Converting a json output file from a look like snyk to trestle

[lldavidsamuel]

Im able to see conversion transformation for csv/profile/tanium files to OSCAL, however is there an option to convert a json output from tools like Snyk or Qualys into OSCAL ?

[degenaro]

No, not yet anyway. I'm personally unfamiliar with the tools you mention.

There is a tutorial here https://github.com/IBM/compliance-trestle/blob/develop/docs/tutorials/task.transformer-construction/transformer-construction.md on how to build a transformer to convert non-OSCAL results into OSCAL AR. One could imagine that if these tools are popular, the owners themselves would want to make OSCAL AR available by either providing such a transformer or doing the transformation using same when providing results.

If the tools themselves are reluctant to provide OSCAL or OSCAL tools, one option would be to establish a repo (based on trestle) that comprises transformers for said results. Another avenue would be to author and contribute a transformer(s) to trestle, if others would benefit.