Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement support for externally developed plugins #2

Open
5 tasks
jpower432 opened this issue Nov 4, 2024 · 1 comment
Open
5 tasks

Implement support for externally developed plugins #2

jpower432 opened this issue Nov 4, 2024 · 1 comment

Comments

@jpower432
Copy link
Member

jpower432 commented Nov 4, 2024
edited
Loading

Continuing the conversation originating from oscal-compass#23. The goal would be enable plugins to be developed externally without having to recompile C2P and reuse the plugins being developed in C2P Python.

Objectives

Define a plugin interface will allow externally developed plugins to be used with C2P core while allowing the reuse of existing plugins being developed in C2P Python.

Based on previous conversation wioth @yana1205, proposing the core plugin management logic be implemented in Go and the use of RPC based plugins.

Rationale

  • External plugins allow more flexibility on what types of automation can be integrated and can be helpful when the automation or policy engine implementation is specialized (i.e. not general enough to be contributed back to C2P)
  • Less to maintain in C2P and reduces the chance of bloat for every new implementation's dependencies
  • Allows plugins to be reused in the different languages C2P supports. For example, the Python Auditree plugin could be reused.

Completion Criteria

I have added some high-level features I am proposing to support below. Some are brand new to C2P and some are based on the features of C2P Python for consistency.

Parity with C2P Python

  • Add a plugin spec for interacting with policy engines (PVP) to include policy generate and results transformation
  • Add support for heterogeneous environment use cases meaning that C2P may interact with one or more plugins to get data incorporated into an OSCAL Assessment Result
  • Support the plugin lifecycle (e.g. discovery, registration, initialization. start, stop)

New

  • Add a plugin spec for interacting with remediation engines to provide remediation instructions/artifacts or implementation to remediate findings detected and stored in OSCAL Assessment Results during the scanning process. Proposing that the default behavior with no finding input be that all configured remediation data be generated or implemented.
  • Add support for Assessment Plan as an input for RuleSet information (This may be partially implemented in oscal-sdk-go as a transformation from Component Definitions to Assessment Plans)
@jpower432
Copy link
Member Author

Adding a link to my fork where I am testing out some of these concepts - https://github.com/jpower432/compliance-to-policy-go/tree/feat/v2-module/v2

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jpower432