Overview
trestle-bot assists users in leveraging Compliance-Trestle in CI/CD workflows for OSCAL formatted compliance content management.
WARNING: This project is currently under initial development. APIs may be changed incompatibly from one commit to another.
Getting Started
Available Commands
The autosync
command will sync trestle-generated Markdown files to OSCAL JSON files in a trestle workspace. All content under the provided markdown directory when the action is run will be transformed. This action supports all top-level models supported by compliance-trestle for authoring.
The rules-transform
command can be used when managing OSCAL Component Definitions in a trestle workspace. The action will transform rules defined in the rules YAML view to an OSCAL Component Definition JSON file.
The create-cd
command can be used to create a new OSCAL Component Definition in a trestle workspace. The action will create a new Component Definition JSON file and corresponding directories that contain rules YAML files and trestle-generated Markdown files. This action prepares the workspace for use with the rules-transform
and autosync
actions.
The sync-upstreams
command can be used to sync and validate upstream OSCAL content stored in a git repository to a local trestle workspace. Which content is synced is determined by the include_model_names
and exclude_model_names
inputs.
The create-ssp
command can be used to create a new OSCAL System Security Plans (SSP) in a trestle workspace. The action will create a new SSP JSON file and corresponding directories that contain trestle-generated Markdown files. This action prepares the workspace for use with the autosync
action by creating or updating the ssp-index.json
file. The ssp-index.json
file is used to track the relationships between the SSP and the other OSCAL content in the workspace for the autosync
action.
Below is a table of the available commands and their current availability as a GitHub Action:
Command | Available as a GitHub Action |
---|---|
autosync |
✓ |
rules-transform |
✓ |
create-cd |
✓ |
sync-upstreams |
✓ |
create-ssp |
For detailed documentation on how to use each action, see the README.md in each folder under actions.
Supported Git Providers
Note: Only applicable if using
trestle-bot
to create pull requests. Automatically detecting the git provider information is supported for GitHub Actions (GitHub) and GitLab CI (GitLab).
- GitHub
- GitLab
Run as a Container
Note: When running the commands in a container, all are prefixed with
trestlebot
(e.g.trestlebot-autosync
). The default entrypoint for the container is the autosync command.
Build and run the container locally:
podman build -f Dockerfile -t trestle-bot .
podman run -v $(pwd):/data -w /data trestle-bot
Container images are available in quay.io
:
podman run -v $(pwd):/data -w /data quay.io/continuouscompliance/trestle-bot:<tag>