ScubaGoggles icon indicating copy to clipboard operation
ScubaGoggles copied to clipboard
verified publisher icon cisagov

Indicate which baselines can be checked by SCuBA tools on the baseline documents

Open buidav opened this issue 1 year ago • 2 comments

💡 Summary

Since the baselines are so closely tied to our tools, we should indicate which baselines can be checked by ScubaGoggles on the baseline markdown documents themselves.

Three Options exist for checking baselines:

  • A policy can be checked by the Google Policy API (performed by SCuBA Goggles application)
  • The admin logs can be checked for certain events for certain settings. (This is brittle due to deletion of logs)(mostly deprecated)
  • Manual check.

Motivation and context

To provide visual feedback to users that there is automation available to check a particular baseline.

Implementation notes

  • Add text to the baseline markdown documents that indicates which baselines can be check by SCuBA tools.
  • Parse that indicator into the HTML reporter
  • Add to the output JSON in orchestrator

Acceptance criteria

  • [ ] Indicator added to the baseline documents that highlights which SCuBA baselines can be checked by which SCuBA tools.
  • [ ] Indicator added to the HTML reports.
  • [ ] Indicator added to the output JSON.

buidav avatar Oct 09 '24 19:10 buidav

First mock up several options then present to team to reach consensus on approach.

adhilto avatar Jun 17 '25 17:06 adhilto

Following action items captured during 10/22 parking lot discussion:

  • create mock-ups for automated indicators and baseline documentation

  • create a new issue to implement the mock up for scubagoggles and scubagear

FollyBeachGurl avatar Oct 22 '25 18:10 FollyBeachGurl

Closing this issue since it was research based, and have created 2 follow-up issues for implementation from this issue: #838 and #841

dagarwal-ecs avatar Nov 18 '25 14:11 dagarwal-ecs