merging with main

.github/ISSUE_TEMPLATE/release_proposal.md

@@ -23,7 +23,7 @@ assignees: "damienjburks"
 - [ ] Modify the `metadata.yaml` files to include the latest release details. This can be accomplished in an automated form by running the following command:
 
   ```text
-  cd delivery-tooling
+  cd delivery-toolkit
   go run . release-notes -t /services/storage/object
   ```
 

.github/workflows/pr-title.yaml

@@ -0,0 +1,30 @@
+## Reference: https://github.com/amannn/action-semantic-pull-request
+---
+name: "Lint PR Title"
+on:
+  # pull_request_target event is required for autolabeler to support all PRs including forks
+  pull_request_target:
+    types: [opened, reopened, edited, synchronize]
+jobs:
+  lint_pr_title:
+    permissions:
+      contents: read
+      pull-requests: read
+      statuses: write
+    uses: jmeridth/reusable-workflows/.github/workflows/pr-title.yaml@d788c4f6994c7b37134a9f592fe5db42fd7a0957
+    with:
+      types: |
+        add
+        change
+        remove
+      scopes: |
+        ci
+        docs
+        feature
+        threat
+        control
+        category
+        family
+      requireScope: true
+    secrets:
+      github-token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/release.yml

@@ -17,7 +17,7 @@ jobs:
     runs-on: ubuntu-latest
     defaults:
       run:
-        working-directory: ./delivery-tooling
+        working-directory: ./delivery-toolkit
     steps:
       - uses: actions/checkout@v4
         name: Build
@@ -65,7 +65,7 @@ jobs:
         uses: actions/upload-artifact@v4.4.0
         with:
           name: ccc-catalogs
-          path: ./delivery-tooling/artifacts/*
+          path: ./delivery-toolkit/artifacts/*
           if-no-files-found: error
           retention-days: 1 # Maximum Retention
 

.github/workflows/sonatype_scan.yaml

@@ -9,7 +9,7 @@ on:
 env:
   SonatypeUrl: "https://finos.sonatype.app/platform/"
   SonatypeAppId: "ccc-delivery"
-  SonatypeScanTarget: "delivery-tooling/"
+  SonatypeScanTarget: "delivery-toolkit/"
   ExcludeDirectory: ""
 
 jobs:

.gitignore

@@ -3,5 +3,5 @@ build/oscal-cli
 # VS Code 
 .DS_Store
 # Delivery Tooling
-delivery-tooling/artifacts
+delivery-toolkit/artifacts
 .env/

.prettierignore

@@ -1 +1 @@
-delivery-tooling/*
+delivery-toolkit/*

delivery-tooling/catalog-compiler.go → delivery-toolkit/catalog-compiler.go

@@ -1,10 +1,12 @@
 package main
 
 import (
+	"bytes"
 	"fmt"
 	"log"
 	"os"
 	"path/filepath"
+	"strings"
 
 	"github.com/spf13/viper"
 	"gopkg.in/yaml.v3"
@@ -30,6 +32,7 @@ type Control struct {
 	NISTCSF          string                 `yaml:"nist_csf"`
 	ControlMappings  map[string]interface{} `yaml:"control_mappings"`
 	TestRequirements []TestRequirements     `yaml:"test_requirements"`
+	Link             string
 }
 
 type TestRequirements struct {
@@ -57,7 +60,7 @@ type ReleaseDetails struct {
 	ThreatModelURL     string         `yaml:"threat_model_url"`
 	ThreatModelAuthor  string         `yaml:"threat_model_author"`
 	RedTeam            string         `yaml:"red_team"`
-	RedTeamExercizeURL string         `yaml:"red_team_exercize_url"`
+	RedTeamExerciseURL string         `yaml:"red_team_exercise_url"`
 	ReleaseManager     ReleaseManager `yaml:"release_manager"`
 	ChangeLog          []string       `yaml:"change_log"`
 	Contributors       []Contributors `yaml:"contributors"`
@@ -86,6 +89,7 @@ type Feature struct {
 	ID          string `yaml:"id"`
 	Title       string `yaml:"title"`
 	Description string `yaml:"description"`
+	Link        string
 }
 
 // ThreatSet is a struct that represents the threats.yaml file
@@ -100,6 +104,7 @@ type Threat struct {
 	Description    string   `yaml:"description"`
 	Features       []string `yaml:"features"`
 	MITRETechnique []string `yaml:"mitre_technique"`
+	Link           string
 }
 
 func formatList(items []string) string {
@@ -159,6 +164,33 @@ func unmarshalData(dataName string, dataSet interface{}) {
 	}
 }
 
+func createLink(id string, title string) string {
+	var buffer bytes.Buffer
+
+	buffer.WriteString(strings.ToLower(strings.ReplaceAll(id, ".", "")))
+	buffer.WriteString("---")
+	buffer.WriteString(strings.ToLower(strings.ReplaceAll(strings.ReplaceAll(title, ",", ""), " ", "-")))
+	return buffer.String()
+}
+
+func addFeatureLink(features []Feature) {
+	for index, element := range features {
+		features[index].Link = createLink(element.ID, element.Title)
+	}
+}
+
+func addThreatLink(threats []Threat) {
+	for index, element := range threats {
+		threats[index].Link = createLink(element.ID, element.Title)
+	}
+}
+
+func addControlLink(controls []Control) {
+	for index, element := range controls {
+		controls[index].Link = createLink(element.ID, element.Title)
+	}
+}
+
 func readAndCompileCatalog() (data CompiledCatalog) {
 	// read controls.yaml, features.yaml, threats.yaml, and metadata.yaml from dir path
 	controlsData := ControlSet{}
@@ -178,6 +210,13 @@ func readAndCompileCatalog() (data CompiledCatalog) {
 	commonThreatsData := ThreatSet{}
 	unmarshalData("common-threats", &commonThreatsData)
 
+	addFeatureLink(featuresData.SpecificFeatures)
+	addFeatureLink(commonFeaturesData.SpecificFeatures)
+	addThreatLink(threatsData.SpecificThreats)
+	addThreatLink(commonThreatsData.SpecificThreats)
+	addControlLink(controlsData.SpecificControls)
+	addControlLink(commonControlsData.SpecificControls)
+
 	return CompiledCatalog{
 		Metadata:             metadata,
 		Controls:             append(commonControlsData.SpecificControls, controlsData.SpecificControls...),

delivery-tooling/main.go → delivery-toolkit/main.go

@@ -35,7 +35,7 @@ var (
 		},
 		Run: func(cmd *cobra.Command, args []string) {
 			fmt.Println(divider)
-			fmt.Println("Welcome to the CCC Delivery Tooling CLI v" + Version)
+			fmt.Println("Welcome to the CCC Delivery Toolkit CLI v" + Version)
 			fmt.Print(logo)
 			fmt.Println(divider)
 			fmt.Println("You appear to be exploring!")

delivery-tooling/templates/catalog.md → delivery-toolkit/templates/catalog.md

@@ -7,7 +7,7 @@
 
 ## Release Notes
 
-> _{{ .LatestReleaseDetails.ReleaseManager.Summary }}_
+> {{ .LatestReleaseDetails.ReleaseManager.Summary }}
 
 Release Manager - **{{ .LatestReleaseDetails.ReleaseManager.Name }}, {{ .LatestReleaseDetails.ReleaseManager.Company }}** ([{{ .LatestReleaseDetails.ReleaseManager.GithubId }}](https://github.com/{{ .LatestReleaseDetails.ReleaseManager.GithubId }}))
 
@@ -21,7 +21,7 @@ Release Manager - **{{ .LatestReleaseDetails.ReleaseManager.Name }}, {{ .LatestR
 |Feature ID|Feature Title|
 |----|----|
 {{- range .Features }}
-|{{ .ID }}|{{ .Title }}|
+|[{{ .ID }}](#{{ .Link }})|{{ .Title }}|
 {{- end }}
 
 ---
@@ -36,7 +36,7 @@ Release Manager - **{{ .LatestReleaseDetails.ReleaseManager.Name }}, {{ .LatestR
 |Threat ID|Threat Title|
 |----|----|
 {{- range .Threats }}
-|{{ .ID }}|{{ .Title }}|
+|[{{ .ID }}](#{{ .Link }})|{{ .Title }}|
 {{- end }}
 
 ---
@@ -49,9 +49,9 @@ Release Manager - **{{ .LatestReleaseDetails.ReleaseManager.Name }}, {{ .LatestR
 - {{ . }}
 {{- end }}
 
-**Related MITRE ATT&CK Values:**
+**Related MITRE ATT&CK Techniques:**
 {{ range .MITRETechnique }}
-- {{ . }}
+- [{{ . }}](https://attack.mitre.org/techniques/{{ . }})
 {{- end }}
 {{ end }}
 
@@ -60,7 +60,7 @@ Release Manager - **{{ .LatestReleaseDetails.ReleaseManager.Name }}, {{ .LatestR
 |Control ID|Control Title|
 |----|----|
 {{- range .Controls }}
-|{{ .ID }}|{{ .Title }}|
+|[{{ .ID }}](#{{ .Link }})|{{ .Title }}|
 {{- end }}
 
 ---

delivery-tooling/templates/release-notes.md → delivery-toolkit/templates/release-notes.md

@@ -1,5 +1,5 @@
 <!-- markdownlint-disable -->
-# {{ .Metadata.Title }} Release Details - v{{ .LatestReleaseDetails.Version }} ({{ .Metadata.ID }})
+# {{ .Metadata.Title }} - v{{ .LatestReleaseDetails.Version }} ({{ .Metadata.ID }})
 
 ## Summary
 {{ .LatestReleaseDetails.ReleaseManager.Summary }}

delivery-tooling/update-metadata.go → delivery-toolkit/update-metadata.go

@@ -16,8 +16,8 @@ import (
 )
 
 var (
-	MetadataFilepath   string
 	BuildDirectoryPath string
+	MetadataFilePath   string
 
 	// baseCmd represents the base command when called without any subcommands
 	updateMetadataCmd = &cobra.Command{
@@ -37,14 +37,14 @@ var (
 			servicesDir := viper.GetString("services-dir")
 			buildTarget := viper.GetString("build-target")
 
-			buildDirectoryPath := filepath.Join(servicesDir, buildTarget)
-			MetadataFilepath = filepath.Join(buildDirectoryPath, "metadata.yaml")
+			BuildDirectoryPath = filepath.Join(servicesDir, buildTarget)
+			MetadataFilePath = filepath.Join(BuildDirectoryPath, "metadata.yaml")
 
 			err := updateMetadata()
 			if err != nil {
 				fmt.Println(err)
 			} else {
-				fmt.Printf("Metadata has been updated successfully: %s\n", MetadataFilepath)
+				fmt.Printf("Metadata has been updated successfully: %s\n", MetadataFilePath)
 			}
 		},
 	}
@@ -70,12 +70,11 @@ func updateMetadata() (err error) {
 	// Create a new GitHub client
 	client := github.NewClient(tc)
 
-	// Prepare the options to filter commits by the specified path (directory)
+	// Fetch the list of commits from the repository
+	cleanedPath := strings.Replace(filepath.ToSlash(BuildDirectoryPath), "../", "", 1)
 	opts := &github.CommitsListOptions{
-		Path: BuildDirectoryPath,
+		Path: cleanedPath,
 	}
-
-	// Fetch the list of commits from the repository
 	commits, _, err := client.Repositories.ListCommits(ctx, repoOwner, repoName, opts)
 	if err != nil {
 		log.Fatalf("Error fetching commits: %v", err)
@@ -137,7 +136,7 @@ func updateMetadata() (err error) {
 		log.Fatalf("Error marshaling YAML: %v", err)
 	}
 
-	err = os.WriteFile(MetadataFilepath, metadataData, os.FileMode(0666))
+	err = os.WriteFile(MetadataFilePath, metadataData, os.FileMode(0666))
 	if err != nil {
 		log.Fatalf("Error writing to the YAML file: %v", err)
 	}
@@ -148,7 +147,7 @@ func updateMetadata() (err error) {
 
 func getMetadataYaml() Metadata {
 	// Read the YAML file
-	yamlFile, err := os.ReadFile(MetadataFilepath)
+	yamlFile, err := os.ReadFile(MetadataFilePath)
 	if err != nil {
 		log.Fatalf("Error reading YAML file: %v", err)
 	}

docs/community-guidelines/README.md

@@ -4,19 +4,5 @@ Guidelines are formal recommendations to the community provided as structured ou
 
 This directory will contain all guidelines recommended.
 
-## Adding or Modifying a Guideline
-
-- Changes can be suggested by anyone by raising a PR and notifying the Community Structure [WG] using the mailing list <ccc-structure@lists.finos.org> for consideration.
-- Then the members of the Community Structure [WG] should discuss this issue in their [WG] meetings and approve the PR for it to become a recommendation.
-
-## Upgrading a Recommendation to become a Policy
-
-In order for a guideline to become a policy a [SC], they must be put forward for a [vote] by a [SC] member sponsor.
-
-1. A pull request should be made by the [SC] sponsor to move the guideline into the [Policies] directory.
-2. The [SC] sponsor should call a [SC] [vote] and if approved by the majority the PR can be merged and the recommendation is now a policy.
-
-[Policies]: ../community-policies
-[vote]: ../governance/steering/charter.md#voting
 [SC]: ../governance/community-structure.md#steering-committee
 [WG]: ../governance/community-structure.md#working-groups

docs/community-guidelines/adding-modifying-guidelines.md

@@ -0,0 +1,9 @@
+# Adding or Modifying Community Guidelines
+
+This document is a [community guideline].
+
+- New community guidelines or changes to existing ones can be suggested by anyone by raising a PR and notifying the [Community Structure WG] using the mailing list <ccc-structure@lists.finos.org> for consideration.
+- Then the members of the [Community Structure WG] should discuss this issue in their WG meetings and approve the PR for it to become a recommendation.
+
+[community guideline]: ./README.md
+[Community Structure WG]: ../governance/community-structure.md#working-groups