Skip to content

RedHatProductSecurity/trestle-bot

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

trestle-bot

Pre commit License Coverage Quality Gate Status

trestle-bot is a CLI tool that assists users in leveraging Compliance-Trestle in CI/CD workflows for OSCAL formatted compliance content management.

WARNING: This project is currently under initial development. APIs may be changed incompatibly from one commit to another.

Getting Started

Available Commands

The autosync command will sync trestle-generated Markdown files to OSCAL JSON files in a trestle workspace. All content under the provided markdown directory will be transformed when the action is run. This action supports all top-level models supported by compliance-trestle for authoring.

The rules-transform command can be used when managing OSCAL Component Definitions in a trestle workspace. The action will transform rules defined in the rules YAML view to an OSCAL Component Definition JSON file.

The create compdef command can be used to create a new OSCAL Component Definition in a trestle workspace. The action will create a new Component Definition JSON file and corresponding directories that contain rules YAML files and trestle-generated Markdown files. This action prepares the workspace for use with the rules-transform and autosync actions.

The sync-upstreams command can be used to sync and validate upstream OSCAL content stored in a git repository to a local trestle workspace. The inputs include_models and exclude_models determine which content is synced to the trestle workspace.

The create ssp command can be used to create a new OSCAL System Security Plans (SSP) in a trestle workspace. The action will create a new SSP JSON file and corresponding directories that contain trestle-generated Markdown files. This action prepares the workspace for use with the autosync action by creating or updating the ssp-index.json file. The ssp-index.json file is used to track the relationships between the SSP and the other OSCAL content in the workspace for the autosync action.

Below is a table of the available commands and their current availability as a GitHub Action:

Command Available as a GitHub Action
autosync
rules-transform
create compdef
sync-upstreams
create ssp

For detailed documentation on how to use each action, see the README.md in each folder under actions.

Supported Git Providers

Note: Only applicable if using trestle-bot to create pull requests. Automatically detecting the git provider information is supported for GitHub Actions (GitHub) and GitLab CI (GitLab).

  • GitHub
  • GitLab

Run as a Container

Note: When running the commands in a container, all are prefixed with trestlebot (e.g. trestlebot autosync). The default entrypoint for the container is the autosync command.

Build and run the container locally:

podman build -f Dockerfile -t trestle-bot .
podman run -v $(pwd):/data -w /data trestle-bot

Container images are available in quay.io:

podman run -v $(pwd):/data -w /data quay.io/continuouscompliance/trestle-bot:<tag>

Contributing

For information about contributing to trestle-bot, see the CONTRIBUTING.md file.

License

This project is licensed under the Apache 2.0 License - see the LICENSE.md file for details.

Troubleshooting

See TROUBLESHOOTING.md for troubleshooting tips.