This project has been forked from docker/oscalkit. Docker, Inc. did great service to the open source world by releasing initial oscalkit implementation under public domain license. Unfortunately, oscalkit development stalled after March 2019, while upstream OSCAL took leap steps and almost re-designed the OSCAL from scratch rendering original oscalkit unusable. This fork is attempt to keep original code lively and re-build community around it.
Barebones Go SDK for the Open Security Controls Assessment Language (OSCAL) which is in development by the National Institute of Standards and Technology (NIST). A CLI tool is also included for processing OSCAL documents, converting between OSCAL-formatted XML, JSON and YAML. For conversion of Your existing SSPs in form of OpenControl or traditional DOCX files projects in to OSCAL visit sister project GoComply/fedramp.
Documentation for the OSCAL standard can be found at https://pages.nist.gov/OSCAL.
You can download the appropriate gocomply_oscalkit
command-line utility for your system from the GitHub Releases page. You can move it to an appropriate directory listed in your $PATH
environment variable. Alternatively, You can fetch latest greatest version by running
go get -u github.com/gocomply/oscalkit/cli/gocomply_oscalkit
NAME:
gocomply_oscalkit - OSCAL toolkit
USAGE:
gocomply_oscalkit [global options] command [command options] [arguments...]
VERSION:
0.2.0
COMMANDS:
convert convert between one or more OSCAL file formats and to HTML format
validate validate files against OSCAL XML and JSON schemas
sign sign OSCAL JSON artifacts
generate generates go code against provided profile
implementation generates go code for implementation against provided profile and excel sheet
help, h Shows a list of commands or help for one command
GLOBAL OPTIONS:
--debug, -d enable debug command output
--help, -h show help
--version, -v print the version
gocomply_oscalkit
can be used to convert one or more source files between OSCAL-formatted XML and JSON.
NAME:
gocomply_oscalkit convert oscal - convert between one or more OSCAL file formats
USAGE:
gocomply_oscalkit convert oscal [command options] [source-files...]
DESCRIPTION:
Convert between OSCAL-formatted XML and JSON files. The command accepts
one or more source file paths and can also be used with source file contents
piped/redirected from STDIN.
OPTIONS:
--output-path value, -o value Output path for converted file(s). Defaults to current working directory
--output-file value, -f value File name for converted output from STDIN. Defaults to "stdin.<json|xml|yaml>"
--yaml If source file format is XML or JSON, also generate equivalent YAML output
Convert OSCAL-formatted NIST 800-53 declarations from XML to JSON:
$ gocomply_oscalkit convert oscal SP800-53-declarations.xml
Convert OSCAL-formatted NIST 800-53 declarations from XML to JSON via STDIN (note the use of "-"):
$ cat SP800-53-declarations.xml | gocomply_oscalkit convert oscal -
gocomply_oscalkit
can be used to sign OSCAL-formatted JSON artifacts using JSON Web Signature (JWS)
NAME:
gocomply_oscalkit sign - sign OSCAL JSON artifacts
USAGE:
gocomply_oscalkit sign [command options] [files...]
OPTIONS:
--key value, -k value private key file for signing. Must be in PEM or DER formats. Supports RSA/EC keys and X.509 certificats with embedded RSA/EC keys
--alg value, -a value algorithm for signing. Supports RSASSA-PKCS#1v1.5, RSASSA-PSS, HMAC, ECDSA and Ed25519
The following signing algorithms are supported:
Signing / MAC | Algorithm identifier(s) |
---|---|
RSASSA-PKCS#1v1.5 | RS256, RS384, RS512 |
RSASSA-PSS | PS256, PS384, PS512 |
HMAC | HS256, HS384, HS512 |
ECDSA | ES256, ES384, ES512 |
Ed25519 | EdDSA |
Sign OSCAL-formatted JSON using a PEM-encoded private key file and the PS256 signing algorithm:
$ gocomply_oscalkit sign --key jws-example-key.pem --alg PS256 NIST_SP-800-53_rev4_catalog.json
The tool supports validation of OSCAL-formatted XML and JSON files against the corresponding OSCAL XML schemas (.xsd) and JSON schemas. Schemas are packaged with the tool and found automatically based on the type of OSCAL file. XML schema validation requires the xmllint
tool on the local machine (included with macOS and Linux. Windows installation instructions here)
NAME:
gocomply_oscalkit validate - validate files against OSCAL XML and JSON schemas
USAGE:
gocomply_oscalkit validate [command options] [files...]
DESCRIPTION:
Validate OSCAL-formatted XML files against a specific XML schema (.xsd)
or OSCAL-formatted JSON files against a specific JSON schema
Validate FedRAMP profile in OSCAL-formatted JSON against the corresponding JSON schema
$ gocomply_oscalkit validate -s oscal-core.json fedramp-annotated-wrt-SP800-53catalog.json
oscalkit
is developed with Go (1.13+). If you have Docker installed, the included Makefile
can be used to run unit tests and compile the application for Linux, macOS and Windows. Otherwise, the native Go toolchain can be used.
Dependencies are managed with Go 1.11 Modules. The vendor/
folder containing the dependencies is checked in with the source for backwards compatibility with previous versions of Go. When using Go 1.11+ with GO111MODULE=on
, you can verify the dependencies as follows:
$ go mod verify
You can use the included Makefile
to generate binaries for your OS as follows (requires Docker):
Compile for Linux:
$ GOOS=linux GOARCH=amd64 make
Compile for macOS:
$ GOOS=darwin GOARCH=amd64 make
Compile for Windows:
$ GOOS=windows GOARCH=amd64 make
Both the website and corresponding documentation are being developed in docs/
. The content is developed using the Hugo framework. The static content is generated and published in docs/public
, which is a separate Git worktree.
The GoDoc for the SDK can be found here.
The GoReleaser tool is used to publish oscalkit
to GitHub Releases. The following release artifacts are currently supported:
- OSX binary
- Linux binary
- Windows binary
- Docker Image
- Homebrew recipe