content icon indicating copy to clipboard operation
content copied to clipboard

Published 20 hours ago verified publisher icon ComplianceAsCode

OSCAL Import/Update Job fails with OSCAL 1.1.1 content

Open jpower432 opened this issue 1 year ago • 1 comments

Description of problem:

Background

As described in the comment on https://github.com/ComplianceAsCode/content/pull/11286, the compliance-trestle tool does not yet support OSCAL 1.1.1. OSCAL 1.1.1 support is on the compliance-trestle roadmap. The NIST catalog reference was pinned to a commit until the newest content can be imported and continue to allow FedRAMP profile updates to be imported. The most recent commit on https://github.com/GSA/fedramp-automation/commit/6518de14df4552821ad17cc93f5eeaec4b46716b updates the FedRAMP Rev5 content to OSCAL v1.1.1 making it incompatible with compliance-trestle which is used in this job.

Possible Solutions (Short term)
  • Add a comment to explain the failure. The FedRAMP Rev4 content is still supported.
  • Temporarily remove the schedule trigger and add a comment.

SCAP Security Guide Version:

https://github.com/ComplianceAsCode/content/commit/45ab494e782a41144af256c54093a18dd10b89a5

Operating System Version:

ubuntu-latest - GitHub Action

Steps to Reproduce:

  1. Let the job run or run the job manually
  2. Observe the failure for the FedRAMP Rev 5 content only

Actual Results:

Job Failed with error trestle.core.commands.import_:94 ERROR: Error while importing OSCAL file: OSCAL version: 1.1.1 is not supported, use 1.0.4 instead.

Expected Results:

Job Passed

Additional Information/Debugging Steps:

https://github.com/ComplianceAsCode/content/actions/runs/7436163149

jpower432 avatar Jan 09 '24 20:01 jpower432

cc @Mab879

jpower432 avatar Jan 09 '24 20:01 jpower432