Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: pull lula main for threshold update #638

Merged
merged 13 commits into from
Aug 19, 2024
4 changes: 2 additions & 2 deletions .github/actions/setup/action.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -36,10 +36,10 @@ runs:
run: brew install defenseunicorns/tap/[email protected]

- name: Install Lula
uses: defenseunicorns/lula-action/setup@939e0a3d3a5f72321245a040207152dced5238f2
uses: defenseunicorns/lula-action/setup@badad8c4b1570095f57e66ffd62664847698a3b9 # v0.0.1
with:
# renovate: datasource=github-tags depName=defenseunicorns/lula versioning=semver-coerced
version: v0.4.4
version: v0.5.0

- name: Iron Bank Login
if: ${{ inputs.registry1Username != '' }}
Expand Down
2,613 changes: 2,060 additions & 553 deletions compliance/oscal-assessment-results.yaml

Large diffs are not rendered by default.

7 changes: 5 additions & 2 deletions src/grafana/oscal-component.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ component-definition:
title: Grafana
last-modified: "2024-01-18T16:36:58Z"
version: "20240118"
oscal-version: 1.1.1
oscal-version: 1.1.2
parties:
- uuid: f3cf70f8-ba44-4e55-9ea3-389ef24847d3
type: organization
Expand Down Expand Up @@ -228,7 +228,10 @@ component-definition:
# Control Implementation
Compatible metrics endpoints emitted from each application is compiled by Prometheus and displayed through Grafana with associated timestamps
of when the data was collected.

props:
- name: framework
ns: https://docs.lula.dev/ns
value: il4
back-matter:
resources:
- uuid: d429396c-1dab-4712-9034-607c90a63b8a
Expand Down
182 changes: 93 additions & 89 deletions src/istio/oscal-component.yaml

Large diffs are not rendered by default.

7 changes: 5 additions & 2 deletions src/loki/oscal-component.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ component-definition:
title: Loki Component
last-modified: "2024-01-18T20:36:22Z"
version: "20240118"
oscal-version: 1.1.1
oscal-version: 1.1.2
parties:
- uuid: f3cf70f8-ba44-4e55-9ea3-389ef24847d3
type: organization
Expand Down Expand Up @@ -187,7 +187,10 @@ component-definition:
Provides time-series event compilation capabilities.

remarks: This control is fully implemented by this tool.

props:
- name: framework
ns: https://docs.lula.dev/ns
value: il4
back-matter:
resources:
- uuid: b989384f-54c9-4bb9-8cbd-ae993f8f6e0b
Expand Down
7 changes: 5 additions & 2 deletions src/neuvector/oscal-component.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ component-definition:
title: NeuVector
last-modified: "2024-01-30T17:01:30Z"
version: "20240130"
oscal-version: 1.1.1
oscal-version: 1.1.2
parties:
- uuid: f3cf70f8-ba44-4e55-9ea3-389ef24847d3
type: organization
Expand Down Expand Up @@ -415,7 +415,10 @@ component-definition:
NeuVector correlates configuration data and network traffic for error tracking to provide context around misconfigurations and threats in the form of actionable alerts.

remarks: This control is fully implemented by this tool.

props:
- name: framework
ns: https://docs.lula.dev/ns
value: il4
back-matter:
resources:
- uuid: 6ba32bca-c4e2-4f27-a99c-e5ba8251ac61
Expand Down
7 changes: 5 additions & 2 deletions src/prometheus-stack/oscal-component.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ component-definition:
title: Prometheus Stack
last-modified: "2024-01-31T14:39:33Z"
version: "20240131"
oscal-version: 1.1.1
oscal-version: 1.1.2
parties:
- uuid: f3cf70f8-ba44-4e55-9ea3-389ef24847d3
type: organization
Expand Down Expand Up @@ -233,7 +233,10 @@ component-definition:
of when the data was collected

remarks: This control is fully implemented by this tool.

props:
- name: framework
ns: https://docs.lula.dev/ns
value: il4
back-matter:
resources:
- uuid: ff397816-6126-4b2c-938b-e7d202003def
Expand Down
7 changes: 5 additions & 2 deletions src/promtail/oscal-component.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ component-definition:
title: Promtail
last-modified: "2024-01-31T16:44:35Z"
version: "20240132"
oscal-version: 1.1.1
oscal-version: 1.1.2
parties:
- uuid: f3cf70f8-ba44-4e55-9ea3-389ef24847d3
type: organization
Expand Down Expand Up @@ -115,7 +115,10 @@ component-definition:
- href: "#9bfc68e0-381a-4006-9f68-c293e3b20cee"
rel: reference
text: Lula Validation

props:
- name: framework
ns: https://docs.lula.dev/ns
value: il4
back-matter:
resources:
- uuid: D552C935-E40C-4A03-B5CC-4605EBD95B6D
Expand Down
75 changes: 39 additions & 36 deletions src/velero/oscal-component.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,9 @@ component-definition:
uuid: D73CF4E6-D893-4BDE-A195-C4DE782DF63B
metadata:
title: Velero Component
last-modified: '2022-04-08T12:00:00Z'
last-modified: "2022-04-08T12:00:00Z"
version: "20220408"
oscal-version: 1.1.1
oscal-version: 1.1.2
parties:
# Should be consistent across all of the packages, but where is ground truth?
- uuid: 72134592-08C2-4A77-8BAD-C880F109367A
Expand All @@ -26,87 +26,90 @@ component-definition:
- 72134592-08C2-4A77-8BAD-C880F109367A # matches parties entry for p1
control-implementations:
- uuid: 5108E5FC-C45F-477B-8542-9C5611A92485
source: https://raw.githubusercontent.com/usnistgov/oscal-content/master/nist.gov/SP800-53/rev5/json/NIST_SP-800-53_rev5_catalog.json
description:
Controls implemented by velero for inheritance by applications
source: https://raw.githubusercontent.com/GSA/fedramp-automation/93ca0e20ff5e54fc04140613476fba80f08e3c7d/dist/content/rev5/baselines/json/FedRAMP_rev5_HIGH-baseline-resolved-profile_catalog.json
description: Controls implemented by velero for inheritance by applications
implemented-requirements:
- uuid: 2ADA7512-E0D5-4CAE-81BC-C889C640AF93
control-id: cp-6
description: >-
Velero can take backups of your application configuration/data and store them off-site in either an approved cloud environment or on-premise location.
Velero can take backups of your application configuration/data and store them off-site in either an approved cloud environment or on-premise location.
- uuid: 6C3339A0-9636-4E35-8FA8-731CF900B326
control-id: "cp-6.1"
description: >-
Velero can take backups of your application configuration/data and store them off-site in either an approved cloud environment or on-premise location.
Velero can take backups of your application configuration/data and store them off-site in either an approved cloud environment or on-premise location.
- uuid: 2799CCBF-C48D-4451-85BA-EBD9B949C361
control-id: cp-6.2
description: >-
Velero can restore application configuration/data from an approved cloud provider or on-premise location on-demand.
Velero can restore application configuration/data from an approved cloud provider or on-premise location on-demand.
- uuid: 0AE59B43-50A7-4420-881B-E0635CCB8424
control-id: cp-6.3
description: >-
Velero supports back-ups to multiple cloud environments (including geo-separated locations for high availibility) and on-premise environments in the event of an accessibility disruptions.
Velero supports back-ups to multiple cloud environments (including geo-separated locations for high availibility) and on-premise environments in the event of an accessibility disruptions.
- uuid: B11B38B8-8744-4DFD-8C1A-4A4EDD7F9574
control-id: cp-7
description: >-
Velero can restore application configuration/data from an approved cloud provider or on-premise location to an alternative deployment environment on-demand.
Velero can restore application configuration/data from an approved cloud provider or on-premise location to an alternative deployment environment on-demand.
- uuid: D74C3A8C-E5B0-4F81-895D-FB2A318D723B
control-id: cp-7.1
description: >-
Velero supports back-ups to and restores from multiple cloud environments (including geo-separated locations for high availibility) and on-premise environments in the event of an accessibility disruptions.
Velero supports back-ups to and restores from multiple cloud environments (including geo-separated locations for high availibility) and on-premise environments in the event of an accessibility disruptions.
- uuid: 72D7145F-7A3F-47AF-835F-7E3D6EFAE1CC
control-id: cp-7.2
description: >-
Velero supports back-ups to and restores from multiple cloud environments (including geo-separated locations for high availibility) and on-premise environments in the event of an accessibility disruptions.
Velero supports back-ups to and restores from multiple cloud environments (including geo-separated locations for high availibility) and on-premise environments in the event of an accessibility disruptions.
- uuid: 5B0AA4CB-9C49-4D32-8242-5631788BD941
control-id: cp-9
description: >-
"Velero gives you tools to back up and restore your Kubernetes cluster resources and persistent volumes. You can run Velero with a cloud provider or on-premises. This includes:
- System components/data.
- User-level information/application metadata.
- User-level storage/data.
- Scheduled back-ups with configurable scopes.
- Multi-cloud and on-premise support for availability of backup."
"Velero gives you tools to back up and restore your Kubernetes cluster resources and persistent volumes. You can run Velero with a cloud provider or on-premises. This includes:
- System components/data.
- User-level information/application metadata.
- User-level storage/data.
- Scheduled back-ups with configurable scopes.
- Multi-cloud and on-premise support for availability of backup."
- uuid: 8E5917F3-3E45-46C1-8585-48550E19AFFB
control-id: cp-9.1
description: >-
Velero provides feedback/logging of back-up status for configuration/data via kubectl or the Velero CLI tool.
Velero can restore your production configuration/data to validation environment to ensure reliability/integrity.
Velero provides feedback/logging of back-up status for configuration/data via kubectl or the Velero CLI tool.
Velero can restore your production configuration/data to validation environment to ensure reliability/integrity.
- uuid: 51191D0E-0C7B-4D2D-861D-202AC8C505CF
control-id: cp-9.2
description: >-
Velero can be configured to restore only certain components of a back-up when necessary.
Velero can be configured to restore only certain components of a back-up when necessary.
- uuid: C650411C-33FD-4B59-8899-AC34B43C860F
control-id: cp-9.3
description: >-
Velero supports back-ups to multiple cloud environments (including geo-separated locations for high availibility) and on-premise environments.
Velero supports back-ups to multiple cloud environments (including geo-separated locations for high availibility) and on-premise environments.
- uuid: 8AB09B17-301B-4836-835B-9CE22A9E2300
control-id: cp-9.5
description: >-
Velero gives you tools to back up and restore your Kubernetes cluster resources and persistent volumes. You can run Velero with a cloud provider or on-premises. This includes:
- System components/data.
- User-level information/application metadata.
- User-level storage/data.
- Scheduled back-ups with configurable scopes.
- Multi-cloud and on-premise support for availability of backup.
Velero gives you tools to back up and restore your Kubernetes cluster resources and persistent volumes. You can run Velero with a cloud provider or on-premises. This includes:
- System components/data.
- User-level information/application metadata.
- User-level storage/data.
- Scheduled back-ups with configurable scopes.
- Multi-cloud and on-premise support for availability of backup.
- uuid: 7FACB782-C183-4585-8C0B-17824438FEA6
control-id: cp-9.8
description: >-
Velero supports encryption of backups via its supported providers' encryption support/mechanisms.
Velero supports encryption of backups via its supported providers' encryption support/mechanisms.

- uuid: 26B3D98B-0C9D-434B-8DE5-06CBBC46A38C
control-id: cp-10
description: >-
Velero can restore application configuration/data from an approved cloud provider or on-premise location on-demand.
Velero can restore application configuration/data from an approved cloud provider or on-premise location on-demand.
- uuid: 3EA444B7-61ED-43DD-8B3D-24B55F286E59
control-id: cp-10.4
description: >-
Velero gives you tools to back up and restore your Kubernetes cluster resources and persistent volumes. You can run Velero with a cloud provider or on-premises. This includes:
- System components/data.
- User-level information/application metadata.
- User-level storage/data.
- Scheduled back-ups with configurable scopes.
- Multi-cloud and on-premise support for availability of backup.
Velero gives you tools to back up and restore your Kubernetes cluster resources and persistent volumes. You can run Velero with a cloud provider or on-premises. This includes:
- System components/data.
- User-level information/application metadata.
- User-level storage/data.
- Scheduled back-ups with configurable scopes.
- Multi-cloud and on-premise support for availability of backup.
props:
- name: framework
ns: https://docs.lula.dev/ns
value: il4
back-matter:
resources:
- uuid: DDC5B579-87DE-41FE-8D87-B4422A7F0A98
Expand Down
2 changes: 2 additions & 0 deletions tasks/test.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -49,10 +49,12 @@ tasks:
with:
oscalfile: ./compliance/oscal-component.yaml
assessment_results: ./compliance/oscal-assessment-results.yaml
options: -t il4

- name: compliance-evaluate
description: "evaluate against the required compliance"
actions:
- task: compliance:evaluate
with:
assessment_results: ./compliance/oscal-assessment-results.yaml
options: -t il4