This is the OpenRMF Scoring API for scoring a checklist. This piece of the OpenRMF tool allows reading of the scoring database that is updated with eventual consistency using the openrmf-msg-score project that reads newer/updated XML and scores by category and status for each vulnerability in the appropriate STIG being saved. See the Documentation in https://github.com/Cingulara/openstig-docs for more information.

• /{id} - pass in an internal ID and score it, if in the database
• /artifact/{id} - pass in a GUID and score it, if in the database
• /system/{id} - pass in to get the score across all checklists in a given system
• / - POST the raw XML string to get back a score on that data dynamically
• /swagger/ gives you the API structure.

docker build --rm -t openrmf-api-scoring:0.13 .

• ~/mongodb/bin/mongo 'mongodb://root:myp2ssw0rd@localhost'
• use admin
• db.createUser({ user: "openrmfscore" , pwd: "openrmf1234!", roles: ["readWriteAnyDatabase"]});
• use openstigscore
• db.createCollection("Scores");
• db.Scores.createIndex({ artifactId: 1 })
• db.Scores.createIndex({ systemGroupId: 1 })
• db.Scores.createIndex({ hostName: 1 })
• db.Scores.createIndex({ stigType: 1 })

~/mongodb/bin/mongo 'mongodb://openrmfscore:openrmf1234!@localhost/openrmfscore?authSource=admin'

Using NATS from Synadia to have a messaging backbone and eventual consistency. This Score API reads data from the Score database filled by listening to messages. Currently publishing to these known items:

• openstig.save.new with payload (new Guid Id)
• openstig.save.update with payload (new Guid Id)
• openstig.upload.new with payload (new Guid Id)
• openstig.upload.update with payload (new Guid Id)

More will follow as this expands for auditing, logging, etc.

• docker run --rm --name nats-main -p 4222:4222 -p 6222:6222 -p 8222:8222 nats
• this is the default and lets you run a NATS server version 1.2.0 (as of 8/2018)
• just runs in memory and no streaming (that is separate)