Add OSCAL component for Kyverno
Similiar to #996 (closed) , reviewing the Gatekeeper controls and adjust as needed for Kyverno. There may be other controls related to the validation of signed objects that Kyverno is capable of be in addition to the Gatekeeper controls
sp800-53b-control-baselines-p1__1_.xlsx
- Create a file called
oscal-component.yamlin the top level of the packge repo
component-definition:
uuid: <<unique uuid>>
metadata:
title: << Component Name>>
last-modified: '2021-10-19T12:00:00Z'
version: 20211019
oscal-version: 1.0.0
parties:
# Should be consistent across all of the packages, but where is ground truth?
- uuid: 72134592-08C2-4A77-ABAD-C880F109367A
type: organization
name: Platform One
links:
- href: <https://p1.dso.mil>
rel: website
components:
- uuid: <<unique uuid>>
type: software
title: << Component Name >>
description: |
<< Fill me out >>
purpose: << Fill me out >>
responsible-roles:
- role-id: provider
party-uuid: 72134592-08C2-4A77-ABAD-C880F109367A # matches parties entry for p1
control-implementations:
- uuid: <<unique uuid>>
source: https://raw.githubusercontent.com/usnistgov/oscal-content/master/nist.gov/SP800-53/rev5/json/NIST_SP-800-53_rev5_catalog.json
description:
Controls implemented by <component> for inheritance by applications
implemented-requirements:
// for each row
- uuid: 6EC9C476-9C9D-4EF6-854B-A5B799D8AED1
control-id: <control-id> // The control in the row that has a non-empty cell in the column for this package
description: >-
< insert the contents of the cell in the the tableSee https://repo1.dso.mil/platform-one/big-bang/apps/core/authservice/-/merge_requests/59 for an example