ARCHIVED: This project is archived and no longer maintained. No further releases, bug fixes, or security updates will be provided.
ComplyScribe was originally built to transform compliance content between ComplianceAsCode/content and OSCAL formats, providing OSCAL content consumed by complyctl. However, complyctl has been redesigned to use Gemara as its core engine. complyctl can still generate OSCAL as output but no longer requires OSCAL as input, making complyscribe's transformation pipeline obsolete.
Container images on
quay.io/continuouscompliance/complyscribeare frozen at the last release (v0.14.0) and will not receive updates.
ComplyScribe was a CLI tool that assisted users in leveraging Compliance-Trestle in CI/CD workflows for OSCAL formatted compliance content management.
The autosync command will sync trestle-generated Markdown files to OSCAL JSON files in a trestle workspace. All content under the provided markdown directory will be transformed when the action is run. This action supports all top-level models supported by compliance-trestle for authoring.
The rules-transform command can be used when managing OSCAL Component Definitions in a trestle workspace. The action will transform rules defined in the rules YAML view to an OSCAL Component Definition JSON file.
The create compdef command can be used to create a new OSCAL Component Definition in a trestle workspace. The action will create a new Component Definition JSON file and corresponding directories that contain rules YAML files and trestle-generated Markdown files. This action prepares the workspace for use with the rules-transform and autosync actions.
The sync-upstreams command can be used to sync and validate upstream OSCAL content stored in a git repository to a local trestle workspace. The inputs include_models and exclude_models determine which content is synced to the trestle workspace.
The create ssp command can be used to create a new OSCAL System Security Plans (SSP) in a trestle workspace. The action will create a new SSP JSON file and corresponding directories that contain trestle-generated Markdown files. This action prepares the workspace for use with the autosync action by creating or updating the ssp-index.json file. The ssp-index.json file is used to track the relationships between the SSP and the other OSCAL content in the workspace for the autosync action.
The sync-cac-content command supports transforming the CaC content to OSCAL models in a trestle workspace. For detailed documentation on how to use, see the sync-cac-content.md.
The sync-oscal-content command supports sync OSCAL models to the CaC content in a trestle workspace. For detailed documentation on how to use, see the sync-oscal-content.md.
Below is a table of the available commands and their current availability as a GitHub Action:
| Command | Available as a GitHub Action |
|---|---|
autosync |
✓ |
rules-transform |
✓ |
create compdef |
✓ |
sync-upstreams |
✓ |
create ssp |
|
sync-cac-content component-definition |
|
sync-cac-content profile |
|
sync-cac-content catalog |
|
sync-oscal-content component-definition |
|
sync-oscal-content profile |
|
sync-oscal-content catalog |
For detailed documentation on how to use each action, see the README.md in each folder under actions.
Note: Only applicable if using
complyscribeto create pull requests. Automatically detecting the git provider information is supported for GitHub Actions (GitHub) and GitLab CI (GitLab).
- GitHub
- GitLab
Note: When running the commands in a container, all are prefixed with
complyscribe(e.g.complyscribe autosync). The default entrypoint for the container is the autosync command.
Build and run the container locally:
podman build -f Dockerfile -t complyscribe .
podman run -v $(pwd):/data -w /data complyscribe Container images are available in quay.io:
podman run -v $(pwd):/data -w /data quay.io/continuouscompliance/complyscribe:<tag>For information about contributing to complyscribe, see the CONTRIBUTING.md file.
This project is licensed under the Apache 2.0 License - see the LICENSE.md file for details.
See TROUBLESHOOTING.md for troubleshooting tips.