You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem? Please describe.
Working backwards with a specific scenario - "A validation exists for reviewing wholistic CVE data"
Optimally each CVE is an item in a POAM that we can automatically generate
In order to make this transient - we need the ability to enumerate a finding into many POAM items
We will need to store this data either persistently or in-memory
This validation should possibly generate multiple observations
Describe the solution you'd like
Given a validation exists for processing a payload which policy can filter to identify items that need attention
When the validation contains an identifier for enumerating data in a given key
Then the assessment results would have a way to store this data for translation into a POAM
Describe alternatives you've considered
Processing this in-memory vs writing it persistently to a file
Additional context
We alrady need a process for translating items in the assessment results artifact to a POAM when a finding is marked as not-satisfied
This would generically be a 1 <-> 1 relationship of validation/observation to POAM item when a finding is failing.
Potentially we could look at the creation of an additional observation that contains some identifier to tell Lula to create 1 -> N poam items from a single observation.
Will need to evaluate if both providers could support this behavior -
This may be the initial issue for path to creation of a POAM artifact in Lula as wel.
Expected Deliverable
Process for translating observation to poam item
Identification of a payload key that needs to be translated to 1 -> N POAM items
Storage of this information additionally in the assessment-results artifact for historical and imperative re-generation
The text was updated successfully, but these errors were encountered:
Is your feature request related to a problem? Please describe.
Working backwards with a specific scenario - "A validation exists for reviewing wholistic CVE data"
Describe the solution you'd like
Describe alternatives you've considered
Processing this in-memory vs writing it persistently to a file
Additional context
We alrady need a process for translating items in the
assessment resultsartifact to a POAM when a finding is marked asnot-satisfiedThis would generically be a 1 <-> 1 relationship of validation/observation to POAM item when a
findingis failing.Potentially we could look at the creation of an additional observation that contains some identifier to tell Lula to create 1 -> N poam items from a single observation.
Will need to evaluate if both providers could support this behavior -
This may be the initial issue for path to creation of a POAM artifact in Lula as wel.
Expected Deliverable
assessment-resultsartifact for historical and imperative re-generationThe text was updated successfully, but these errors were encountered: