lula icon indicating copy to clipboard operation
lula copied to clipboard

Published 20 hours ago verified publisher icon defenseunicorns

Consume import-component-definition href's for validation

Open brandtkeller opened this issue 10 months ago • 2 comments

Is your feature request related to a problem? Please describe.

Ability to consume upstream artifacts natively as OSCAL intends for them to be used.

See import-component-definitions as an array of href links that can likely be use similar to links hrefs with some modification for merge.

Merge operation should implement or help inform the override process.

Describe the solution you'd like

  • Given a component-definition has 1 -> N component-definitions referenced by href in the import-component-definitions referenced above...
  • When a validation is performed or an assessment-plan is generated...
  • Then Lula should retrieve an merge the component-definition appropriately.

Describe alternatives you've considered

This is expected as native to OSCAL - Lula should support.

Additional context

When Lula supports generation of an assessment-plan - this will largely become something that only happens initially and is not required on a repetitive cadence.

brandtkeller avatar Apr 22 '24 01:04 brandtkeller

Two avenues of support here (not mutually exclusive):

  1. During validation - retrieve and merge (in memory) the imported component-definitions
  2. lula tools compose should optionally allow for retrieving and merging the imported component-definitions into a single file

brandtkeller avatar Apr 25 '24 22:04 brandtkeller

Initial function for merging component-definitions will be available in: https://github.com/defenseunicorns/lula/pull/401

brandtkeller avatar May 02 '24 14:05 brandtkeller