eop-omb / opal Goto Github PK
View Code? Open in Web Editor NEWOSCAL Policy Administration Library (OPAL) provides a simple web application for managing System Security Plans. The data modle is based on the OSCAL standard.
License: Other
OSCAL Policy Administration Library (OPAL) provides a simple web application for managing System Security Plans. The data modle is based on the OSCAL standard.
License: Other
Just wanted to share this new document with this project. Hopefully it's useful.
Published July 28th, 2021
After following the installation instruction using docker container and running the command to start the container I get the following error:
PermissionError: [Errno 13] Permission denied: '/usr/src/app/debug.log'
2024-03-22 12:17:04 + set -e
2024-03-22 12:17:04 + python manage.py migrate --noinput
2024-03-22 12:17:04 Running in Development mode!
2024-03-22 12:17:04 DJANGO_SETTINGS_MODULE: opal.settings
2024-03-22 12:17:04 GPG_KEY: <** removed by me ** >
2024-03-22 12:17:04 HOME: /home/opal
2024-03-22 12:17:04 HOSTNAME: d22b222e39c4
2024-03-22 12:17:04 LANG: C.UTF-8
2024-03-22 12:17:04 PATH: /usr/local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
2024-03-22 12:17:04 PWD: /usr/src/app
2024-03-22 12:17:04 PYTHONDONTWRITEBYTECODE: 1
2024-03-22 12:17:04 PYTHONUNBUFFERED: 1
2024-03-22 12:17:04 PYTHON_GET_PIP_SHA256: <** removed by me **
2024-03-22 12:17:04 PYTHON_GET_PIP_URL: https://github.com/pypa/get-pip/raw/dbf0c85f76fb6e1ab42aa672ffca6f0a675d9ee4/public/get-pip.py
2024-03-22 12:17:04 PYTHON_PIP_VERSION: 24.0
2024-03-22 12:17:04 PYTHON_SETUPTOOLS_VERSION: 65.5.1
2024-03-22 12:17:04 PYTHON_VERSION: 3.11.8
2024-03-22 12:17:04 SHLVL: 1
2024-03-22 12:17:04 _: /usr/local/bin/python
2024-03-22 12:17:04 Traceback (most recent call last):
2024-03-22 12:17:04 File "/usr/local/lib/python3.11/logging/config.py", line 573, in configure
2024-03-22 12:17:04 handler = self.configure_handler(handlers[name])
2024-03-22 12:17:04 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
2024-03-22 12:17:04 File "/usr/local/lib/python3.11/logging/config.py", line 757, in configure_handler
2024-03-22 12:17:04 result = factory(**kwargs)
2024-03-22 12:17:04 ^^^^^^^^^^^^^^^^^
2024-03-22 12:17:04 File "/usr/local/lib/python3.11/logging/init.py", line 1181, in init
2024-03-22 12:17:04 StreamHandler.init(self, self._open())
2024-03-22 12:17:04 ^^^^^^^^^^^^
2024-03-22 12:17:04 File "/usr/local/lib/python3.11/logging/init.py", line 1213, in _open
2024-03-22 12:17:04 return open_func(self.baseFilename, self.mode,
2024-03-22 12:17:04 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
2024-03-22 12:17:04 PermissionError: [Errno 13] Permission denied: '/usr/src/app/debug.log'
2024-03-22 12:17:04
2024-03-22 12:17:04 The above exception was the direct cause of the following exception:
2024-03-22 12:17:04
2024-03-22 12:17:04 Traceback (most recent call last):
2024-03-22 12:17:04 File "/usr/src/app/manage.py", line 22, in
2024-03-22 12:17:04 main()
2024-03-22 12:17:04 File "/usr/src/app/manage.py", line 18, in main
2024-03-22 12:17:04 execute_from_command_line(sys.argv)
2024-03-22 12:17:04 File "/usr/local/lib/python3.11/site-packages/django/core/management/init.py", line 442, in execute_from_command_line
2024-03-22 12:17:04 utility.execute()
2024-03-22 12:17:04 File "/usr/local/lib/python3.11/site-packages/django/core/management/init.py", line 416, in execute
2024-03-22 12:17:04 django.setup()
2024-03-22 12:17:04 File "/usr/local/lib/python3.11/site-packages/django/init.py", line 19, in setup
2024-03-22 12:17:04 configure_logging(settings.LOGGING_CONFIG, settings.LOGGING)
2024-03-22 12:17:04 File "/usr/local/lib/python3.11/site-packages/django/utils/log.py", line 76, in configure_logging
2024-03-22 12:17:04 logging_config_func(logging_settings)
2024-03-22 12:17:04 File "/usr/local/lib/python3.11/logging/config.py", line 823, in dictConfig
2024-03-22 12:17:04 dictConfigClass(config).configure()
2024-03-22 12:17:04 File "/usr/local/lib/python3.11/logging/config.py", line 580, in configure
2024-03-22 12:17:04 raise ValueError('Unable to configure handler '
2024-03-22 12:17:04 ValueError: Unable to configure handler 'file'
As a user I need to be able to edit my SSP without opening multiple tabs or losing my position on the page.
Something like this: https://github.com/agusmakmun/django-markdown-editor
Divide the Component List screen (https://opal.omb.gov/component/) to organize components by Component Type. List each component type in a separate table with an appropriate heading.
Scenario: system a inherits from system b. I create a new statement for a control in system a, it is linked to the baseline control instead of a new control. This causes the naming convention to fail but also the new control is propagated to all other systems that inherit from b
Describe the bug
The system treats all documents as PDF when retrieving them from the database. A .pdf extension is applied to the temporary file which causes the browser to return an error.
To Reproduce
Steps to reproduce the behavior:
Expected behavior
Since OPAL is intended as a repository and not a tool for working on live attachments. It might make the most sense to limit uploads to PDF or to convert files to PDF on upload.
Is there a getting started guide or any sort of documentation?
Not an issue, but I thought I'd share something...
django-extensions is already part of the project. I ran a few commands and generated an SVG of the model classes. You'll need graphviz on your machine to run dot.
python manage.py graph_models -g ssp > opal.dot
dot -T svg opal.dot > opal.svg
It's a big image. Here's a snippet.
I've installed OPAL locally based on the instructions in the repo. I'm able to go to "NIST Catalog" on the site and import the following catalog:
After import, the control baseline does appear correctly in the admin section:
However, when I try to create a new SSP, none of the controls are showing up:
Is there something I need to do after importing the catalog to be able to select the controls?
authorization_boundary can be a diagram but can also include a text description
The SSP Detail View should display a list of NIST controls included in the system baseline that do not have at least one system control defined
Component name should be unique
Left navigation pane doesn't float, so can get lost at the top of the screen
@dan-omb Hi. Any interest in a PR to streamline usage with Docker?
After saving a component I should be redirected to the component detail view
Each system is rated according to FIPS 199. It would be nice to pick the system categorization and have a set of controls automatically become selected accordingly.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.