Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

docs: introduce badging levels #242

Merged
merged 17 commits into from
Oct 2, 2024
Merged
Show file tree
Hide file tree
Changes from 15 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# UDS Common

This repository contains common configuration and tasks used in UDS Packages for management, setup, creation, deployment, and publishing of packages and bundles. It is useful to help implement [UDS package practices](./docs/package_integration/uds-package-practices.md).
This repository contains common configuration and tasks used in UDS Packages for management, setup, creation, deployment, and publishing of packages and bundles. It also includes [UDS package practices](./docs/package_integration/uds-package-practices.md) defining requirements and standards to obtain the [<img alt="Made for UDS" src="docs/made-for-uds.svg" height="20px"/>](https://github.com/defenseunicorns/uds-core) Badges.

## Task Usage

Expand Down
142 changes: 142 additions & 0 deletions docs/made-for-uds-bronze.svg
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
142 changes: 142 additions & 0 deletions docs/made-for-uds-gold.svg
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
142 changes: 142 additions & 0 deletions docs/made-for-uds-silver.svg
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
8 changes: 4 additions & 4 deletions docs/package_integration/guide.md
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
This guide is intended for developers integrating applications with UDS (Unicorn Delivery Service). It provides an overview of the integration process, key considerations, and resources to ensure a smooth integration.

Integrating a Package fundamentally means:
1. Creating a repository `uds-package-<name>`
1. Creating a repository `uds-package-<name>` from [uds-package-template](https://github.com/defenseunicorns/uds-package-template)
andrewg-xyz marked this conversation as resolved.
Show resolved Hide resolved
2. Integrating the upstream helm chart as a zarf package `zarf.yaml` to build a declarative OCI artifact
3. Adding a UDS package Custom Resource `uds-package.yaml` to integrate with UDS Core via Pepr
4. Build a 'zero CVE' package by replacing images with a `*-unicorn` flavored image
Expand All @@ -28,9 +28,9 @@ Integrating a Package fundamentally means:
Before beginning the integration process, familiarize yourself with the following resources:

1. [UDS Capabilities Documentation](https://uds.defenseunicorns.com/capabilities/): Provides information about UDS, UDS CLI, UDS Core, and UDS Bundles.
2. [Zarf Documentation](https://docs.zarf.dev): Zarf is a tool for declarative creation & distribution of software.
2. [Zarf Documentation](https://docs.zarf.dev): Zarf is a tool for declarative creation & distribution of software packages.
3. [UDS Common Repository](https://github.com/defenseunicorns/uds-common): Contains information and best practices for UDS integration.
4. [UDS Applications Tracker](https://coda.io/d/Product_dGmk3eNjmm8/Applications_sux6H#_luFRc): Lists many backlogged and completed applications for UDS integration.
4. [UDS Applications Tracker](https://coda.io/d/Product_dGmk3eNjmm8/Applications_suCbOWqL#_lu8fEKSc): Lists many backlogged and completed applications for UDS integration.
5. Briefly review [Pepr Documentation](https://docs.pepr.dev/): it may become useful when you begin integrating with UDS Core.

## Integration Checklist
Expand Down Expand Up @@ -68,4 +68,4 @@ Your repository has a `uds-package.yaml` manifest added to the appropriate helm
For reference, consider these well-maintained UDS package examples:
- [UDS Package GitLab](https://github.com/defenseunicorns/uds-package-gitlab) (More complex example)
- [UDS Package Mattermost](https://github.com/defenseunicorns/uds-package-mattermost) (Simpler example)
- [UDS Common NGINX](https://github.com/defenseunicorns/uds-common)
- [UDS Common NGINX](https://github.com/defenseunicorns/uds-common)
23 changes: 23 additions & 0 deletions docs/package_integration/oscal-guidelines.md
brandtkeller marked this conversation as resolved.
Show resolved Hide resolved
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
# OSCAL: the Open Security Controls Assessment Language


[OSCAL](https://pages.nist.gov/OSCAL/) is a set of standards for describing security and privacy controls for information systems. It is developed by the National Institute of Standards and Technology (NIST) and is intended to be used by organizations to automate the exchange of security and privacy control information.

UDS Packages will include an `oscal-component.yaml` file that describes the security and privacy controls that the package implements. In combination with uds-core, this file will be used to accelerate Authorizations and contribute to control response and mapping. [Lula](https://github.com/defenseunicorns/lula) is here to help us!

Gold packages will include a baseline set of [NIST 800-53 controls](https://csrc.nist.gov/pubs/sp/800/53/r5/upd1/final), specifically:
- AC-6.9
- AU-2
- AU-3
- AU-3.1
- AU-8
- AU-12
- SC-13

This command will generate an `oscal-component.yaml` file for a package that implements these controls. Once generated you can add specific responses to the controls.
```
lula generate component -c https://raw.githubusercontent.com/GSA/fedramp-automation/refs/tags/fedramp-2.0.0-oscal-1.0.4/dist/content/rev5/baselines/json/FedRAMP_rev5_MODERATE-baseline-resolved-profile_catalog.json --framework il4 --requirements ac-6.9,au-2,au-3,au-3.1,au-8,au-12,sc-13 --remarks assessment-objective -o oscal-component.yaml --component 'app-name'
```

> [!TIP]
> The baseline controls are a starting point, you should explore additional controls relevant to your package.
Loading