From bb8f14eeee50e998eb47c0abba9c78080c05239c Mon Sep 17 00:00:00 2001 From: Brandt Keller Date: Fri, 31 May 2024 17:47:21 +0000 Subject: [PATCH 1/2] feat(report): initial doc for reporting layers --- docs/reporting.md | 34 ++++++++++++++++++++++++++++++++ src/cmd/report/report.go | 42 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 76 insertions(+) create mode 100644 docs/reporting.md create mode 100644 src/cmd/report/report.go diff --git a/docs/reporting.md b/docs/reporting.md new file mode 100644 index 00000000..5dad404f --- /dev/null +++ b/docs/reporting.md @@ -0,0 +1,34 @@ +# Lula Compliance Reporting + +Contextual reporting for the state of compliance with a given standard, benchmark, stig, or policy. + +`lula report` will use context of default or specified OSCAL artifacts to perform an analysis on percentages met by components or systems. + +## Context + +```mermaid +flowchart TD + A[Report] -->|default/specified OSCAL files| B(Build Report) + B --> C{Check for existence of models & Catalog/Profile} + C -->|Components Exist| D[Component Report] + C -->|SSP Exists (not supported)| E[System Report] + C -->|Assessment Results Exist| F[Assessment Report] +``` + +### Considerations + +Reporting will perform the analysis of control context from relevant OSCAL layers to provide a layered reporting of compliance. + +## Reporting Layers + +### Component Report + +Component Reporting will provide the most generalized layer of controls against a given standard. Components may be comprised of multiple standards (control implementations) and as such will need to potentially collect multiple catalogs and profiles. + +### System Report + +System Reporting will provide a filter of controls against a given system. This is more specialized and focuses on a single system and the standard for which it is being accredited. + +### Assessment Report + +Assessment Reporting will provide more specialized reporting on the state of a given assessment. The state of a control `finding` will be analyzed and reported in the form of percentage controls being `satisfied/not-satisfied given a result. \ No newline at end of file diff --git a/src/cmd/report/report.go b/src/cmd/report/report.go new file mode 100644 index 00000000..fd0eef54 --- /dev/null +++ b/src/cmd/report/report.go @@ -0,0 +1,42 @@ +package report + +import ( + "github.com/spf13/cobra" +) + +type flags struct { + InputFile string // -f --input-file + OutputFile string // -o --output-file +} + +var opts = &flags{} + +var reportHelp = ` + +` + +var reportCmd = &cobra.Command{ + Use: "report", + Hidden: false, + Aliases: []string{"r"}, + Short: "Build a compliance report", + Example: reportHelp, + Run: func(_ *cobra.Command, args []string) { + + }, +} + +func ReportCommand() *cobra.Command { + + reportFlags() + + return reportCmd +} + +func reportFlags() { + reportFlags := reportCmd.PersistentFlags() + + reportFlags.StringVarP(&opts.InputFile, "input-file", "f", "", "Path to a manifest file") + reportFlags.StringVarP(&opts.OutputFile, "output-file", "o", "", "Path and Name to an output file") + +} From d575dc004955eeeaefff332f0000ee37f007295e Mon Sep 17 00:00:00 2001 From: Brandt Keller Date: Fri, 31 May 2024 17:49:27 +0000 Subject: [PATCH 2/2] fix(report): mermaid diagram error --- docs/reporting.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/reporting.md b/docs/reporting.md index 5dad404f..78f63650 100644 --- a/docs/reporting.md +++ b/docs/reporting.md @@ -11,7 +11,7 @@ flowchart TD A[Report] -->|default/specified OSCAL files| B(Build Report) B --> C{Check for existence of models & Catalog/Profile} C -->|Components Exist| D[Component Report] - C -->|SSP Exists (not supported)| E[System Report] + C -->|SSP Exists - not supported| E[System Report] C -->|Assessment Results Exist| F[Assessment Report] ```