OSCAL Component Defintions for testing with FedRAMP HIGH baseline profile.
The workflow to update content consists of the following steps:
- From a user's branch, using GitHub or GitLab UI, modify and commit a markdown or json file within the workspace. (Most updates will be made to markdown files.)
- A user submits a pull request to add their changes to the workspace's master branch.
- From a user's branch, trestle-bot synchronizes the workspace content, validates it, and formats it.
- The workspace updates are conditionally added to the workspace's main branch.
The first step in modifying content is to create a new branch of the workspace to save your work to. Follow the instructions of your Git provider to create a new branch.
Once you've created a branch, locate the content to be modified within the workspace. JSON and markdown files can be found in the following places:
./markdown/components/./compontent-definitions/
Browse to the referenced file. Follow your Git Provider's instructions for committing changes to a file.
Once the needed modifications have been performed, request to publish the changes by opening a pull request to merge your changes into the workspace's main branch.
Once trestle-bot has processed the workspace modifications, the pull request can be conditionally approved, which triggers the publishing of the changes to the workspace's main branch.
The workflow to create a new Component Definition consists of the following steps:
- Using the GitHub or GitLab UI, complete a create new component definition form and submit it to trestle-bot.
- trestle-bot processes the form and creates a new component definition within the workspace.
- trestle-bot opens a pull request to add the new component definition to the workspace's main branch.
- The workspace updates are conditionally added to the workspace's main branch.
Use your git provider's UI to kickoff a workflow, by browsing to the workspace's available workflows and selecting the Component Definitions Create workflow. Enter the required information and submit the form to run the workflow.
GitHub
Once trestle-bot has processed the workspace modifications, the pull request can be conditionally approved, which triggers the publishing of the changes to the workspace's main branch.
Trestle-bot supports two views that can be used to manage OSCAL Component Definitions. These views are the controls view and the rules view.
The controls view enables users to manage a component's control implementation information.
The rules view enables users to define how a control applies to the component. This information is used to define how the component must be configured to adhere to the control.
Browse to the controls view, by locating the ./markdown/components/ directory within the workspace. Identify which component you would like to manage controls for, follow the in-line markdown comments for editing guidance, and refer to the workflows documentation for instructions on how to initiate an update to the component's control implementation.
Browse to the rules view, by locating the ./rules/ directory within the workspace. Identify which component you would like to manage rules for, follow the in-line YAML comments for editing guidance, and refer to the workflows documentation for instructions on how to initiate an update to the component's rules.
See FAQs and Infrequent Tasks for more information.