Merge pull request #1445 from IBM/develop

chore: Trestle release

docs/trestle_author.md

@@ -409,6 +409,61 @@ Running `trestle author docs validate -tn docs_task -gh="Governed section"` will
 - If `--template-version 1.0.0` (`-tv`) is passed the header field `x-trestle-template-version` will be ignored and document will be forcefully validated against template of version `1.0.0`.
   Use this for testing purposes _only_ when you need to validate the document against a specific template. By default the template version will be determined based on `x-trestle-template-version` in the document.
 
+### Validating the documents against different templates
+
+Validation against multiple templates as stated before can be done, but there is another scenario that you can leverage on trestle to have multiple documents in the task folder corresponding to a single template.
+
+For that to happen you will need to provide your template with the following parameter at the yaml header level, matching the type of template to be implemented so the validation can occur:
+
+> x-trestle-template-type: insert_template_type_here
+
+Please, take into consideration that for the validation to happen you will also need to provide each instance document in the task folder a field called `x-trestle-template-type: insert_template_type_here` in the yaml header matching with the template name.
+
+```yaml
+---
+authors: tmp
+owner: tmp
+valid:
+  from: null
+  to: null
+x-trestle-template-type: insert_template_type_here
+---
+```
+
+With that, you will be able to create more than 1 instance document per template and give the instance the desired name.
+
+For instance, let´s consider the next folder structure:
+
+```text
+trestle_root
+┣ .trestle
+┃ ┣ author
+┃ ┃ ┣ my_task_2
+┃ ┃ ┃ ┣ 0.0.1
+┃ ┃ ┃ ┃ ┣ a_template.md
+┃ ┃ ┃ ┃ ┣ another_template.md
+┃ ┃ ┃ ┃ ┗ arhitecture.drawio
+┃ ┗ config.ini
+
+trestle_root
+ ┣ .trestle
+ ┣ my_task_2
+ ┃ ┣ sample_folder_0
+ ┃ ┃ ┣ a_template_1.md
+ ┃ ┃ ┣ a_template_2.md
+ ┃ ┃ ┣ arhitecture_1.drawio
+ ┃ ┃ ┗ another_template_123.md
+
+```
+
+If you noticed, names are no longer needed to match with exact template names, and that´s because validation will run through `x-trestle-template-type` field defined at the instance header, not through the name.
+
+To validate the documents against their respective templates using `x-trestle-template-type`, run:
+
+> trestle author folders validate -tn my_task_name -vtt
+
+Now, `-vtt` stands for validate template type. Validate template type option will provide you the ability to have more than 1 instance per template validated.
+
 </details>
 
 <details markdown>

setup.cfg

@@ -77,7 +77,7 @@ dev =
     types-setuptools
     # # Docs website
     mkdocs
-    mkdocstrings[python-legacy]>=0.19.0
+    mkdocstrings[python-legacy]==0.19.0
     mkdocs-material
     markdown-include
     pymdown-extensions

tests/data/author/governed_folders/good_instance_with_template_type/architecture_test_1.md

@@ -0,0 +1,23 @@
+---
+authors:
+  - Tim
+  - Jane
+  - Sally
+owner: Joe
+valid:
+  from: 2020-01-01
+  to: 2099-12-31
+x-trestle-template-type: architecture
+---
+
+# System architecture
+
+Here is some content
+
+## Overview
+
+And some more
+
+## Security model
+
+And even more

tests/data/author/governed_folders/good_instance_with_template_type/architecture_test_2.md

@@ -0,0 +1,23 @@
+---
+authors:
+  - Tim
+  - Jane
+  - Sally
+owner: Joe
+valid:
+  from: 2020-01-01
+  to: 2099-12-31
+x-trestle-template-type: architecture
+---
+
+# System architecture
+
+Here is some content
+
+## Overview
+
+And some more
+
+## Security model
+
+And even more

tests/data/author/governed_folders/good_instance_with_template_type/network_test_1.md

@@ -0,0 +1,27 @@
+---
+authors:
+  - Tim
+  - Jane
+  - Sally
+owner: Joe
+valid:
+  from: 2020-01-01
+  to: 2099-12-31
+x-trestle-template-type: network
+---
+
+# Network architecture
+
+Lots of stuff about the network overall including some diagrams.
+
+## External interconnections
+
+Here I put a table which describes the connections beyond my audit boundary with 3rd parties.
+
+## Corporate interconnections
+
+Here I describe interconnections into corporate systems.
+
+## Out of scope interconnections
+
+Here I describe interconnections that are out of scope because they occur outside of the current audit boundary.

tests/data/author/governed_folders/good_instance_with_template_type/network_test_2.md

@@ -0,0 +1,27 @@
+---
+authors:
+  - Tim
+  - Jane
+  - Sally
+owner: Joe
+valid:
+  from: 2020-01-01
+  to: 2099-12-31
+x-trestle-template-type: network
+---
+
+# Network architecture
+
+Lots of stuff about the network overall including some diagrams.
+
+## External interconnections
+
+Here I put a table which describes the connections beyond my audit boundary with 3rd parties.
+
+## Corporate interconnections
+
+Here I describe interconnections into corporate systems.
+
+## Out of scope interconnections
+
+Here I describe interconnections that are out of scope because they occur outside of the current audit boundary.

tests/data/author/governed_folders/good_instance_without_template_type/architecture_test_1.md

@@ -0,0 +1,22 @@
+---
+authors:
+  - Tim
+  - Jane
+  - Sally
+owner: Joe
+valid:
+  from: 2020-01-01
+  to: 2099-12-31
+---
+
+# System architecture
+
+Here is some content
+
+## Overview
+
+And some more
+
+## Security model
+
+And even more

tests/data/author/governed_folders/good_instance_without_template_type/architecture_test_2.md

@@ -0,0 +1,22 @@
+---
+authors:
+  - Tim
+  - Jane
+  - Sally
+owner: Joe
+valid:
+  from: 2020-01-01
+  to: 2099-12-31
+---
+
+# System architecture
+
+Here is some content
+
+## Overview
+
+And some more
+
+## Security model
+
+And even more

tests/data/author/governed_folders/good_instance_without_template_type/network_test_1.md

@@ -0,0 +1,26 @@
+---
+authors:
+  - Tim
+  - Jane
+  - Sally
+owner: Joe
+valid:
+  from: 2020-01-01
+  to: 2099-12-31
+---
+
+# Network architecture
+
+Lots of stuff about the network overall including some diagrams.
+
+## External interconnections
+
+Here I put a table which describes the connections beyond my audit boundary with 3rd parties.
+
+## Corporate interconnections
+
+Here I describe interconnections into corporate systems.
+
+## Out of scope interconnections
+
+Here I describe interconnections that are out of scope because they occur outside of the current audit boundary.

tests/data/author/governed_folders/good_instance_without_template_type/network_test_2.md

@@ -0,0 +1,26 @@
+---
+authors:
+  - Tim
+  - Jane
+  - Sally
+owner: Joe
+valid:
+  from: 2020-01-01
+  to: 2099-12-31
+---
+
+# Network architecture
+
+Lots of stuff about the network overall including some diagrams.
+
+## External interconnections
+
+Here I put a table which describes the connections beyond my audit boundary with 3rd parties.
+
+## Corporate interconnections
+
+Here I describe interconnections into corporate systems.
+
+## Out of scope interconnections
+
+Here I describe interconnections that are out of scope because they occur outside of the current audit boundary.

tests/data/author/governed_folders/instance_with_diff_heading_levels/architecture.md

@@ -0,0 +1,59 @@
+---
+authors:
+  - Tim
+  - Jane
+  - Sally
+owner: Joe
+valid:
+  from: 2020-01-01
+  to: 2099-12-31
+---
+
+# Vulnerability Management (VULN) Defect Checks
+## 0. Vulnerability Management Workflow
+### 0.1 Data Sources
+### 0.2 Fetchers
+### 0.3 Data Store
+### 0.4 Policy Engine
+### 0.5 Ticketing System
+## 1. Facts Data Model
+### 1.1 Devices
+#### Server
+#### KubernetesCluster
+#### ContainerImage
+### 1.2 Vulnerabilities
+#### ResourceScan
+#### ResourceScanFinding
+#### ResourceScanResult
+### 1.3 Thresholds
+#### CISOOverride
+#### CISAKEV
+### 1.4 Risks
+#### VulnDeviations
+### 1.5 Scanner Definition
+#### ScannerConfiguration
+## 2. Defect Checks
+### Sub-capability: Reduce Software/ Firmware Vulnerabilities
+#### Vulnerable Software/ Firmware
+##### Purpose
+##### Assessment Criteria
+###### Inputs
+###### Rules
+####### vuln_prod_os_scan_duedate_check
+######## Type
+######## Rationale Statement
+######## Impact Statement
+######## Implementation Description
+######## Audit Procedure(s)
+######## Remediation Procedure(s)
+######## Parameters
+####### vuln_prod_os_scan_warning_duedate_check_warning
+######## Type
+######## Rationale Statement
+######## Impact Statement
+######## Implementation Description
+######## Audit Procedure(s)
+######## Remediation Procedure(s)
+######## Parameters
+###### Additional Outputs
+##### Assessment Objectives

tests/data/author/governed_folders/template_folder_headling_levels/architecture.md

@@ -0,0 +1,30 @@
+---
+authors:
+  - Tim
+  - Jane
+  - Sally
+owner: Joe
+valid:
+  from: 2020-01-01
+  to: 2099-12-31
+---
+
+# { Security Capability Name } Defect Checks
+## 1. Facts Data Model
+### Sub-Capability: { _insert name of subcapability_}
+## 2. Defect Checks
+### Sub-capability: { _insert sub-capability name_}
+#### { _insert defect check name_}
+##### Assessment Criteria
+###### Inputs
+###### Rules
+####### { Rule Name}
+######## Type
+######## Rationale Statement
+######## Impact Statement
+######## Implementation Description
+######## Audit Procedure(s)
+######## Remediation Procedure(s)
+######## Parameters
+###### Additional Outputs
+##### Assessment Objectives