Trestle demonstration projects and content¤
Trestle has a number of demonstrations setup in the oscal-compass/compliance-trestle-demos repository which is intended to be a single point of call for demonstrations and content.
If you are interested in contributing a demonstration / content open a PR to the demonstration repo and a PR to this page.
Demonstrations, where practical, should include instructions on how they were created.
Current demonstrations¤
Simple sdk examples.¤
This folder contains a number of small examples for using the trestle OSCAL sdks.
Australian government Information Security Manual (ISM)¤
This demonstration uses trestle as an SDK for generating OSCAL files. This demonstration downloads all currently available versions of the Australian Government ISM from ACSC and converts those documents to a set of OSCAL catalogs and profiles. Read more about the demo here.
arc42 architectural template enforcement using trestle author.¤
arc42 have created a set of open-source architecture documentation templates. This demonstration
uses trestle author to enforce use of the (modified) arc42 templates.
A CICD pipeline (using github actions) is used for this demonstration. The full repository, including working CICD is here. Read more about the demo here.
Trestle flask microservice demonstration.¤
trestle uses a python library called pydantic to form the underlying OSCAL object models. flask-pydantic introduces a mechanism which integrates pydantic models into flask, providing automated user input validation in one line of code. This demo accepts a catalog as a POSTed object, throwing errors if the catalog does not meet the schema, and returns the catalog in the response. Find the demonstration here.
Creating a CIS controls catalog from an excel spreadsheet.¤
The Centre for Internet Security (CIS) produce a number of cross industry standards for IT security including their platform specific benchmarks and a suite of controls. This demo converts a spreadsheet of those controls into a a catalog and three profiles.
Creating an SSP using trestle author.¤
trestle author ssp-generate and trestle author ssp-assemble allow users to generate first a set of markdown documents to allow easy editing of control responses and second to reassemble that information up into an OSCAL ssp document. This is a 'baseline' demonstration with more sophisticated updates expected in the near term.
Trestle Repository API (trestle.core.repository)¤
trestle.core.repository is an API which abstracts users from the file system of a trestle repository. It provides a way for external developers to access a trestle repository without relying on presumptions (such as cwd being within the repository). Find the demo here.
Converting a spreadsheet into a component-definition¤
Plenty of compliance content exists today in spreadsheets. This demonstration show how to use the xlsx-to-oscal-component-definition MVP functionality.