introduce oscal cli validation and remove legacy example projects #601
Conversation
…atibility breaking changes introduced in the 1.2.1 oscal content release. This approach uses a local catalog that contains these fixes.
Co-authored-by: Rene Tshiteya <[email protected]>
…ersion Local version of SP800-53rev5.1.1 that contains the correct labels
Adding the March 7 Data Bites presentation
Add files via upload
Uploading April's Data Bites presentation
Uploading the most recent Data Bites presentation
Add files via upload
introduce oscal-cli validation + remove non-functional examples
| # Controls when the action will run. Triggers the workflow on push or pull request | ||
| # events but only for the master branch | ||
| on: | ||
| workflow_dispatch: |
There was a problem hiding this comment.
This should be setup to run on pull requests.
There was a problem hiding this comment.
updated to run on pull requests
src/validations/module.mk
Outdated
| .PHONY: validate-xml-by-cli | ||
| validate-xml-by-cli: $(OSCAL_CLI_PATH) ## Validate XML files by directory using OSCAL CLI Tool | ||
| @find $(SRC_DIR)/content/*/baselines -mindepth 1 -maxdepth 1 -type d | while read example_dir; do \ | ||
| find "$$example_dir" -name '*.xml' | while read xml_file; do \ | ||
| example_type=$$(echo "$$(basename $$xml_file)" | awk -F'[_.]' '{print $$(NF-1)}'); \ | ||
| echo "Processing content type: $$example_type"; \ | ||
| echo "Validating $$xml_file with OSCAL CLI as $$example_type"; \ | ||
| $(OSCAL_CLI_PATH)/bin/oscal-cli "$$example_type" validate "$$xml_file"; \ |
There was a problem hiding this comment.
OSCAL CLI can be used to validate JSON and YAML content as well. Should this be extended to support validating all file types?
There was a problem hiding this comment.
added support for the other types from the dist folder but there are ALOT of errors, i think we should fix those errors and then introduce them. i have them commented out for now, but accessable from the makefile
There was a problem hiding this comment.
Are the errors comming from the oscal-cli? If so, a newer build will likely fix them. If you want, we can schedule some time on Friday to work through these.
There was a problem hiding this comment.
the errors are coming from non-compliant constraints in the content, yes lets spend some time today to work through them
| - name: Run OSCAL CLI Validation | ||
| run: | | ||
| make validate-xml-by-cli |
There was a problem hiding this comment.
Should the setup-java action be used to bootstrap a Java runtime?
There was a problem hiding this comment.
yes, the latest commit i just tested using a local version and I was able to grab it with the dirname command
There was a problem hiding this comment.
Hello, FedRAMP friends, helpful community member here. 👋
I am not sure this would help and if you want to duplicate or find a way to modularize the logic with a Makefile approach and GHA approach, but I had created oscal-cli-action for the latter for this very kind of use case. I have not done much with it due to limited community feedback, but PRs welcome. I am no sure I handle the "check for local install at path and if found just run approach," but I am more than happy to integrate that. You could probably do that with some changes to that action, and I am more than willing to accommodate with issues and PRs. Let me know.
Ensure this works to consider tentative new work per comment in GSA/fedramp-automation#601 (review).
|
Following up on #601 (review), I added oscal-club/oscal-cli-action#10 to make how to run shell commands work, it is already supported. Let me know if you have other questions or interest in pivoting to the use of the oscal-cli action. |
…atibility breaking changes introduced in the 1.2.1 oscal content release. This approach uses a local catalog that contains these fixes.
Co-authored-by: Rene Tshiteya <[email protected]>
Adding the March 7 Data Bites presentation
Uploading April's Data Bites presentation
Uploading the most recent Data Bites presentation
Co-authored-by: David Waltermire <[email protected]>
…ts for use with OSCAL-cli.
…dmagic/fedramp-automation into feature/oscal-cli-validation
Committer Notes
{Please provide a description of what this PR accomplishes. Be sure to reference any issues addressed. If the PR is a work-in-progress submitted for early review, please submit the PR as a draft PR using the "Draft pull request" dropdown.}
All Submissions:
By submitting a pull request, you are agreeing to provide this contribution under the CC0 1.0 Universal public domain dedication.