complianceascode / auditree-harvest Goto Github PK

Overview

Add a check to see if a new version of harvest exists and if it does suggest a pip install auditree-harvest --upgrade.

Requirements

• Check for new version pre execution of a command
• If exists suggest pip install auditree-harvest --upgrade otherwise do nothing

Approach

See req

Security and Privacy

N/A

Test Plan

TBD

Overview

Multiple harvest reports may need to be run to answer an audit, and possibly their results will need aggregating into a single file, for example an OSCAL Assessment Result. We should facilitate this in Harvest or with tooling "around" it.

Requirements

• multiple reports can be run from a single invocation
• their results can be combined

Approach

• I think you're going to need to identify reports that can be combined (e.g. that are producing reports in the same format) and have some kind of plugin/awareness per "type". Maybe that's just OSCAL, though?
• It would be nice if this were done as a "report of reports" in vanilla harvest - maybe that's possible already?

Security and Privacy

Provide the impact on security and privacy as it relates to the completion of
this issue. This level of detail may not be available at the time of
issue creation and can be completed at a later time. N/A if not applicable.

Test Plan

Provide the test process that will be followed to adequately verify that the
approach above satisfies the requirements provided. This level of detail may
not be available at the time of issue creation and can be completed at a later
time.

Overview

We need an option to configure the location of harvest output.

Requirements

• Add an option to optionally configure the location of harvest results.
  • Applicable to collate sub-command
  • Applicable to report sub-command

Approach

• Update CLI
• Update write functionality for both collate and report.

Security and Privacy

N/A

Test Plan

TBD

Overview

When no reports are available in a package, display a message that no reports are available in the package.

Requirements

• When performing harvest reports <package name>, if no reports are available, then display No reports found in <package name>. Try another package.
• Fix readme to reference arboretum module rather than auditree-arboretum package.
• Bring readme in line with contents of arboretum. Related to ComplianceAsCode/auditree-arboretum#59

Approach

See req

Security and Privacy

N/A

Test Plan

TBD

Overview

There's been some interest in harvest working exclusively on a local git repo without the notion of a remote counterpart. To that end we should formalize functionality that allows for harvest to target any local git repo.

Requirements

• Allow for the repo positional argument to be set to local.
• repo as local must be paired with the --repo-path argument.

Approach

TBD

Security and Privacy

N/A

Test Plan

TBD

Overview

OSCAL will define a specific format for Assessment Results. We should add support to harvest report that can format results to meet that OSCAL format.

Requirements

• Provide the ability to format report content to meet the OSCAL Assessment Results format.

Approach

• Create a custom JSON encoder (??)
• Dependent upon OSCAL v2 implementation layer

Security and Privacy

N/A

Test Plan

TBD

Overview

Add the ability to run reports on a series of repos and reports and configurations.

Requirements

• bulk report option
• use a bulk configuration JSON file
• functionality should mirror individual report operations

Approach

TBD

Security and Privacy

N/A

Test Plan

TBD

Overview

We should provide the option to compress all files into one archive artifact.

Requirements

• Add option to archive
• Default is false
• Archive to a single artifact

Approach

See req.

Security and Privacy

N/A

Test Plan

• Unit tests and integration tests

Overview

Add the ability to run collate operations on a series of repos and files and configurations.

Requirements

• bulk collate option
• use a bulk configuration JSON file
• functionality should mirror individual collate operations

Approach

TBD

Security and Privacy

N/A

Test Plan

TBD

Overview

Similar to #10 we should have a --force-refresh option for the repo specified. This option will remove the old local copy, if it exists and provide a fresh local clone.

Requirements

• Add --force-refresh option
• If selected, delete the repo from $TMPDIR before collating or reporting

Approach

TBH

Security and Privacy

N/A

Test Plan

TBD

Overview

We should add an option to permit harvest to refresh a local repo that it did not itself standup.

Requirements

• When providing a --repo-path we need to add an option to permit the collator to refresh that environment. Current behavior is to only let harvest refresh a repo that it pulled down originally.
• As part of this enhancement we should also change logic to allow harvest to pull down a repo locally to the repo path provided if no repo existed in that location. Thereby allowing for harvest to write local repos to a non-$TMPDIR location.

Approach

TBD

Security and Privacy

TBD

Test Plan

TBD

Overview

Remove credentials requirements when running in local mode.

Requirements

• Remove credentials requirements when running in local mode.
• You shouldn't need a credentials file if you're running in local mode.

Approach

TBD

Security and Privacy

N/A

Test Plan

TBD

Overview

We want to add an option to the CLI to allow for users to override the branch of their local repo when retrieving files or generating reports based on file content.

Requirements

• branch should be optional
• --branch
• defaults to master

Approach

TBD

Security and Privacy

N/A

Test Plan

• Unit tests and integration tests

Overview

At times harvest managed git repos get corrupted usually when putting your mac into sleep mode. When this is encountered in a harvest managed local git repo harvest should remove the repo and re-clone it.

Requirements

See:

• When a git.exc.InvalidGitRepositoryError is encountered for a harvest managed git repo, remove the corrupted repo and re-clone.

Approach

• See req.
• TBD

Security and Privacy

N/A

Test Plan

TBD

Overview

The tool should provide the option of displaying operation progress to standard out.

Requirements

• verbose option should be off by default
• verbose option should display to standard out
  • Any git operation
  • When a file has been found for a given date
  • etc...

Approach

• See req.
• TBD

Security and Privacy

git repo read/view access is expected

Test Plan

• Unit tests and integration tests