oscal-compass / compliance-trestle

An opinionated tooling platform for managing compliance as code, using continuous integration and NIST's OSCAL standard.

https://oscal-compass.github.io/compliance-trestle

Support explicit imports of xml documents into trestle project via conversion to json.

butler54 opened this issue 4 years ago · comments

Chris Butler commented 4 years ago

Challenge.

External entities may produce only xml documents
Trestle is anchored w.r.t json/ yaml
xml-> json conversion requires less than easy to install libraries

Solution

Trestle only to support XML via an explicit import which does a conversion.
e.g. trestle xml-import -f path_to_xml.xml -o my_catalog this needs to be part of an external plugin (e.g. the Fedramp extension).

Completion criteria

xml-import is part of compliance-trestle-fedramp
xml-import can pull from remote environments using caching / remote functionality in trestle
Add to core trestle documentation in error handling to notify users if an xml OSCAL document is encountered an point to trestle doc page on what to do
- Example scenario: json ssp refers to xml profile. In this case we can error with message on what you should do.

Chris Butler commented 3 years ago

@vikas-agarwal76 - can you confirm the current state for xml import? I believe we are (at a minimum) missing the docs.

Jennifer Power commented 10 days ago

The oscal-cli fulfills this requirement