lula icon indicating copy to clipboard operation
lula copied to clipboard

Published 20 hours ago verified publisher icon defenseunicorns

Benchmark and STIG support

Open brandtkeller opened this issue 10 months ago • 2 comments

Is your feature request related to a problem? Please describe.

Ability for Lula to support the validation of STIG or other benchmarks as parallel efforts to authorization or accreditation processes.

Describe the solution you'd like

  • Given a benchmark artifact is supplied to Lula
  • When performing a validation
  • Then Lula will perform analysis and provide a result of that benchmark in an OSCAL format

Describe alternatives you've considered

  • Integration with KubeBench

Additional context

May require direct shell access (Not uncommon for various STIG tooling)

brandtkeller avatar Apr 24 '24 16:04 brandtkeller

This issue is intended to be an investigation with docs/ADR as the output.

brandtkeller avatar Apr 29 '24 18:04 brandtkeller

In consideration of a shell domain - review the capability for Lula offer the generic shell domain with an optional allow list or configuration for commands that are permitted without execute escalation. Shifting initial responsibility for managing what is permitted and permissions to the end-user.

brandtkeller avatar Jun 28 '24 19:06 brandtkeller