pburkholder / ato1day-compliance Goto Github PK
View Code? Open in Web Editor NEWATO-in-day
ATO-in-day
This is a holding place for issues related to reading and research....
Assuming a fictional nation of Freedonia,
Write an ideal SSP
Use opencontrol, compliance-masonry to generate something close to the ideal SSP.
This issue was automatically created by Allstar.
Security Policy Violation
Security policy not enabled.
A SECURITY.md file can give users information about what constitutes a vulnerability and how to report one securely so that information about a bug is not publicly visible. Examples of secure reporting methods include using an issue tracker with private issue support, or encrypted email with a published key.
To fix this, add a SECURITY.md file that explains how to handle vulnerabilities found in your repository. Go to https://github.com/pburkholder/ato1day-compliance/security/policy to enable.
For more information, see https://docs.github.com/en/code-security/getting-started/adding-a-security-policy-to-your-repository.
Created by pburkholder/.allstar and GSA-TTS/.allstar
This issue will auto resolve when the policy is in compliance.
Issue created by Allstar. See https://github.com/ossf/allstar/ for more information. For questions specific to the repository, please contact the owner or maintainer.
See opencontrol/compliance-masonry#131
If aws-compliance has a markdown directory (with or without diagrams) are those included in the final document?
This issue is my scratch space for gathering my thoughts to open an issue in discuss
To wit:
url
seems to require not a URL, but a path to Git repoopencontrol.yaml
even though it might be sensible to nest that as in freedonia-aws/compliance/opencontrol.yamldependencies
field should support an numbered/signed release/archiveSee also: opencontrol/discuss#4
Perhaps something like the following for 5 different systems:
dependencies:
systems:
- repository: https://bitbucket.com/org/repo
path: ./docs/compliance/opencontrol.yaml
revision: master
- archive: https://github.com/opencontrol/compliance-masonry/archive/v1.1.1.tar.gz
signature: https://github.com/opencontrol/compliance-masonry/archive/v1.1.1.tar.gz.asc
path: ./docs/compliance/opencontrol.yaml
- url: https://path/to/url/not/a/repo/opencontrol.yaml
- url: file://my/path/to/some/wip/opencontrol.yaml
- repository: file://my/path/to/git/repo
path: ./docs/compliance/opencontrol.yaml
revision: master
Why is there a benefit to cloning git repos locally?
archive would be best for assurance purposes
url or repository
Current state has too many non-implemented pages.
As a user of masonry, the plethora of fields is daunting, so some components should only have the minimal required field.
Corollary to #12, show how to use all the fields in a sane manner.
Once we have verifications of infra running, determine how to integrate with compliance framework. This may be more reading than anything else.
What I have in mind here is that:
18F has a https://github.com/18F/compliance-toolkit repo which seems to just be a duplicate place for issues re. opencontrol/schema and opencontrol/compliance-toolkit, adding confusion to how to track work on those projects. Tempted to call them out on that, but I'll let it ride for now.
Where are these compliance results coming from?
This issue was automatically created by Allstar.
Security Policy Violation
No protection found for branch master
Created by pburkholder/.allstar and GSA-TTS/.allstar
This issue will auto resolve when the policy is in compliance.
Issue created by Allstar. See https://github.com/ossf/allstar/ for more information. For questions specific to the repository, please contact the owner or maintainer.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.