Object Storage Release - 2025.01

delivery-tooling/catalog-compiler.go

@@ -57,7 +57,7 @@ type ReleaseDetails struct {
 	ThreatModelURL     string         `yaml:"threat_model_url"`
 	ThreatModelAuthor  string         `yaml:"threat_model_author"`
 	RedTeam            string         `yaml:"red_team"`
-	RedTeamExercizeURL string         `yaml:"red_team_exercize_url"`
+	RedTeamExerciseURL string         `yaml:"red_team_exercise_url"`
 	ReleaseManager     ReleaseManager `yaml:"release_manager"`
 	ChangeLog          []string       `yaml:"change_log"`
 	Contributors       []Contributors `yaml:"contributors"`

delivery-tooling/update-metadata.go

@@ -16,8 +16,8 @@ import (
 )
 
 var (
-	MetadataFilepath   string
 	BuildDirectoryPath string
+	MetadataFilePath   string
 
 	// baseCmd represents the base command when called without any subcommands
 	updateMetadataCmd = &cobra.Command{
@@ -37,14 +37,14 @@ var (
 			servicesDir := viper.GetString("services-dir")
 			buildTarget := viper.GetString("build-target")
 
-			buildDirectoryPath := filepath.Join(servicesDir, buildTarget)
-			MetadataFilepath = filepath.Join(buildDirectoryPath, "metadata.yaml")
+			BuildDirectoryPath = filepath.Join(servicesDir, buildTarget)
+			MetadataFilePath = filepath.Join(BuildDirectoryPath, "metadata.yaml")
 
 			err := updateMetadata()
 			if err != nil {
 				fmt.Println(err)
 			} else {
-				fmt.Printf("Metadata has been updated successfully: %s\n", MetadataFilepath)
+				fmt.Printf("Metadata has been updated successfully: %s\n", MetadataFilePath)
 			}
 		},
 	}
@@ -70,12 +70,11 @@ func updateMetadata() (err error) {
 	// Create a new GitHub client
 	client := github.NewClient(tc)
 
-	// Prepare the options to filter commits by the specified path (directory)
+	// Fetch the list of commits from the repository
+	cleanedPath := strings.Replace(filepath.ToSlash(BuildDirectoryPath), "../", "", 1)
 	opts := &github.CommitsListOptions{
-		Path: BuildDirectoryPath,
+		Path: cleanedPath,
 	}
-
-	// Fetch the list of commits from the repository
 	commits, _, err := client.Repositories.ListCommits(ctx, repoOwner, repoName, opts)
 	if err != nil {
 		log.Fatalf("Error fetching commits: %v", err)
@@ -137,7 +136,7 @@ func updateMetadata() (err error) {
 		log.Fatalf("Error marshaling YAML: %v", err)
 	}
 
-	err = os.WriteFile(MetadataFilepath, metadataData, os.FileMode(0666))
+	err = os.WriteFile(MetadataFilePath, metadataData, os.FileMode(0666))
 	if err != nil {
 		log.Fatalf("Error writing to the YAML file: %v", err)
 	}
@@ -148,7 +147,7 @@ func updateMetadata() (err error) {
 
 func getMetadataYaml() Metadata {
 	// Read the YAML file
-	yamlFile, err := os.ReadFile(MetadataFilepath)
+	yamlFile, err := os.ReadFile(MetadataFilePath)
 	if err != nil {
 		log.Fatalf("Error reading YAML file: %v", err)
 	}

services/storage/object/metadata.yaml

@@ -8,7 +8,7 @@ description: |
   highly scalable and often used in cloud environments due to its flexibility
   and accessibility.
 release_details:
-  - version: "2024.10"
+  - version: "2025.01"
     assurance_level: None
     threat_model_url: None
     threat_model_author: None
@@ -18,46 +18,34 @@ release_details:
       name: Damien Burks
       github_id: damienjburks
       company: Citi
-      summary: Initial release
+      summary: |
+        This initial release is part of the first batch of control catalogs
+        produced by the CCC. It is the result of thousands of hours dedicated to
+        exploring different ways of working and collaborating, on top of time
+        spent researching, writing, and reviewing the content. This marks a huge
+        milestone for the CCC and the broader community as further releases will
+        continue to build on this foundation. A huge thanks to everyone who has
+        brought us to this point!
     change_log:
-      - Add in fixes to object storage threats, controls, features (#436)
-      - Typofix on control IDs (#432)
-      - Object storage final polish (#419)
-      - Adding Contributors key to metadata schema (#409)
-      - Object Storage Controls Revision (#394)
-      - GenAI taxonomy (#393)
-      - Updates to the structure of the metadata yaml (#383)
-      - Schema updates (#377)
-      - Handling common entries for features, threats, & controls (#327)
-      - Convert Object Storage development files from MD to YAML (#325)
-      - Add in new object storage controls on encryption for impact and replication to untrusted destinations (#305)
-      - Convert existing taxonomies to the new yaml format (#319)
-      - Fix broken links (#317)
-      - Added CCC.OS.C6 Control (#298)Looks good
-      - Extend Object Storage Controls (#263)
-      - Creation of Global Markdown Formatting and Linting GitHub Actions (#223)
-      - Draft Proposal for Threat Catalog and Control Catalog Taxonomy  (#153)
-      - Signed URLs added
-      - addressed review comments by @rgriffiths-scottlogic
-      - address review comments by stevie from scott logic and further improvements
-      - updates
-      - initial version of the object store taxonomy
+      - |
+        This initial release contains a variety of commits designed to capture
+        all of the features, threats, and controls for this service category.
     contributors:
-      - name: Michael Lysaght
-        github_id: mlysaght2017
-        company: Citi
+      - name: Sonali Mendis
+        github_id: smendis-scottlogic
+        company: Scott Logic
       - name: Eddie Knight
         github_id: eddie-knight
         company: Sonatype
-      - name: Damien Burks
-        github_id: damienjburks
+      - name: Michael Lysaght
+        github_id: mlysaght2017
         company: Citi
-      - name: Sonali Mendis
-        github_id: smendis-scottlogic
-        company: Scott Logic
       - name: Dave Ogle
         github_id: dogle-scottlogic
         company: Scott Logic
+      - name: Damien Burks
+        github_id: damienjburks
+        company: Citi
       - name: Naseer Mohammad
         github_id: nas-hub
         company: Google