced Example System + System's Short Name or Acronym + +

This is an enhanced example system for demonstration purposes, incorporating more FedRAMP-specific elements.

+
+ + +

Remarks are required if deployment model is "hybrid-cloud" or "other". Optional otherwise.

+
+
+ + +

Remarks are required if service model is "other". Optional otherwise.

+
+
+ + + + + + fips-199-moderate + + + Financial Information + +

Contains sensitive financial data related to organizational operations.

+
+ + C.2.8.12 + + + fips-199-high + fips-199-high + + + + fips-199-moderate + fips-199-low + +

Required if the base and selected values do not match.

+
+
+ + fips-199-high + fips-199-low + +

Required if the base and selected values do not match.

+
+
+
+
+ + fips-199-moderate + fips-199-moderate + fips-199-moderate + + + + +

The authorization boundary includes all components within the main data center and the disaster recovery site.

+
+ + +

A diagram-specific explanation.

+
+ + Authorization Boundary Diagram +
+
+ + +

A holistic, top-level explanation of the network architecture.

+
+ + +

A diagram-specific explanation.

+
+ + Network Diagram +
+
+ + +

A holistic, top-level explanation of the system's data flows.

+
+ + +

A diagram-specific explanation.

+
+ + Data Flow Diagram +
+
+
+ + + + GovCloud + + + + f0bc13a4-3303-47dd-80d3-380e159c8362 + 2020-01-01 + + + System Administrator + + + + system-admin + + Admin +

admin user

+ administration +
+ +
+ + + Primary Application Server + +

Main application server hosting the core system functionality.

+
+ main line + + + 11111111-0000-4000-9000-000000000001 + + +

This is the primary application server for the system.

+
+
+ + + External API Connection + +

Secure connection to an external API for data enrichment.

+
+ + + + + 11111111-0000-4000-9000-000000000001 + + +

This connection is used for secure data exchange with external systems.

+
+
+ + + +

Primary database server

+
+ + + + + + + + 11111111-0000-4000-9000-000000000001 + + + + +
+ + + +

Secondary database server

+
+ + + + + + + + 11111111-0000-4000-9000-000000000001 + + + + +
+ +
+ + + +

Implementation of controls for the Enhanced Example System

+
+ + + + + + + +

Access Control Policy and Procedures (AC-1) is fully implemented in our system.

+
+ + + 11111111-0000-4000-9000-000000000001 + +
+
+ + + + + + + +

Information System Component Inventory (CM-8) is partially implemented.

+
+ + + 11111111-0000-4000-9000-000000000001 + +
+
+
+ + + + Access Control Policy + +

Detailed access control policy document

+
+ + +
+ + User's Guide + +

User's Guide

+
+ + + + +

Table 12-1 Attachments: User's Guide Attachment

+

May use rlink with a relative path, or embedded as base64.

+
+
+ + Document Title + +

Rules of Behavior

+
+ + + + + 00000000 + +

Table 12-1 Attachments: Rules of Behavior (ROB)

+

May use rlink with a relative path, or embedded as base64.

+
+
+ + Document Title + +

Contingency Plan (CP)

+
+ + + + + 00000000 + +

Table 12-1 Attachments: Contingency Plan (CP) Attachment

+

May use rlink with a relative path, or embedded as base64.

+
+
+ + Document Title + +

Configuration Management (CM) Plan

+
+ + + + + 00000000 + +

Table 12-1 Attachments: Configuration Management (CM) Plan Attachment

+

May use rlink with a relative path, or embedded as base64.

+
+
+ + Document Title + +

Incident Response (IR) Plan

+
+ + + + + 00000000 + +

Table 12-1 Attachments: Incident Response (IR) Plan Attachment

+

May use rlink with a relative path, or embedded as base64.

+
+
+ + Separation of Duties Matrix + +

Separation of Duties Matrix

+
+ + + + + 00000000 + +

May use rlink with a relative path, or embedded as base64.

+
+
+ + + + Authorization Boundary + +

Authorization Boundary Diagram

+
+ + + + + 00000000 + +

May use rlink with a relative path, or embedded as base64.

+
+
+ + + Network Architecture + +

Network Architecture Diagram

+
+ + + + + 00000000 + +

May use rlink with a relative path, or embedded as base64.

+
+
+ + + Data Flow + +

Data flow Diagram

+
+ + + + + 00000000 + +

May use rlink with a relative path, or embedded as base64.

+
+
+
+ \ No newline at end of file diff --git a/src/validations/constraints/content/ssp-network-component-has-implementation-point-INVALID-2.xml b/src/validations/constraints/content/ssp-network-component-has-implementation-point-INVALID-2.xml new file mode 100644 index 000000000..03dc7f5f1 --- /dev/null +++ b/src/validations/constraints/content/ssp-network-component-has-implementation-point-INVALID-2.xml @@ -0,0 +1,33 @@ + + + + + Firebase CLI Connection + +

CLI for updating firebase Secure connection to an external API for data enrichment.

+
+ + + +
+ + Firebase CLI Connection + +

CLI for updating firebase Secure connection to an external API for data enrichment.

+
+ + +
+ + nvm CLI Connection + +

CLI for updating nvm Secure connection to an external API for data enrichment.

+
+ + +
+
+
\ No newline at end of file diff --git a/src/validations/constraints/content/ssp-network-component-has-implementation-point-INVALID.xml b/src/validations/constraints/content/ssp-network-component-has-implementation-point-INVALID.xml new file mode 100644 index 000000000..edf5f534c --- /dev/null +++ b/src/validations/constraints/content/ssp-network-component-has-implementation-point-INVALID.xml @@ -0,0 +1,25 @@ + + + + + Firebase CLI Connection + +

CLI for updating firebase Secure connection to an external API for data enrichment.

+
+ + +
+ + Firebase CLI Connection + +

CLI for updating firebase Secure connection to an external API for data enrichment.

+
+ + +
+ +
+
\ No newline at end of file diff --git a/src/validations/constraints/fedramp-external-constraints.xml b/src/validations/constraints/fedramp-external-constraints.xml index f0a36445b..e413feb0b 100644 --- a/src/validations/constraints/fedramp-external-constraints.xml +++ b/src/validations/constraints/fedramp-external-constraints.xml @@ -4,26 +4,6 @@ - - - - - Fedramp Version - - A FedRAMP document's metadata MUST define a valid FedRAMP version. - -

All documents in a digital authorization package for FedRAMP must specify the version that identifies which FedRAMP policies, guidance, and technical specifications its authors used during the creation and maintenance of the package.

-

FedRAMP maintains an official list of the versions on the fedramp-automation releases page. Unless noted otherwise, a valid version is a published tag name.

-
-
- - FedRAMP data sensitivity classification identifier. - - A FedRAMP document MUST have a marking that defines its data classification. - -
-
- @@ -81,11 +61,22 @@ + Component Has Authentication Method A FedRAMP SSP MUST include at least one authentication method for each leveraged system. + + Component Has Provider Responsible Role + + A FedRAMP SSP MUST have each component describing leveraged systems, interconnections, or authorized services identify a "provider" role that references one responsible party. + Has Authorization Boundary Diagram Link Href Target @@ -113,7 +104,12 @@

A FedRAMP SSP MUST use a valid FedRAMP catalog to reference security controls. It MUST NOT reference controls from a non-FedRAMP catalog.

-
+ + + Leveraged Authorization Has Valid Impact Level + + A FedRAMP SSP MUST define the appropriate FIPS-199 impact level (low, moderate, or high) for each leveraged authorization. +
@@ -270,30 +266,6 @@ - - - - - - Fully Operational Date Is Valid - - A system MUST be fully implemented prior to submitting the SSP to FedRAMP. - - - Fully Operational Date Type - - - - - - Fully Operational Date - - A FedRAMP SSP MUST define the system's fully operational date. - - - @@ -325,6 +297,16 @@ A FedRAMP SSP information type confidentiality, integrity, or availability impact MUST specify the selected impact. + + Fully Operational Date Is Valid + + A system MUST be fully implemented prior to submitting the SSP to FedRAMP. + + + Fully Operational Date Type + + A FedRAMP SSP MUST specify the system's fully operational data as a "full-date" per RFC3339 with the addition of a timezone. + Has Authenticator Assurance Level @@ -433,6 +415,11 @@ A FedRAMP SSP MUST define its NIST SP 800-63 federation assurance level (FAL). + + Fully Operational Date + + A FedRAMP SSP MUST define the system's fully operational date. + Has Identity Assurance Level @@ -520,14 +507,20 @@ - - - - - System Implementation Has Inventory Items - - A FedRAMP SSP system implementation section MUST have at least two inventory items. - + + + + + + Authentication Method Has Remarks + + Each authentication method in a FedRAMP SSP MUST have a remarks field. + + + System Implementation Has Inventory Items + + A FedRAMP SSP system implementation section MUST have at least two inventory items. + Leveraged Authorization Has Authorization Type @@ -548,18 +541,43 @@ All network components in a FedRAMP SSP system implementation MUST define at least one interconnection security property. - - + + Unique Asset Identifier + Ensure each inventory item has a unique asset-id property. + + + +

A FedRAMP SSP's inventory item MUST have an Asset ID that is unique across all inventory items in the system and its components.

+
+
+
+
+ + + Fedramp Version + + A FedRAMP document's metadata MUST define a valid FedRAMP version. + +

All documents in a digital authorization package for FedRAMP must specify the version that identifies which FedRAMP policies, guidance, and technical specifications its authors used during the creation and maintenance of the package.

+

FedRAMP maintains an official list of the versions on the fedramp-automation releases page. Unless noted otherwise, a valid version is a published tag name.

+
+
Has Published Date All documents submitted to FedRAMP MUST define a valid publication date. + + FedRAMP data sensitivity classification identifier. + + A FedRAMP document MUST have a marking that defines its data classification. +
-
+ + @@ -573,11 +591,6 @@ - - Authentication Method Has Remarks - - Each authentication method in a FedRAMP SSP MUST have a remarks field. - Unique Asset Identifier Ensure each inventory item has a unique asset-id property. @@ -587,6 +600,11 @@

A FedRAMP SSP's inventory item MUST have an Asset ID that is unique across all inventory items in the system and its components.

+ + Component Has Implementation Point + + A FedRAMP SSP with service components and CLI software components performing cross-boundary network communication MUST indicate exactly one time if the point of implementation is internal or external to the system. +
- \ No newline at end of file + diff --git a/src/validations/constraints/unit-tests/component-responsible-role-references-party-FAIL.yaml b/src/validations/constraints/unit-tests/component-responsible-role-references-party-FAIL.yaml new file mode 100644 index 000000000..6411e2393 --- /dev/null +++ b/src/validations/constraints/unit-tests/component-responsible-role-references-party-FAIL.yaml @@ -0,0 +1,9 @@ +test-case: + name: Negative Test for component-has-provider-responsible-role + description: >- + This test case validates the behavior of constraint + component-has-provider-responsible-role + content: ../content/ssp-component-has-provider-responsible-role-INVALID.xml + expectations: + - constraint-id: component-has-provider-responsible-role + result: fail diff --git a/src/validations/constraints/unit-tests/component-responsible-role-references-party-PASS.yaml b/src/validations/constraints/unit-tests/component-responsible-role-references-party-PASS.yaml new file mode 100644 index 000000000..40990f9b8 --- /dev/null +++ b/src/validations/constraints/unit-tests/component-responsible-role-references-party-PASS.yaml @@ -0,0 +1,9 @@ +test-case: + name: Positive Test for component-has-provider-responsible-role + description: >- + This test case validates the behavior of constraint + component-has-provider-responsible-role + content: ../content/ssp-all-VALID.xml + expectations: + - constraint-id: component-has-provider-responsible-role + result: pass diff --git a/src/validations/constraints/unit-tests/leveraged-authorization-has-valid-impact-level-FAIL.yaml b/src/validations/constraints/unit-tests/leveraged-authorization-has-valid-impact-level-FAIL.yaml new file mode 100644 index 000000000..e627b71ee --- /dev/null +++ b/src/validations/constraints/unit-tests/leveraged-authorization-has-valid-impact-level-FAIL.yaml @@ -0,0 +1,9 @@ +test-case: + name: Negative Test for leveraged-authorization-has-valid-impact-level + description: >- + This test case validates the behavior of constraint + leveraged-authorization-matches-impact-level + content: ../content/ssp-leveraged-authorization-has-valid-impact-level-INVALID.xml + expectations: + - constraint-id: leveraged-authorization-has-valid-impact-level + result: fail diff --git a/src/validations/constraints/unit-tests/leveraged-authorization-has-valid-impact-level-PASS.yaml b/src/validations/constraints/unit-tests/leveraged-authorization-has-valid-impact-level-PASS.yaml new file mode 100644 index 000000000..4bedfcc9a --- /dev/null +++ b/src/validations/constraints/unit-tests/leveraged-authorization-has-valid-impact-level-PASS.yaml @@ -0,0 +1,12 @@ +test-case: + name: Positive Test for leveraged-authorization-has-valid-impact-level + description: >- + This test case validates the behavior of constraint leveraged-authorization-has-valid-impact-level. + Scenario 1: Security-sensitivity-level = 'fips-199-moderate' and leveraged-authorization impact-level = 'fips-199-moderate'. + Scenario 2: Security-sensitivity-level = 'fips-199-moderate' and leveraged-authorization impact-level = 'fips-199-high'. + content: + - ../content/ssp-all-VALID.xml + - ../content/ssp-leveraged-authorization-has-valid-impact-level-VALID.xml + expectations: + - constraint-id: leveraged-authorization-has-valid-impact-level + result: pass diff --git a/src/validations/constraints/unit-tests/network-component-has-implementation-point-FAIL.yaml b/src/validations/constraints/unit-tests/network-component-has-implementation-point-FAIL.yaml new file mode 100644 index 000000000..b14db64a5 --- /dev/null +++ b/src/validations/constraints/unit-tests/network-component-has-implementation-point-FAIL.yaml @@ -0,0 +1,13 @@ +test-case: + name: Negative Test for network-component-has-implementation-point + description: >- + This test case validates the behavior of constraint + network-component-has-implementation-point + content: + - ../content/ssp-network-component-has-implementation-point-INVALID.xml + - ../content/ssp-network-component-has-implementation-point-INVALID-2.xml + expectations: + - constraint-id: network-component-has-implementation-point + fail_count: + type: "exact" + value: 2 \ No newline at end of file diff --git a/src/validations/constraints/unit-tests/network-component-has-implementation-point-PASS.yaml b/src/validations/constraints/unit-tests/network-component-has-implementation-point-PASS.yaml new file mode 100644 index 000000000..414bd38cf --- /dev/null +++ b/src/validations/constraints/unit-tests/network-component-has-implementation-point-PASS.yaml @@ -0,0 +1,9 @@ +test-case: + name: Positive Test for network-component-has-implementation-point + description: >- + This test case validates the behavior of constraint + network-component-has-implementation-point + content: ../content/ssp-all-VALID.xml + expectations: + - constraint-id: network-component-has-implementation-point + result: pass diff --git a/src/validations/constraints/unit-tests/unique-inventory-item-asset-id-FAIL.yaml b/src/validations/constraints/unit-tests/unique-inventory-item-asset-id-FAIL.yaml index 806d1ad70..327c9789a 100644 --- a/src/validations/constraints/unit-tests/unique-inventory-item-asset-id-FAIL.yaml +++ b/src/validations/constraints/unit-tests/unique-inventory-item-asset-id-FAIL.yaml @@ -8,4 +8,4 @@ test-case: - constraint-id: unique-inventory-item-asset-id fail_count: type: "exact" - value: 1 \ No newline at end of file + value: 2 \ No newline at end of file diff --git a/src/validations/module.mk b/src/validations/module.mk index 96c289f4b..679c12500 100644 --- a/src/validations/module.mk +++ b/src/validations/module.mk @@ -1,6 +1,7 @@ # Variables OSCAL_VERSION = $(shell jq -r .dependencies.oscal package.json) OSCAL_CLI_VERSION = $(shell awk '/^oscal-cli/ {print $$2}' .tool-versions) +OSCAL_SERVER_VERSION = $(shell awk '/^oscal-server/ {print $$2}' .tool-versions) OSCAL_CLI = npx oscal@$(OSCAL_VERSION) SRC_DIR = ./src DIST_DIR = ./dist @@ -13,7 +14,7 @@ init-validations: @echo "Installing node modules..." npm install $(OSCAL_CLI) use $(OSCAL_CLI_VERSION) - $(OSCAL_CLI) server update + $(OSCAL_CLI) server update $(OSCAL_SERVER_VERSION) # Style lint .PHONY: lint-style