docs: introduce badging levels (#242)

Co-authored-by: Brandt Keller <[email protected]> Co-authored-by: Jon Schulman <[email protected]> Co-authored-by: Wayne Starr <[email protected]>
defenseunicorns · Oct 2, 2024 · 3e0fb5a · 3e0fb5a
1 parent 82e63be
commit 3e0fb5a
Show file tree

Hide file tree

Showing 8 changed files with 544 additions and 100 deletions.
diff --git a/README.md b/README.md
@@ -1,6 +1,6 @@
 # UDS Common
 
-This repository contains common configuration and tasks used in UDS Packages for management, setup, creation, deployment, and publishing of packages and bundles.  It is useful to help implement [UDS package practices](./docs/package_integration/uds-package-practices.md).
+This repository contains common configuration and tasks used in UDS Packages for management, setup, creation, deployment, and publishing of packages and bundles.  It also includes [UDS package practices](./docs/package_integration/uds-package-practices.md) defining requirements and standards to obtain the [<img alt="Made for UDS" src="docs/made-for-uds.svg" height="20px"/>](https://github.com/defenseunicorns/uds-core) Badges.
 
 ## Task Usage
 

diff --git a/docs/made-for-uds-bronze.svg b/docs/made-for-uds-bronze.svg
diff --git a/docs/made-for-uds-gold.svg b/docs/made-for-uds-gold.svg
diff --git a/docs/made-for-uds-silver.svg b/docs/made-for-uds-silver.svg
diff --git a/docs/package_integration/guide.md b/docs/package_integration/guide.md
@@ -5,7 +5,7 @@
 This guide is intended for developers integrating applications with UDS (Unicorn Delivery Service). It provides an overview of the integration process, key considerations, and resources to ensure a smooth integration.
 
 Integrating a Package fundamentally means:
-1. Creating a repository `uds-package-<name>`
+1. Creating a repository `uds-package-<name>` from [uds-package-template](https://github.com/defenseunicorns/uds-package-template)
 2. Integrating the upstream helm chart as a zarf package `zarf.yaml` to build a declarative OCI artifact
 3. Adding a UDS package Custom Resource `uds-package.yaml` to integrate with UDS Core via Pepr
 4. Build a 'zero CVE' package by replacing images with a `*-unicorn` flavored image
@@ -28,9 +28,9 @@ Integrating a Package fundamentally means:
 Before beginning the integration process, familiarize yourself with the following resources:
 
 1. [UDS Capabilities Documentation](https://uds.defenseunicorns.com/capabilities/): Provides information about UDS, UDS CLI, UDS Core, and UDS Bundles.
-2. [Zarf Documentation](https://docs.zarf.dev): Zarf is a tool for declarative creation & distribution of software.
+2. [Zarf Documentation](https://docs.zarf.dev): Zarf is a tool for declarative creation & distribution of software packages.
 3. [UDS Common Repository](https://github.com/defenseunicorns/uds-common): Contains information and best practices for UDS integration.
-4. [UDS Applications Tracker](https://coda.io/d/Product_dGmk3eNjmm8/Applications_sux6H#_luFRc): Lists many backlogged and completed applications for UDS integration.
+4. [UDS Applications Tracker](https://coda.io/d/Product_dGmk3eNjmm8/Applications_suCbOWqL#_lu8fEKSc): Lists many backlogged and completed applications for UDS integration.
 5. Briefly review [Pepr Documentation](https://docs.pepr.dev/): it may become useful when you begin integrating with UDS Core.
 
 ## Integration Checklist
@@ -68,4 +68,4 @@ Your repository has a `uds-package.yaml` manifest added to the appropriate helm
 For reference, consider these well-maintained UDS package examples:
 - [UDS Package GitLab](https://github.com/defenseunicorns/uds-package-gitlab) (More complex example)
 - [UDS Package Mattermost](https://github.com/defenseunicorns/uds-package-mattermost) (Simpler example)
-- [UDS Common NGINX](https://github.com/defenseunicorns/uds-common)
+- [UDS Common NGINX](https://github.com/defenseunicorns/uds-common)
diff --git a/docs/package_integration/oscal-guidelines.md b/docs/package_integration/oscal-guidelines.md
@@ -0,0 +1,23 @@
+# OSCAL: the Open Security Controls Assessment Language
+
+
+[OSCAL](https://pages.nist.gov/OSCAL/) is a set of standards for describing security and privacy controls for information systems. It is developed by the National Institute of Standards and Technology (NIST) and is intended to be used by organizations to automate the exchange of security and privacy control information.
+
+UDS Packages will include an `oscal-component.yaml` file that describes the security and privacy controls that the package implements. In combination with uds-core, this file will be used to accelerate Authorizations and contribute to control response and mapping. [Lula](https://github.com/defenseunicorns/lula) is here to help us!
+
+Gold packages will include a baseline set of [NIST 800-53 controls](https://csrc.nist.gov/pubs/sp/800/53/r5/upd1/final), specifically:
+- AC-6.9
+- AU-2
+- AU-3
+- AU-3.1
+- AU-8
+- AU-12
+- SC-13
+
+This command will generate an `oscal-component.yaml` file for a package that implements these controls. Once generated you can add specific responses to the controls.
+```
+lula generate component -c https://raw.githubusercontent.com/GSA/fedramp-automation/refs/tags/fedramp-2.0.0-oscal-1.0.4/dist/content/rev5/baselines/json/FedRAMP_rev5_MODERATE-baseline-resolved-profile_catalog.json --framework il4 --requirements ac-6.9,au-2,au-3,au-3.1,au-8,au-12,sc-13 --remarks assessment-objective -o oscal-component.yaml --component 'app-name'
+```
+
+> [!TIP]
+> The baseline controls are a starting point, you should explore additional controls relevant to your package.
diff --git a/docs/package_integration/testing-guidelines.md b/docs/package_integration/testing-guidelines.md
@@ -2,24 +2,23 @@
 
 ## Table of Contents
 
-1. [Introduction](#introduction)
-2. [Journey Testing](#journey-testing)
-   - [Definition](#definition)
-   - [Key Principles](#key-principles)
-   - [Implementation Guidelines](#implementation-guidelines)
-   - [Tools](#tools)
-3. [Upgrade Testing](#upgrade-testing)
-   - [Key Considerations](#key-considerations)
-4. [Linting and Static Analysis](#linting-and-static-analysis)
-   - [Recommended Tools](#recommended-tools)
-5. [Best Practices](#best-practices)
-6. [Best Practice Examples](#best-practice-examples)
-   - [Journey Tests](#journey-tests)
-   - [Upgrade Tests](#upgrade-tests-1)
-   - [Test Execution](#test-execution)
-7. [Consistency Across Packages](#consistency-across-packages)
-8. [Contribution and Maintenance](#contribution-and-maintenance)
-9. [Related Resources](#related-resources)
+- [Testing Guidelines for UDS Marketplace Apps](#testing-guidelines-for-uds-marketplace-apps)
+  - [Table of Contents](#table-of-contents)
+  - [Introduction](#introduction)
+  - [Journey Testing](#journey-testing)
+    - [**Definition**](#definition)
+    - [**Key Principles**](#key-principles)
+    - [**Implementation Guidelines**](#implementation-guidelines)
+    - [**Tools**](#tools)
+  - [Upgrade Testing](#upgrade-testing)
+    - [**Key Considerations**](#key-considerations)
+  - [Linting and Static Analysis](#linting-and-static-analysis)
+    - [**Recommended Tools**](#recommended-tools)
+  - [**Best Practices**](#best-practices)
+  - [**Best Practice Examples**](#best-practice-examples)
+  - [Consistency Across Packages](#consistency-across-packages)
+  - [Contribution and Maintenance](#contribution-and-maintenance)
+  - [Related Resources](#related-resources)
 
 ## Introduction
 
@@ -44,7 +43,7 @@ A **Journey** in the context of UDS package testing is defined as:
 - Handle limitations due to licensing or other constraints by documenting them and implementing what testing is possible.
 
 ### **Tools**
-- UI Testing: Playwright, Cypress
+- UI Testing: Playwright
 - Non-UI Testing: Jest
 - Custom Scripts: Bash or other scripting languages as needed