feat(templates): add support for a templates directory #308
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -5,6 +5,7 @@ yaml-files: | |
| ignore: | ||
| - src/nginx/ | ||
| - chart/templates/ | ||
| - templates/ | ||
|
|
||
| rules: | ||
| anchors: enable | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,93 @@ | ||
| # Copyright 2024 Defense Unicorns | ||
| # SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial | ||
|
|
||
| component-definition: | ||
| components: | ||
| - control-implementations: | ||
| - description: Control Implementation Description | ||
| implemented-requirements: | ||
| - control-id: ac-6.9 | ||
| description: <how the specified control may be implemented if the containing component or capability is instantiated in a system security plan> | ||
| remarks: |- | ||
| ASSESSMENT-OBJECTIVE: | ||
| the execution of privileged functions is logged. | ||
| uuid: {{ uuid }} | ||
| - control-id: au-12 | ||
| description: <how the specified control may be implemented if the containing component or capability is instantiated in a system security plan> | ||
| remarks: | | ||
| ASSESSMENT-OBJECTIVE: | ||
| AU-12a. audit record generation capability for the event types the system is capable of auditing (defined in AU-02_ODP[01]) is provided by [Assignment: organization-defined system components]; | ||
| AU-12b. [Assignment: organization-defined personnel or roles] is/are allowed to select the event types that are to be logged by specific components of the system; | ||
| AU-12c. audit records for the event types defined in AU-02_ODP[02] that include the audit record content defined in AU-03 are generated. | ||
| uuid: {{ uuid }} | ||
|
Comment on lines
+9
to
+22
There was a problem hiding this comment. do we want to make these controls a set we expect most apps to answer if they say met the silver standard and integrated with Istio/Prometheus/Loki? |
||
| - control-id: au-2 | ||
| description: <how the specified control may be implemented if the containing component or capability is instantiated in a system security plan> | ||
| remarks: | | ||
| ASSESSMENT-OBJECTIVE: | ||
| AU-02a. [Assignment: organization-defined event types] that the system is capable of logging are identified in support of the audit logging function; | ||
| AU-02b. the event logging function is coordinated with other organizational entities requiring audit-related information to guide and inform the selection criteria for events to be logged; | ||
| AU-02c. | ||
| AU-02c.[01] [Assignment: organization-defined event types (subset of AU-02_ODP[01])] are specified for logging within the system; | ||
| AU-02c.[02] the specified event types are logged within the system [Assignment: organization-defined frequency or situation]; | ||
| AU-02d. a rationale is provided for why the event types selected for logging are deemed to be adequate to support after-the-fact investigations of incidents; | ||
| AU-02e. the event types selected for logging are reviewed and updated [Assignment: organization-defined frequency]. | ||
| uuid: {{ uuid }} | ||
| - control-id: au-3 | ||
| description: <how the specified control may be implemented if the containing component or capability is instantiated in a system security plan> | ||
| remarks: | | ||
| ASSESSMENT-OBJECTIVE: | ||
| AU-03a. audit records contain information that establishes what type of event occurred; | ||
| AU-03b. audit records contain information that establishes when the event occurred; | ||
| AU-03c. audit records contain information that establishes where the event occurred; | ||
| AU-03d. audit records contain information that establishes the source of the event; | ||
| AU-03e. audit records contain information that establishes the outcome of the event; | ||
| AU-03f. audit records contain information that establishes the identity of any individuals, subjects, or objects/entities associated with the event. | ||
| uuid: {{ uuid }} | ||
| - control-id: au-3.1 | ||
| description: <how the specified control may be implemented if the containing component or capability is instantiated in a system security plan> | ||
| remarks: |- | ||
| ASSESSMENT-OBJECTIVE: | ||
| generated audit records contain the following [Assignment: organization-defined additional information]. | ||
| uuid: {{ uuid }} | ||
| - control-id: au-8 | ||
| description: <how the specified control may be implemented if the containing component or capability is instantiated in a system security plan> | ||
| remarks: | | ||
| ASSESSMENT-OBJECTIVE: | ||
| AU-08a. internal system clocks are used to generate timestamps for audit records; | ||
| AU-08b. timestamps are recorded for audit records that meet [Assignment: organization-defined granularity of time measurement] and that use Coordinated Universal Time, have a fixed local time offset from Coordinated Universal Time, or include the local time offset as part of the timestamp. | ||
| uuid: {{ uuid }} | ||
| - control-id: sc-13 | ||
| description: <how the specified control may be implemented if the containing component or capability is instantiated in a system security plan> | ||
| remarks: | | ||
| ASSESSMENT-OBJECTIVE: | ||
| SC-13a. [Assignment: organization-defined cryptographic uses] are identified; | ||
| SC-13b. [Assignment: organization-defined types of cryptography] for each specified cryptographic use (defined in SC-13_ODP[01]) are implemented. | ||
| uuid: {{ uuid }} | ||
| props: | ||
| - name: generation | ||
| ns: https://docs.lula.dev/oscal/ns | ||
| value: lula generate component --catalog-source https://raw.githubusercontent.com/GSA/fedramp-automation/refs/tags/fedramp-2.0.0-oscal-1.0.4/dist/content/rev5/baselines/json/FedRAMP_rev5_MODERATE-baseline-resolved-profile_catalog.json --component '{{ .const.component.title }}' --requirements ac-6.9,au-2,au-3,au-3.1,au-8,au-12,sc-13 --remarks assessment-objective --framework il4 | ||
| - name: framework | ||
| ns: https://docs.lula.dev/oscal/ns | ||
| value: il4 | ||
| source: https://raw.githubusercontent.com/GSA/fedramp-automation/refs/tags/fedramp-2.0.0-oscal-1.0.4/dist/content/rev5/baselines/json/FedRAMP_rev5_MODERATE-baseline-resolved-profile_catalog.json | ||
| uuid: cfc9d077-62f0-51d8-a1c6-a733c70ef24e | ||
| description: {{ .const.component.description }} | ||
| title: {{ .const.component.title }} | ||
| type: software | ||
| uuid: {{ uuid }} | ||
| metadata: | ||
| last-modified: {{ timestamp }} | ||
| oscal-version: 1.1.2 | ||
| parties: | ||
| - links: | ||
| - href: https://defenseunicorns.com/ | ||
| rel: website | ||
| name: Defense Unicorns | ||
| type: organization | ||
| uuid: bf31d461-82af-529a-8bdf-09aa488e5b7e | ||
| published: {{ timestamp }} | ||
| remarks: Lula Generated Component Definition | ||
| title: {{ .const.component.title }} | ||
| version: 0.0.1 | ||
| uuid: {{ uuid }} | ||
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
can we rename to oscal-somponent.yaml in case there are other "component" related things in here?