Skip to content

Commit

Permalink
Merge pull request #1492 from oscal-compass/develop
Browse files Browse the repository at this point in the history
chore: Trestle release
  • Loading branch information
AleJo2995 authored Jan 5, 2024
2 parents 409692b + 136b712 commit e6c42fa
Show file tree
Hide file tree
Showing 107 changed files with 30,688 additions and 26,939 deletions.
2 changes: 1 addition & 1 deletion .github/ISSUE_TEMPLATE/new_collaborator.md
Original file line number Diff line number Diff line change
Expand Up @@ -14,4 +14,4 @@ I would like collaborator (write) access to this repository.
- help make & test releases
- help promote the project

[contributing]: https://github.com/IBM/compliance-trestle/blob/main/CONTRIBUTING.md
[contributing]: https://github.com/oscal-compass/compliance-trestle/blob/main/CONTRIBUTING.md
2 changes: 1 addition & 1 deletion .github/workflows/python-push.yml
Original file line number Diff line number Diff line change
Expand Up @@ -95,7 +95,7 @@ jobs:

runs-on: ubuntu-latest
needs: build
if: github.ref == 'refs/heads/main' && github.repository == 'IBM/compliance-trestle'
if: github.ref == 'refs/heads/main' && github.repository == 'oscal-compass/compliance-trestle'
steps:
- uses: actions/checkout@v2
with:
Expand Down
2 changes: 2 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -49,3 +49,5 @@ site
tmp_bin_test
.mypy_cache

/venv.trestle/

20 changes: 10 additions & 10 deletions CONTRIBUTING.md
Original file line number Diff line number Diff line change
Expand Up @@ -3,36 +3,36 @@
Our project welcomes external contributions. If you have an itch, please feel
free to scratch it.

To contribute code or documentation, please submit a [pull request](https://github.com/IBM/compliance-trestle/pulls).
To contribute code or documentation, please submit a [pull request](https://github.com/oscal-compass/compliance-trestle/pulls).

A good way to familiarize yourself with the codebase and contribution process is
to look for and tackle low-hanging fruit in the [issue tracker](https://github.com/IBM/compliance-trestle/issues).
Before embarking on a more ambitious contribution, please quickly [get in touch](https://ibm.github.io/compliance-trestle/maintainers/) with us.
to look for and tackle low-hanging fruit in the [issue tracker](https://github.com/oscal-compass/compliance-trestle/issues).
Before embarking on a more ambitious contribution, please quickly [get in touch](https://oscal-compass.github.io/compliance-trestle/maintainers/) with us.

**Note: We appreciate your effort, and want to avoid a situation where a contribution
requires extensive rework (by you or by us), sits in backlog for a long time, or
cannot be accepted at all!**

We have also adopted [Contributor Covenant Code of Conduct](https://ibm.github.io/compliance-trestle/mkdocs_code_of_conduct/).
We have also adopted [Contributor Covenant Code of Conduct](https://oscal-compass.github.io/compliance-trestle/mkdocs_code_of_conduct/).

### Proposing new features

If you would like to implement a new feature, please [raise an issue](https://github.com/IBM/compliance-trestle/issues)
If you would like to implement a new feature, please [raise an issue](https://github.com/oscal-compass/compliance-trestle/issues)
labelled `enhancement` before sending a pull request so the feature can be discussed. This is to avoid
you wasting your valuable time working on a feature that the project developers
are not interested in accepting into the code base.

### Fixing bugs

If you would like to fix a bug, please [raise an issue](https://github.com/IBM/compliance-trestle/issues) labelled `bug` before sending a
If you would like to fix a bug, please [raise an issue](https://github.com/oscal-compass/compliance-trestle/issues) labelled `bug` before sending a
pull request so it can be tracked.

### Merge approval

The project maintainers use LGTM (Looks Good To Me) in comments on the code
review to indicate acceptance. A change requires LGTMs from one of the maintainers.

For a list of the maintainers, see the [maintainers](https://ibm.github.io/compliance-trestle/maintainers/) page.
For a list of the maintainers, see the [maintainers](https://oscal-compass.github.io/compliance-trestle/maintainers/) page.

### Trestle merging and release workflow

Expand Down Expand Up @@ -77,7 +77,7 @@ The devops process does not _strictly_ enforce typing, however, the expectation
commits with a focus on quality over quantity (e.g. don't add `Any` everywhere just to meet coverage requirements).
Python typing of functions is an active work in progress.

`mkbuild` is used to generate the [trestle documenation site](https://ibm.github.io/compliance-trestle). The `mkbuild`
`mkbuild` is used to generate the [trestle documenation site](https://oscal-compass.github.io/compliance-trestle). The `mkbuild`
website includes an API reference section generated from the code. Docstrings within the code are expected to follow
[google style docstrings](https://www.sphinx-doc.org/en/master/usage/extensions/example_google.html).

Expand Down Expand Up @@ -105,7 +105,7 @@ e.g.

We have tried to make it as easy as possible to make contributions. This
applies to how we handle the legal aspects of contribution. We use the
same approach - the [Developer's Certificate of Origin 1.1 (DCO)](https://ibm.github.io/compliance-trestle/contributing/DCO/) - that the Linux® Kernel [community](https://elinux.org/Developer_Certificate_Of_Origin)
same approach - the [Developer's Certificate of Origin 1.1 (DCO)](https://oscal-compass.github.io/compliance-trestle/contributing/DCO/) - that the Linux® Kernel [community](https://elinux.org/Developer_Certificate_Of_Origin)
uses to manage code contributions.

We simply ask that when submitting a patch for review, the developer
Expand Down Expand Up @@ -184,7 +184,7 @@ Both of these repositories are submodules in the trestle project. In order to de
### Code style and formating

`trestle` uses [yapf](https://github.com/google/yapf) for code formatting and [flake8](https://flake8.pycqa.org/en/latest/) for code styling. It also uses [pre-commit](https://pre-commit.com/) hooks that are integrated into the development process and the CI. When you run `make develop` you are ensuring that the pre-commit hooks are installed and updated to their latest versions for this repository. This ensures that all delivered code has been properly formatted
and passes the linter rules. See the [pre-commit configuration file](https://github.com/IBM/compliance-trestle/blob/develop/.pre-commit-config.yaml) for details on
and passes the linter rules. See the [pre-commit configuration file](https://github.com/oscal-compass/compliance-trestle/blob/develop/.pre-commit-config.yaml) for details on
`yapf` and `flake8` configurations.

Since `yapf` and `flake8` are installed as part of the `pre-commit` hooks, running `yapf` and `flake8`
Expand Down
35 changes: 28 additions & 7 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,17 @@
![[Code Coverage](https://sonarcloud.io/dashboard?id=compliance-trestle)](https://sonarcloud.io/api/project_badges/measure?project=compliance-trestle&metric=coverage)
![[Quality gate](https://sonarcloud.io/dashboard?id=compliance-trestle)](https://sonarcloud.io/api/project_badges/measure?project=compliance-trestle&metric=alert_status)
![[Pypi](https://pypi.org/project/compliance-trestle/)](https://img.shields.io/pypi/dm/compliance-trestle)
![GitHub Actions status](https://img.shields.io/github/workflow/status/IBM/compliance-trestle/Trestle%20PR%20pipeline?event=push)
![GitHub Actions status](https://img.shields.io/github/workflow/status/oscal-compass/compliance-trestle/Trestle%20PR%20pipeline?event=push)

______________________________________________________________________

<table>
<tr>
<td><img src="images/Apollo_11_liftoff.png">
<td> We've moved. Please note our new organizational location.
</table>

______________________________________________________________________

Trestle is an ensemble of tools that enable the creation, validation, and governance of documentation artifacts for compliance needs. It leverages NIST's [OSCAL](https://pages.nist.gov/OSCAL/documentation/) as a standard data format for interchange between tools and people, and provides an opinionated approach to OSCAL adoption.

Expand Down Expand Up @@ -62,7 +72,7 @@ By building human managed artifacts into OSCAL, Trestle is not only able to vali
OSCAL supports `xml`, `json` and `yaml` with their [metaschema](https://github.com/usnistgov/metaschema) tooling. Trestle
natively supports only `json` and `yaml` formats at this time.

Future roadmap anticipates that support for xml [import](https://github.com/IBM/compliance-trestle/issues/177) and [upstream references](https://github.com/IBM/compliance-trestle/issues/178) will be enabled. However, it is expected
Future roadmap anticipates that support for xml [import](https://github.com/oscal-compass/compliance-trestle/issues/177) and [upstream references](https://github.com/oscal-compass/compliance-trestle/issues/178) will be enabled. However, it is expected
that full support will remain only for `json` and `yaml`.

Users needing to import XML OSCAL artifacts are recommended to look at NIST's XML to json conversion page [here](https://github.com/usnistgov/OSCAL/tree/master/json#oscal-xml-to-json-converters).
Expand All @@ -71,15 +81,26 @@ Users needing to import XML OSCAL artifacts are recommended to look at NIST's XM

Trestle runs on almost all Python platforms (e.g. Linux, Mac, Windows), is available on PyPi and can be easily installed via pip. It is under active development and new releases are made available regularly.\
To install run: `pip install compliance-trestle`\
See [Install trestle in a python virtual environment](https://ibm.github.io/compliance-trestle/python_trestle_setup/) for the full installation guide.
See [Install trestle in a python virtual environment](https://oscal-compass.github.io/compliance-trestle/python_trestle_setup/) for the full installation guide.

## Complete documentation and tutorials

Complete documentation, tutorials, and background on compliance can be found [here](https://ibm.github.io/compliance-trestle).
Complete documentation, tutorials, and background on compliance can be found [here](https://oscal-compass.github.io/compliance-trestle).

## Agile Authoring

A trestle-based agile authoring repository setup tool, documentation and tutorial can be found [here](https://github.com/oscal-compass/compliance-trestle-agile-authoring).

Agile authoring comprises the following beneficial features:

- based on OSCAL documents behind-the-scenes
- employs GIT for document control and access
- exposes text (markdown) and spread sheets (csv) to ease management of compliance artifacts
- implements compliance digitization for improved audit readiness and cost effectiveness

## Demos

A collection of demos utilizing trestle can be found in the related project [compliance-trestle-demos](https://github.com/IBM/compliance-trestle-demos).
A collection of demos utilizing trestle can be found in the related project [compliance-trestle-demos](https://github.com/oscal-compass/compliance-trestle-demos).

## Development status

Expand Down Expand Up @@ -120,12 +141,12 @@ You can also dial 173.243.2.68 and enter your meeting number.

## Contributing to Trestle

Our project welcomes external contributions. Please consult [contributing](https://ibm.github.io/compliance-trestle/contributing/mkdocs_contributing/) to get started.
Our project welcomes external contributions. Please consult [contributing](https://oscal-compass.github.io/compliance-trestle/contributing/mkdocs_contributing/) to get started.

## License & Authors

If you would like to see the detailed LICENSE click [here](LICENSE).
Consult [contributors](https://github.com/IBM/compliance-trestle/graphs/contributors) for a list of authors and [maintainers](MAINTAINERS.md) for the core team.
Consult [contributors](https://github.com/oscal-compass/compliance-trestle/graphs/contributors) for a list of authors and [maintainers](MAINTAINERS.md) for the core team.

```text
# Copyright (c) 2020 IBM Corp. All rights reserved.
Expand Down
2 changes: 2 additions & 0 deletions docs/api_reference/trestle.core.crm.bycomp_interface.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
::: trestle.core.crm.bycomp_interface
handler: python
2 changes: 2 additions & 0 deletions docs/api_reference/trestle.core.crm.export_reader.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
::: trestle.core.crm.export_reader
handler: python
2 changes: 2 additions & 0 deletions docs/api_reference/trestle.core.crm.export_writer.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
::: trestle.core.crm.export_writer
handler: python
2 changes: 2 additions & 0 deletions docs/api_reference/trestle.core.crm.leveraged_statements.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
::: trestle.core.crm.leveraged_statements
handler: python
2 changes: 2 additions & 0 deletions docs/api_reference/trestle.core.crm.ssp_inheritance_api.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
::: trestle.core.crm.ssp_inheritance_api
handler: python
10 changes: 5 additions & 5 deletions docs/cli.md
Original file line number Diff line number Diff line change
Expand Up @@ -1325,7 +1325,7 @@ output-overwrite = true

org-name = International Business Machines
org-remarks = IBM
namespace = https://ibm.github.io/compliance-trestle/schemas/oscal/cd/ibm-cloud
namespace = https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd/ibm-cloud
property-name-to-class = goal_name_id:scc_goal_name_id, goal_version:scc_goal_version
catalog-url = https://github.com/usnistgov/oscal-content/blob/master/nist.gov/SP800-53/rev4/json/NIST_SP-800-53_rev4_catalog.json
catalog-title = NIST Special Publication 800-53 Revision 4
Expand All @@ -1345,15 +1345,15 @@ Example catalog-file:
Example spread-sheet-file:
</span>

[/home/user/compliance/data/spread-sheet/good.xlsx](https://github.com/IBM/compliance-trestle/tree/main/tests/data/spread-sheet/good.xlsx)
[/home/user/compliance/data/spread-sheet/good.xlsx](https://github.com/oscal-compass/compliance-trestle/tree/main/tests/data/spread-sheet/good.xlsx)

**output**

<span style="color:green">
Example component-definition.json:
</span>

[/home/user/compliance/data/tasks/xlsx/output/component-definition.json](https://github.com/IBM/compliance-trestle/tree/main/tests/data/tasks/xlsx/output/component-definition.json)
[/home/user/compliance/data/tasks/xlsx/output/component-definition.json](https://github.com/oscal-compass/compliance-trestle/tree/main/tests/data/tasks/xlsx/output/component-definition.json)

### spreadsheet to component definition mapping

Expand Down Expand Up @@ -1493,12 +1493,12 @@ profile-title = IBM Best Practices SCC GOALS
Example spread-sheet-file:
</span>

[/home/user/compliance/data/spread-sheet/good.xlsx](https://github.com/IBM/compliance-trestle/tree/main/tests/data/spread-sheet/good.xlsx)
[/home/user/compliance/data/spread-sheet/good.xlsx](https://github.com/oscal-compass/compliance-trestle/tree/main/tests/data/spread-sheet/good.xlsx)

**output**

<span style="color:green">
Example profile.json:
</span>

[/home/user/compliance/data/tasks/xlsx/output/profile.json](https://github.com/IBM/compliance-trestle/tree/main/tests/data/tasks/xlsx/output/profile.json)
[/home/user/compliance/data/tasks/xlsx/output/profile.json](https://github.com/oscal-compass/compliance-trestle/tree/main/tests/data/tasks/xlsx/output/profile.json)
2 changes: 1 addition & 1 deletion docs/contributing/plugins.md
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# Adding plugins to trestle

Trestle provides a mechanism for 3rd party providers to extend its command interface via a plugin architecture. All trestle plugins that conforms to this specification will be automatically discovered by trestle if installed, and their command(s) will be added to trestle sub-commands list. Below we describe this plugin mechanism with the help of an example plugin [`compliance-trestle-fedramp`](https://github.com/IBM/compliance-trestle-fedramp) that we created as a separate python project that can be installed via `pip`.
Trestle provides a mechanism for 3rd party providers to extend its command interface via a plugin architecture. All trestle plugins that conforms to this specification will be automatically discovered by trestle if installed, and their command(s) will be added to trestle sub-commands list. Below we describe this plugin mechanism with the help of an example plugin [`compliance-trestle-fedramp`](https://github.com/oscal-compass/compliance-trestle-fedramp) that we created as a separate python project that can be installed via `pip`.

## Create the trestle plugin proejct

Expand Down
6 changes: 3 additions & 3 deletions docs/contributing/trestle_oscal_object_model.md
Original file line number Diff line number Diff line change
Expand Up @@ -3,9 +3,9 @@
Trestle provides an object model for OSCAL to ease the development and validation of OSCAL objects that reside in the `trestle.oscal` module.
This functionality, which is built on [pydantic](https://pydantic-docs.helpmanual.io/) and [python data classes](https://docs.python.org/3/library/dataclasses.html), allows validation of the OSCAL schema and is leveraged to provide a variety of utility functions including:

- IO Support for yaml / json / python dict serialisation [see `OscalBaseModel` for trestle enhancements](https://github.com/IBM/compliance-trestle/blob/develop/trestle/core/base_model.py)
- The ability to generate pro-forma objects using [`trestle.core.generate::generate_sample_model`](https://github.com/IBM/compliance-trestle/blob/develop/trestle/core/generators.py)
- Integration into the flask api framework [(demo)](https://github.com/IBM/compliance-trestle-demos/tree/develop/trestle_flask_api)
- IO Support for yaml / json / python dict serialisation [see `OscalBaseModel` for trestle enhancements](https://github.com/oscal-compass/compliance-trestle/blob/develop/trestle/core/base_model.py)
- The ability to generate pro-forma objects using [`trestle.core.generate::generate_sample_model`](https://github.com/oscal-compass/compliance-trestle/blob/develop/trestle/core/generators.py)
- Integration into the flask api framework [(demo)](https://github.com/oscal-compass/compliance-trestle-demos/tree/develop/trestle_flask_api)

## Mapping and variance with OSCAL names.

Expand Down
2 changes: 1 addition & 1 deletion docs/contributing/website.md
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# Developing for the trestle documentation website

This page describes the developing for the trestle (website) which is deployed at https://ibm.github.io/compliance-trestle.
This page describes the developing for the trestle (website) which is deployed at https://oscal-compass.github.io/compliance-trestle.

## Documentation for use within the github project.

Expand Down
Loading

0 comments on commit e6c42fa

Please sign in to comment.