├── .github ├── CODEOWNERS ├── ISSUE_TEMPLATE │ ├── bug_report.yml │ ├── config.yml │ └── feature_request.yml ├── dependabot.yaml ├── pull_request_template.md ├── release-drafter.yml └── workflows │ ├── auto-labeler.yml │ ├── baseline-scanner.yml │ ├── ci.yml │ ├── lint.yml │ ├── pr-title.yml │ └── release.yml ├── .gitignore ├── .goreleaser.yaml ├── CONTRIBUTING.md ├── LICENSE ├── Makefile ├── README.md ├── go.mod ├── go.sum ├── internal ├── loaders │ ├── loaders.go │ └── loaders_test.go └── oscal │ ├── utils.go │ └── utils_test.go ├── layer1 ├── document_example_test.go ├── generated_types.go ├── loaders.go ├── loaders_test.go ├── oscal_generator.go ├── oscal_generator_test.go └── test-data │ └── good-aigf.yaml ├── layer2 ├── generated_types.go ├── loaders.go ├── loaders_test.go ├── oscal_generator.go ├── oscal_generator_test.go └── test-data │ ├── bad.json │ ├── bad.yaml │ ├── good-ccc.json │ ├── good-ccc.yaml │ ├── good-osps.yml │ ├── nested-empty.yaml │ └── nested-good-ccc.yaml ├── layer3 ├── generated_types.go ├── loaders.go ├── loaders_test.go └── test-data │ ├── bad.json │ ├── bad.yaml │ ├── good-policy.yaml │ ├── good-security-policy.yml │ ├── good.json │ └── unsupported.txt ├── layer4 ├── assessment_log.go ├── assessment_log_test.go ├── control_evaluation.go ├── control_evaluation_test.go ├── evaluation_log.go ├── evaluation_plan.go ├── evaluation_plan_template.go ├── evaluation_plan_test.go ├── generated_types.go ├── result.go ├── result_test.go ├── test-data.go ├── test-data │ └── pvtr-baseline-scan.yaml └── to_sarif_test.go ├── schemas ├── layer-1.cue ├── layer-2.cue ├── layer-3.cue └── layer-4.cue ├── security-insights.yml └── utils ├── oscal ├── export │ ├── oscal_export_test.go │ └── oscal_exporter.go └── main.go └── types_tagger.go /.github/CODEOWNERS: -------------------------------------------------------------------------------- 1 | * @ossf/gemara 2 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/bug_report.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/gemara/HEAD/.github/ISSUE_TEMPLATE/bug_report.yml -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/config.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/gemara/HEAD/.github/ISSUE_TEMPLATE/config.yml -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/feature_request.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/gemara/HEAD/.github/ISSUE_TEMPLATE/feature_request.yml -------------------------------------------------------------------------------- /.github/dependabot.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/gemara/HEAD/.github/dependabot.yaml -------------------------------------------------------------------------------- /.github/pull_request_template.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/gemara/HEAD/.github/pull_request_template.md -------------------------------------------------------------------------------- /.github/release-drafter.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/gemara/HEAD/.github/release-drafter.yml -------------------------------------------------------------------------------- /.github/workflows/auto-labeler.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/gemara/HEAD/.github/workflows/auto-labeler.yml -------------------------------------------------------------------------------- /.github/workflows/baseline-scanner.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/gemara/HEAD/.github/workflows/baseline-scanner.yml -------------------------------------------------------------------------------- /.github/workflows/ci.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/gemara/HEAD/.github/workflows/ci.yml -------------------------------------------------------------------------------- /.github/workflows/lint.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/gemara/HEAD/.github/workflows/lint.yml -------------------------------------------------------------------------------- /.github/workflows/pr-title.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/gemara/HEAD/.github/workflows/pr-title.yml -------------------------------------------------------------------------------- /.github/workflows/release.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/gemara/HEAD/.github/workflows/release.yml -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/gemara/HEAD/.gitignore -------------------------------------------------------------------------------- /.goreleaser.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/gemara/HEAD/.goreleaser.yaml -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/gemara/HEAD/CONTRIBUTING.md -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/gemara/HEAD/LICENSE -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/gemara/HEAD/Makefile -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/gemara/HEAD/README.md -------------------------------------------------------------------------------- /go.mod: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/gemara/HEAD/go.mod -------------------------------------------------------------------------------- /go.sum: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/gemara/HEAD/go.sum -------------------------------------------------------------------------------- /internal/loaders/loaders.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/gemara/HEAD/internal/loaders/loaders.go -------------------------------------------------------------------------------- /internal/loaders/loaders_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/gemara/HEAD/internal/loaders/loaders_test.go -------------------------------------------------------------------------------- /internal/oscal/utils.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/gemara/HEAD/internal/oscal/utils.go -------------------------------------------------------------------------------- /internal/oscal/utils_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/gemara/HEAD/internal/oscal/utils_test.go -------------------------------------------------------------------------------- /layer1/document_example_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/gemara/HEAD/layer1/document_example_test.go -------------------------------------------------------------------------------- /layer1/generated_types.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/gemara/HEAD/layer1/generated_types.go -------------------------------------------------------------------------------- /layer1/loaders.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/gemara/HEAD/layer1/loaders.go -------------------------------------------------------------------------------- /layer1/loaders_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/gemara/HEAD/layer1/loaders_test.go -------------------------------------------------------------------------------- /layer1/oscal_generator.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/gemara/HEAD/layer1/oscal_generator.go -------------------------------------------------------------------------------- /layer1/oscal_generator_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/gemara/HEAD/layer1/oscal_generator_test.go -------------------------------------------------------------------------------- /layer1/test-data/good-aigf.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/gemara/HEAD/layer1/test-data/good-aigf.yaml -------------------------------------------------------------------------------- /layer2/generated_types.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/gemara/HEAD/layer2/generated_types.go -------------------------------------------------------------------------------- /layer2/loaders.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/gemara/HEAD/layer2/loaders.go -------------------------------------------------------------------------------- /layer2/loaders_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/gemara/HEAD/layer2/loaders_test.go -------------------------------------------------------------------------------- /layer2/oscal_generator.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/gemara/HEAD/layer2/oscal_generator.go -------------------------------------------------------------------------------- /layer2/oscal_generator_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/gemara/HEAD/layer2/oscal_generator_test.go -------------------------------------------------------------------------------- /layer2/test-data/bad.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/gemara/HEAD/layer2/test-data/bad.json -------------------------------------------------------------------------------- /layer2/test-data/bad.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/gemara/HEAD/layer2/test-data/bad.yaml -------------------------------------------------------------------------------- /layer2/test-data/good-ccc.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/gemara/HEAD/layer2/test-data/good-ccc.json -------------------------------------------------------------------------------- /layer2/test-data/good-ccc.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/gemara/HEAD/layer2/test-data/good-ccc.yaml -------------------------------------------------------------------------------- /layer2/test-data/good-osps.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/gemara/HEAD/layer2/test-data/good-osps.yml -------------------------------------------------------------------------------- /layer2/test-data/nested-empty.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/gemara/HEAD/layer2/test-data/nested-empty.yaml -------------------------------------------------------------------------------- /layer2/test-data/nested-good-ccc.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/gemara/HEAD/layer2/test-data/nested-good-ccc.yaml -------------------------------------------------------------------------------- /layer3/generated_types.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/gemara/HEAD/layer3/generated_types.go -------------------------------------------------------------------------------- /layer3/loaders.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/gemara/HEAD/layer3/loaders.go -------------------------------------------------------------------------------- /layer3/loaders_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/gemara/HEAD/layer3/loaders_test.go -------------------------------------------------------------------------------- /layer3/test-data/bad.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/gemara/HEAD/layer3/test-data/bad.json -------------------------------------------------------------------------------- /layer3/test-data/bad.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/gemara/HEAD/layer3/test-data/bad.yaml -------------------------------------------------------------------------------- /layer3/test-data/good-policy.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/gemara/HEAD/layer3/test-data/good-policy.yaml -------------------------------------------------------------------------------- /layer3/test-data/good-security-policy.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/gemara/HEAD/layer3/test-data/good-security-policy.yml -------------------------------------------------------------------------------- /layer3/test-data/good.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/gemara/HEAD/layer3/test-data/good.json -------------------------------------------------------------------------------- /layer3/test-data/unsupported.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/gemara/HEAD/layer3/test-data/unsupported.txt -------------------------------------------------------------------------------- /layer4/assessment_log.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/gemara/HEAD/layer4/assessment_log.go -------------------------------------------------------------------------------- /layer4/assessment_log_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/gemara/HEAD/layer4/assessment_log_test.go -------------------------------------------------------------------------------- /layer4/control_evaluation.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/gemara/HEAD/layer4/control_evaluation.go -------------------------------------------------------------------------------- /layer4/control_evaluation_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/gemara/HEAD/layer4/control_evaluation_test.go -------------------------------------------------------------------------------- /layer4/evaluation_log.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/gemara/HEAD/layer4/evaluation_log.go -------------------------------------------------------------------------------- /layer4/evaluation_plan.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/gemara/HEAD/layer4/evaluation_plan.go -------------------------------------------------------------------------------- /layer4/evaluation_plan_template.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/gemara/HEAD/layer4/evaluation_plan_template.go -------------------------------------------------------------------------------- /layer4/evaluation_plan_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/gemara/HEAD/layer4/evaluation_plan_test.go -------------------------------------------------------------------------------- /layer4/generated_types.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/gemara/HEAD/layer4/generated_types.go -------------------------------------------------------------------------------- /layer4/result.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/gemara/HEAD/layer4/result.go -------------------------------------------------------------------------------- /layer4/result_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/gemara/HEAD/layer4/result_test.go -------------------------------------------------------------------------------- /layer4/test-data.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/gemara/HEAD/layer4/test-data.go -------------------------------------------------------------------------------- /layer4/test-data/pvtr-baseline-scan.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/gemara/HEAD/layer4/test-data/pvtr-baseline-scan.yaml -------------------------------------------------------------------------------- /layer4/to_sarif_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/gemara/HEAD/layer4/to_sarif_test.go -------------------------------------------------------------------------------- /schemas/layer-1.cue: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/gemara/HEAD/schemas/layer-1.cue -------------------------------------------------------------------------------- /schemas/layer-2.cue: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/gemara/HEAD/schemas/layer-2.cue -------------------------------------------------------------------------------- /schemas/layer-3.cue: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/gemara/HEAD/schemas/layer-3.cue -------------------------------------------------------------------------------- /schemas/layer-4.cue: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/gemara/HEAD/schemas/layer-4.cue -------------------------------------------------------------------------------- /security-insights.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/gemara/HEAD/security-insights.yml -------------------------------------------------------------------------------- /utils/oscal/export/oscal_export_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/gemara/HEAD/utils/oscal/export/oscal_export_test.go -------------------------------------------------------------------------------- /utils/oscal/export/oscal_exporter.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/gemara/HEAD/utils/oscal/export/oscal_exporter.go -------------------------------------------------------------------------------- /utils/oscal/main.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/gemara/HEAD/utils/oscal/main.go -------------------------------------------------------------------------------- /utils/types_tagger.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/gemara/HEAD/utils/types_tagger.go --------------------------------------------------------------------------------