go-oscal

go-oscal is a comprehensive Go library designed for interacting with the Open Security Controls Assessment Language (OSCAL). It offers robust support for OSCAL releases >=1.0.4, providing Go types that correspond to the latest OSCAL schemas. Notably, go-oscal offers more than just type definitions; it includes tooling for validating OSCAL documents against their respective OSCAL version schemas, facilitating the seamless transition of existing OSCAL documents to newer versions, and generating new OSCAL types as needed. Leveraging the OSCAL Complete Schema definition, go-oscal ensures that developers have access to the most up-to-date and accurate representations of OSCAL releases for their projects.

Table Of Contents

• go-oscal
  • Table Of Contents
  • Usage
    • CLI
      • Commands
    • Import
      • Using Types
  • Development
  • Additional Resources and Projects

Usage

CLI

• Clone the repository and change into the go-oscal directory
• Build the CLI

go build .

Commands

• root
• validate
• revise
• doctor
• generate

Import

go get github.com/defenseunicorns/go-oscal

Using Types

// Types can be imported by their version
oscalTypes_1_1_2 "github.com/defenseunicorns/go-oscal/src/types/oscal-1-1-2"

result := oscalTypes_1_1_2.Result{
    Findings: &[]oscalTypes_1_1_2.Finding{
        {
            Target: oscalTypes_1_1_2.FindingTarget{
                TargetId: "ID-1",
                Status: oscalTypes_1_1_2.ObjectiveStatus{
                    State: "satisfied",
                },
            },
        },
    },
}

Development

For development, the Makefile can be used to build, test, and generate the Go structs:

make test

Additional Resources and Projects

• lula
• OSCAL
• fedramp automation
• Awesome Oscal