-
Notifications
You must be signed in to change notification settings - Fork 714
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #11286 from jpower432/add_vendor_dir
Adds an oscal directory and GitHub Actions workflow for upstream OSCAL content
- Loading branch information
Showing
9 changed files
with
395,804 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,65 @@ | ||
| name: Update vendored OSCAL content | ||
|
|
||
| on: | ||
| workflow_dispatch: | ||
| schedule: | ||
| # Run weekly at 05:00 on Sunday | ||
| - cron: "0 5 * * 0" | ||
| env: | ||
| NIST_REPO_REF: "690f517daaf3a6cbb4056d3cde6eae2756765620" | ||
| FEDRAMP_REPO_REF: "master" | ||
|
|
||
| jobs: | ||
| update-oscal: | ||
| name: Update content | ||
| runs-on: ubuntu-latest | ||
| permissions: | ||
| contents: write | ||
| pull-requests: write | ||
| strategy: | ||
| matrix: | ||
| variables: | ||
| - catalog-source: "https://raw.githubusercontent.com/usnistgov/oscal-content/${{env.NIST_REPO_REF}}/nist.gov/SP800-53/rev5/json/NIST_SP-800-53_rev5_catalog.json" | ||
| profile-source: "https://raw.githubusercontent.com/GSA/fedramp-automation/${{env.FEDRAMP_REPO_REF}}/dist/content/rev5/baselines/json/FedRAMP_rev5_HIGH-baseline_profile.json" | ||
| profile-name: "fedramp_rev5_high" | ||
| catalog-name: "nist_rev5_800_53" | ||
| - catalog-source: "https://raw.githubusercontent.com/usnistgov/oscal-content/${{env.NIST_REPO_REF}}/nist.gov/SP800-53/rev4/json/NIST_SP-800-53_rev4_catalog.json" | ||
| profile-source: "https://raw.githubusercontent.com/GSA/fedramp-automation/${{env.FEDRAMP_REPO_REF}}/dist/content/rev4/baselines/json/FedRAMP_rev4_HIGH-baseline_profile.json" | ||
| profile-name: "fedramp_rev4_high" | ||
| catalog-name: "nist_rev4_800_53" | ||
| steps: | ||
| - name: Checkout | ||
| uses: actions/checkout@v4 | ||
| - name: Install Python | ||
| uses: actions/setup-python@v4 | ||
| with: | ||
| python-version: '3.9' | ||
| - name: Install python deps | ||
| run: pip3 install requests compliance-trestle==2.4.0 | ||
| - name: Update catalogs | ||
| run: | | ||
| rm -rf "catalogs/${{ matrix.variables.catalog-name }}" | ||
| trestle import -f "${{ matrix.variables.catalog-source }}" -o "${{ matrix.variables.catalog-name }}" | ||
| working-directory: ./shared/references/oscal | ||
| - name: Update profiles | ||
| run: | | ||
| rm -rf "profiles/${{ matrix.variables.profile-name }}" | ||
| trestle import -f "${{ matrix.variables.profile-source }}" -o "${{ matrix.variables.profile-name }}" | ||
| trestle href --name "${{ matrix.variables.profile-name }}" -hr "trestle://catalogs/${{ matrix.variables.catalog-name }}/catalog.json" | ||
| working-directory: ./shared/references/oscal | ||
| - name: Update content | ||
| uses: peter-evans/[email protected] | ||
| with: | ||
| base: master | ||
| branch: "oscal-update-${{ github.run_id }}" | ||
| delete-branch: true | ||
| commit-message: "Update OSCAL content in shared/references/oscal" | ||
| title: "Update upstream OSCAL content from usnistogv and GSA" | ||
| body: | | ||
| Updates upstream OSCAL content | ||
| - usnistgov NIST 800-53 from "${{ matrix.variables.catalog-source }}" | ||
| - GSA FedRAMP OSCAL profiles from "${{ matrix.variables.profile-source }}" | ||
| Auto-generated by the [update-oscal](https://github.com/ComplianceAsCode/content/blob/master/.github/workflows/update-oscal.yml) workflow. | ||
| add-paths: | | ||
| shared/references/oscal/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Empty file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| # trestle config file |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,3 @@ | ||
| # OSCAL Content | ||
|
|
||
| This `oscal` directory contains a [compliance-trestle](https://ibm.github.io/compliance-trestle/) managed workspace to import upstream catalog and profile content into generated [OSCAL Component Definition](https://pages.nist.gov/OSCAL-Reference/models/v1.1.1/component-definition/json-outline/). |
Oops, something went wrong.