Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

"provided-by" links between service and software components being flagged #2046

Open
Telos-sa opened this issue Sep 16, 2024 · 3 comments
Open

"provided-by" links between service and software components being flagged #2046

Telos-sa opened this issue Sep 16, 2024 · 3 comments
Labels
bug

Comments

@Telos-sa
Copy link

Describe the bug

Errors from oscal-cli:
Screenshot 2024-09-16 at 10 36 37 AM

These uuid references are established correctly, but are being flagged by the oscal-cli:
Error 1:
Software being referenced:
Screenshot 2024-09-16 at 10 40 54 AM
Reference point from service component:
Screenshot 2024-09-16 at 10 41 37 AM

Error 2:
Software being referenced:
Screenshot 2024-09-16 at 10 42 33 AM
Reference point from service component:
Screenshot 2024-09-16 at 10 43 00 AM

Who is the bug affecting

Any user attempting to accurately validate and OSCAL SSP that establishes 'provided-by' links between software and services.

What is affected by this bug

OSCAL Content

How do we replicate this issue

  1. Create an OSCAL SSP with at least 1 software component that is defined, and then referenced via a 'provided-by' link in a service component.
  2. Validate the OSCAL SSP and review error log

Expected behavior (i.e. solution)

No errors should be raised for 'provided-by' links that are established correctly

Other comments

No response

Revisions

No response
@Telos-sa Telos-sa added the bug label Sep 16, 2024
@iMichaela
Copy link
Contributor

@Telos-sa - Please provide the oscal-cli version. Not clear this is an OSCAL bug. Further analysis is needed. Looking at the example above, I am guessing it is a FedRAMP example. Please confirm the origin of the example provided as valid and the oscal-cli version.

@Telos-sa
Copy link
Author

Now using oscal-cli v1.0.3 from https://github.com/usnistgov/oscal-cli.

The same sections of the schema provided in the initial issue are still being flagged, its just slightly less descriptive:
Screenshot 2024-09-16 at 4 01 33 PM

@Telos-sa Telos-sa mentioned this issue Sep 17, 2024
Open
@iMichaela
Copy link
Contributor

@Telos-sa - Can you provide please the entire file (curated) via email at [email protected]. The snippets are not providing full proof that the data is in the right place.

The first error tells that the 3rd link of the 9th component from the list of components included in the system-implementation of your SSP is not found among the keys of the components listed in the system-implementation.

The second error tells that the 2rd link of the 11th component from the list of components included in the system-implementation of your SSP is not found among the keys of the components listed in the system-implementation.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
NIST OSCAL Work Board
Status: Needs Triage
Milestone
No milestone
Development

No branches or pull requests
2 participants
@iMichaela @Telos-sa