content
content copied to clipboard
ComplianceAsCode
Add script processing the PCI DSS standard
Description:
- The script processing the standard PDF document and generate control template, extracting rules requirements from the tables.
Rationale:
-
The generator extracts description and numbering of the standard requirements and generates an "empty" template with all requirements declared as
not applicable -
The first utilisation and testing of the script was done in the context of #9549
-
The general idea is this to grow into a general script to process standards, and depending on how the different standard bodies build their documents to have different classes of documents, while the yml tree to have same format.
Hi @teacup-on-rockingchair. Thanks for your PR.
I'm waiting for a ComplianceAsCode member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.
Once the patch is verified, the new status will be reflected by the ok-to-test label.
I understand the commands that are listed here.
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.
![openshift-ci[bot] avatar](https://avatars.githubusercontent.com/in/91280?v=4 "Published by a pub.dev verified publisher"){kind=small}
Start a new ephemeral environment with changes proposed in this pull request:
Fedora Environment
Oracle Linux 8 Environment
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
Code Climate has analyzed commit 087469f5 and detected 70 issues on this pull request.
Here's the issue category breakdown:
| Category | Count |
|---|---|
| Complexity | 1 |
| Style | 69 |
The test coverage on the diff in this pull request is 100.0% (50% is the threshold).
This pull request will bring the total coverage in the repository to 52.4% (0.0% change).
View more on Code Climate.
![codeclimate[bot] avatar](https://avatars.githubusercontent.com/in/9403?v=4 "Published by a pub.dev verified publisher"){kind=small}
Nice. I didn't review the script, but I liked the idea from the description. FYI, there is also this PR which is related to this idea: https://github.com/ComplianceAsCode/content/pull/10455
By the way, the codeclimate point should be checked.
@teacup-on-rockingchair I am currently analyzing the PCI-DSSv4 and reviewing the control file you created in https://github.com/ComplianceAsCode/content/pull/9549. The control file is very helpful and would be great to increase its adoption by other products.
So far I saw some issues related to missing requirements present in the PDF but not in the control file. I also saw some formatting issues. I don't know if they were caused by the script of by manual intervention but should be relatively simple to improve.
In any case, I will conclude my review here. Very soon I will propose a PR updating the control file and then I would be happy to better look this script. Have you considered the library mentioned by @rhmdnd ?
@teacup-on-rockingchair I am currently analyzing the PCI-DSSv4 and reviewing the control file you created in #9549. The control file is very helpful and would be great to increase its adoption by other products.
So far I saw some issues related to missing requirements present in the PDF but not in the control file. I also saw some formatting issues. I don't know if they were caused by the script of by manual intervention but should be relatively simple to improve.
In any case, I will conclude my review here. Very soon I will propose a PR updating the control file and then I would be happy to better look this script. Have you considered the library mentioned by @rhmdnd ?
Hi @marcusburghardt thanks for the feedback :bow:
For sure in my todo are to fix code quality warnings and rework the script so it can reuse as much as possible code from the tool provided by @rhmdnd but maybe will need to extract the generator code in a common library file and have the tools for CIS and PCI, or whatever comes later use it as dependency.
ping
Unfortunately I didn't have time yet to check this script in details. It is also difficult because PCI-DSS is released each 4 years. So, in 2026 the new policy might be different and we might need to refactor the whole script. My suggestion would be to close it now for a cleaner PR queue. The work won't be gone. We can try to use it again when a new PCI-DSS policy comes or maybe to create a more generic solution applicable to multiple policies.
Do you agree to close it for now @teacup-on-rockingchair ?