Merge branch 'main' into patch-31

.github/ISSUE_TEMPLATE/minutes_all-hands-comms.md

@@ -23,7 +23,7 @@ MM/DD/YYYY - 12:00 ET / 17:00 UK
 ## Meeting notices
 
 - FINOS **Project leads** are responsible for observing the FINOS guidelines for [running project meetings](https://community.finos.org/docs/governance/meeting-procedures/). Project maintainers can find additional resources in the [FINOS Maintainers Cheatsheet](https://community.finos.org/docs/finos-maintainers-cheatsheet).
-- **All participants** in FINOS project meetings are subject to the [LF Antitrust Policy](https://www.linuxfoundation.org/antitrust-policy/), the [FINOS Community Code of Conduct](https://community.finos.org/docs/governance/code-of-conduct) and all other [FINOS policies](https://community.finos.org/docs/governance/#policies).
+- **All participants** in FINOS project meetings are subject to the [LF Antitrust Policy](https://www.linuxfoundation.org/legal/antitrust-policy), the [FINOS Community Code of Conduct](https://community.finos.org/docs/governance/code-of-conduct) and all other [FINOS policies](https://community.finos.org/docs/governance/#policies).
 - FINOS meetings involve participation by industry competitors, and it is the intention of FINOS and the Linux Foundation to conduct all of its activities in accordance with applicable antitrust and competition laws. It is therefore extremely important that attendees adhere to meeting agendas, and be aware of, and not participate in, any activities that are prohibited under applicable US state, federal or foreign antitrust and competition laws. Please contact [email protected] with any questions.
 - FINOS project meetings may be recorded for use solely by the FINOS team for administration purposes. In very limited instances, and with explicit approval, recordings may be made more widely available.
 

.github/ISSUE_TEMPLATE/minutes_community-structure.md

@@ -21,7 +21,7 @@ MM/DD/YYYY - 12:00 ET / 17:00 UK
 ## Meeting notices
 
 - FINOS **Project leads** are responsible for observing the FINOS guidelines for [running project meetings](https://community.finos.org/docs/governance/meeting-procedures/). Project maintainers can find additional resources in the [FINOS Maintainers Cheatsheet](https://community.finos.org/docs/finos-maintainers-cheatsheet).
-- **All participants** in FINOS project meetings are subject to the [LF Antitrust Policy](https://www.linuxfoundation.org/antitrust-policy/), the [FINOS Community Code of Conduct](https://community.finos.org/docs/governance/code-of-conduct) and all other [FINOS policies](https://community.finos.org/docs/governance/#policies).
+- **All participants** in FINOS project meetings are subject to the [LF Antitrust Policy](https://www.linuxfoundation.org/legal/antitrust-policy), the [FINOS Community Code of Conduct](https://community.finos.org/docs/governance/code-of-conduct) and all other [FINOS policies](https://community.finos.org/docs/governance/#policies).
 - FINOS meetings involve participation by industry competitors, and it is the intention of FINOS and the Linux Foundation to conduct all of its activities in accordance with applicable antitrust and competition laws. It is therefore extremely important that attendees adhere to meeting agendas, and be aware of, and not participate in, any activities that are prohibited under applicable US state, federal or foreign antitrust and competition laws. Please contact [email protected] with any questions.
 - FINOS project meetings may be recorded for use solely by the FINOS team for administration purposes. In very limited instances, and with explicit approval, recordings may be made more widely available.
 

.github/ISSUE_TEMPLATE/minutes_delivery.md

@@ -21,7 +21,7 @@ MM/DD/YYYY - 11:30 ET / 16:30 UK
 ## Meeting notices
 
 - FINOS **Project leads** are responsible for observing the FINOS guidelines for [running project meetings](https://community.finos.org/docs/governance/meeting-procedures/). Project maintainers can find additional resources in the [FINOS Maintainers Cheatsheet](https://community.finos.org/docs/finos-maintainers-cheatsheet).
-- **All participants** in FINOS project meetings are subject to the [LF Antitrust Policy](https://www.linuxfoundation.org/antitrust-policy/), the [FINOS Community Code of Conduct](https://community.finos.org/docs/governance/code-of-conduct) and all other [FINOS policies](https://community.finos.org/docs/governance/#policies).
+- **All participants** in FINOS project meetings are subject to the [LF Antitrust Policy](https://www.linuxfoundation.org/legal/antitrust-policy), the [FINOS Community Code of Conduct](https://community.finos.org/docs/governance/code-of-conduct) and all other [FINOS policies](https://community.finos.org/docs/governance/#policies).
 - FINOS meetings involve participation by industry competitors, and it is the intention of FINOS and the Linux Foundation to conduct all of its activities in accordance with applicable antitrust and competition laws. It is therefore extremely important that attendees adhere to meeting agendas, and be aware of, and not participate in, any activities that are prohibited under applicable US state, federal or foreign antitrust and competition laws. Please contact [email protected] with any questions.
 - FINOS project meetings may be recorded for use solely by the FINOS team for administration purposes. In very limited instances, and with explicit approval, recordings may be made more widely available.
 

.github/ISSUE_TEMPLATE/minutes_duplication-reduction.md

@@ -21,7 +21,7 @@ MM/DD/YYYY - 12:30 ET / 17:30 UK
 ## Meeting notices
 
 - FINOS **Project leads** are responsible for observing the FINOS guidelines for [running project meetings](https://community.finos.org/docs/governance/meeting-procedures/). Project maintainers can find additional resources in the [FINOS Maintainers Cheatsheet](https://community.finos.org/docs/finos-maintainers-cheatsheet).
-- **All participants** in FINOS project meetings are subject to the [LF Antitrust Policy](https://www.linuxfoundation.org/antitrust-policy/), the [FINOS Community Code of Conduct](https://community.finos.org/docs/governance/code-of-conduct) and all other [FINOS policies](https://community.finos.org/docs/governance/#policies).
+- **All participants** in FINOS project meetings are subject to the [LF Antitrust Policy](https://www.linuxfoundation.org/legal/antitrust-policy), the [FINOS Community Code of Conduct](https://community.finos.org/docs/governance/code-of-conduct) and all other [FINOS policies](https://community.finos.org/docs/governance/#policies).
 - FINOS meetings involve participation by industry competitors, and it is the intention of FINOS and the Linux Foundation to conduct all of its activities in accordance with applicable antitrust and competition laws. It is therefore extremely important that attendees adhere to meeting agendas, and be aware of, and not participate in, any activities that are prohibited under applicable US state, federal or foreign antitrust and competition laws. Please contact [email protected] with any questions.
 - FINOS project meetings may be recorded for use solely by the FINOS team for administration purposes. In very limited instances, and with explicit approval, recordings may be made more widely available.
 

.github/ISSUE_TEMPLATE/minutes_security.md

@@ -21,7 +21,7 @@ MM/DD/YYYY - 11:00 ET / 16:00 UK
 ## Meeting notices
 
 - FINOS **Project leads** are responsible for observing the FINOS guidelines for [running project meetings](https://community.finos.org/docs/governance/meeting-procedures/). Project maintainers can find additional resources in the [FINOS Maintainers Cheatsheet](https://community.finos.org/docs/finos-maintainers-cheatsheet).
-- **All participants** in FINOS project meetings are subject to the [LF Antitrust Policy](https://www.linuxfoundation.org/antitrust-policy/), the [FINOS Community Code of Conduct](https://community.finos.org/docs/governance/code-of-conduct) and all other [FINOS policies](https://community.finos.org/docs/governance/#policies).
+- **All participants** in FINOS project meetings are subject to the [LF Antitrust Policy](https://www.linuxfoundation.org/legal/antitrust-policy), the [FINOS Community Code of Conduct](https://community.finos.org/docs/governance/code-of-conduct) and all other [FINOS policies](https://community.finos.org/docs/governance/#policies).
 - FINOS meetings involve participation by industry competitors, and it is the intention of FINOS and the Linux Foundation to conduct all of its activities in accordance with applicable antitrust and competition laws. It is therefore extremely important that attendees adhere to meeting agendas, and be aware of, and not participate in, any activities that are prohibited under applicable US state, federal or foreign antitrust and competition laws. Please contact [email protected] with any questions.
 - FINOS project meetings may be recorded for use solely by the FINOS team for administration purposes. In very limited instances, and with explicit approval, recordings may be made more widely available.
 

.github/ISSUE_TEMPLATE/minutes_taxonomy.md

@@ -21,7 +21,7 @@ MM/DD/YYYY - 11:30 ET / 16:30 UK
 ## Meeting notices
 
 - FINOS **Project leads** are responsible for observing the FINOS guidelines for [running project meetings](https://community.finos.org/docs/governance/meeting-procedures/). Project maintainers can find additional resources in the [FINOS Maintainers Cheatsheet](https://community.finos.org/docs/finos-maintainers-cheatsheet).
-- **All participants** in FINOS project meetings are subject to the [LF Antitrust Policy](https://www.linuxfoundation.org/antitrust-policy/), the [FINOS Community Code of Conduct](https://community.finos.org/docs/governance/code-of-conduct) and all other [FINOS policies](https://community.finos.org/docs/governance/#policies).
+- **All participants** in FINOS project meetings are subject to the [LF Antitrust Policy](https://www.linuxfoundation.org/legal/antitrust-policy), the [FINOS Community Code of Conduct](https://community.finos.org/docs/governance/code-of-conduct) and all other [FINOS policies](https://community.finos.org/docs/governance/#policies).
 - FINOS meetings involve participation by industry competitors, and it is the intention of FINOS and the Linux Foundation to conduct all of its activities in accordance with applicable antitrust and competition laws. It is therefore extremely important that attendees adhere to meeting agendas, and be aware of, and not participate in, any activities that are prohibited under applicable US state, federal or foreign antitrust and competition laws. Please contact [email protected] with any questions.
 - FINOS project meetings may be recorded for use solely by the FINOS team for administration purposes. In very limited instances, and with explicit approval, recordings may be made more widely available.
 

.github/ISSUE_TEMPLATE/release_proposal.md

@@ -23,7 +23,7 @@ assignees: "damienjburks"
 - [ ] Modify the `metadata.yaml` files to include the latest release details. This can be accomplished in an automated form by running the following command:
 
   ```text
-  cd delivery-tooling
+  cd delivery-toolkit
   go run . release-notes -t /services/storage/object
   ```
 

.github/workflows/pr-title.yaml

@@ -0,0 +1,30 @@
+## Reference: https://github.com/amannn/action-semantic-pull-request
+---
+name: "Lint PR Title"
+on:
+  # pull_request_target event is required for autolabeler to support all PRs including forks
+  pull_request_target:
+    types: [opened, reopened, edited, synchronize]
+jobs:
+  lint_pr_title:
+    permissions:
+      contents: read
+      pull-requests: read
+      statuses: write
+    uses: jmeridth/reusable-workflows/.github/workflows/pr-title.yaml@d788c4f6994c7b37134a9f592fe5db42fd7a0957
+    with:
+      types: |
+        add
+        change
+        remove
+      scopes: |
+        ci
+        docs
+        feature
+        threat
+        control
+        category
+        family
+      requireScope: true
+    secrets:
+      github-token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/release.yml

@@ -17,7 +17,7 @@ jobs:
     runs-on: ubuntu-latest
     defaults:
       run:
-        working-directory: ./delivery-tooling
+        working-directory: ./delivery-toolkit
     steps:
       - uses: actions/checkout@v4
         name: Build
@@ -65,7 +65,7 @@ jobs:
         uses: actions/[email protected]
         with:
           name: ccc-catalogs
-          path: ./delivery-tooling/artifacts/*
+          path: ./delivery-toolkit/artifacts/*
           if-no-files-found: error
           retention-days: 1 # Maximum Retention
 

.github/workflows/sonatype_scan.yaml

@@ -9,7 +9,7 @@ on:
 env:
   SonatypeUrl: "https://finos.sonatype.app/platform/"
   SonatypeAppId: "ccc-delivery"
-  SonatypeScanTarget: "delivery-tooling/"
+  SonatypeScanTarget: "delivery-toolkit/"
   ExcludeDirectory: ""
 
 jobs:

.gitignore

@@ -3,5 +3,5 @@ build/oscal-cli
 # VS Code 
 .DS_Store
 # Delivery Tooling
-delivery-tooling/artifacts
+delivery-toolkit/artifacts
 .env/

.prettierignore

@@ -1 +1 @@
-delivery-tooling/*
+delivery-toolkit/*

.vscode/common-controls.code-snippets

@@ -1,66 +1,90 @@
 {
-    "Prevent unencrypted requests": {
-      "scope": "yaml",
-      "prefix": "CC1, CC Prevent unencrypted requests",
-      "body": [
-        "- CCC.C01 # Prevent unencrypted requests control"
-      ],
-      "description": "Common Control Prevent unencrypted requests"
-    },
-    "Ensure data encryption at rest": {
-      "scope": "yaml",
-      "prefix": "CC2, CC Ensure data encryption at rest",
-      "body": [
-        "- CCC.C02 # Ensure data encryption at rest for all stored data"
-      ],
-      "description": "Common Control Ensure data encryption at rest"
-    },
-    "Implement multi-factor authentication": {
-      "scope": "yaml",
-      "prefix": "CC3, CC Implement MFA for access",
-      "body": [
-        "- CCC.C03 # Implement multi-factor authentication (MFA) for access"
-      ],
-      "description": "Common Control Implement multi-factor authentication (MFA) for access"
-    },
-    "Log all access and changes": {
-      "scope": "yaml",
-      "prefix": "CC4, CC Log all access and changes",
-      "body": [
-        "- CCC.C04 # Log all access and changes"
-      ],
-      "description": "Common Control Log all access and changes"
-    },
-    "Prevent access from untrusted entities": {
-      "scope": "yaml",
-      "prefix": "CC5, CC Prevent access from untrusted entities",
-      "body": [
-        "- CCC.C05 # Prevent access from untrusted entities"
-      ],
-      "description": "Common Control Prevent access from untrusted entities control"
-    },
-    "Prevent deployment in restricted regions": {
-      "scope": "yaml",
-      "prefix": "CC6, CC Prevent deployment in restricted regions",
-      "body": [
-        "- CCC.C06 # Prevent deployment in restricted regions"
-      ],
-      "description": "Common Control Prevent deployment in restricted regions"
-    },
-    "Alert on non-human enumeration": {
-      "scope": "yaml",
-      "prefix": "CC7, CC Alert on non-human enumeration",
-      "body": [
-        "- CCC.C07 # Alert on non-human enumeration"
-      ],
-      "description": "Common Control Alert on non-human enumeration"
-    },
-    "Enable multi-zone or multi-region data replication": {
-      "scope": "yaml",
-      "prefix": "CC8, CC Enable multi-zone or multi-region data replication",
-      "body": [
-        "- CCC.C08 # Enable multi-zone or multi-region data replication"
-      ],
-      "description": "Common Control Enable multi-zone or multi-region data replication"
-    }
-  }
+	"Prevent Unencrypted Requests": {
+		"scope": "yaml",
+		"prefix": "CC1, CC Prevent Unencrypted Requests",
+		"body": [
+			"- CCC.C01 # Prevent Unencrypted Requests"
+		  ],
+		"description": "Common Control Prevent Unencrypted Requests"
+	},
+	"Ensure Data Encryption at Rest for All Stored Data": {
+		"scope": "yaml",
+		"prefix": "CC2, CC Ensure Data Encryption at Rest for All Stored Data",
+		"body": [
+			"- CCC.C02 # Ensure Data Encryption at Rest for All Stored Data"
+		  ],
+		"description": "Common Control Ensure Data Encryption at Rest for All Stored Data"
+	},
+	"Implement Multi-factor Authentication (MFA) for Access": {
+		"scope": "yaml",
+		"prefix": "CC3, CC Implement Multi-factor Authentication (MFA) for Access",
+		"body": [
+			"- CCC.C03 # Implement Multi-factor Authentication (MFA) for Access"
+		  ],
+		"description": "Common Control Implement Multi-factor Authentication (MFA) for Access"
+	},
+	"Log All Access and Changes": {
+		"scope": "yaml",
+		"prefix": "CC4, CC Log All Access and Changes",
+		"body": [
+			"- CCC.C04 # Log All Access and Changes"
+		  ],
+		"description": "Common Control Log All Access and Changes"
+	},
+	"Prevent Access from Untrusted Entities": {
+		"scope": "yaml",
+		"prefix": "CC5, CC Prevent Access from Untrusted Entities",
+		"body": [
+			"- CCC.C05 # Prevent Access from Untrusted Entities"
+		  ],
+		"description": "Common Control Prevent Access from Untrusted Entities"
+	},
+	"Prevent Deployment in Restricted Regions": {
+		"scope": "yaml",
+		"prefix": "CC6, CC Prevent Deployment in Restricted Regions",
+		"body": [
+			"- CCC.C06 # Prevent Deployment in Restricted Regions"
+		  ],
+		"description": "Common Control Prevent Deployment in Restricted Regions"
+	},
+	"Alert on Unusual Enumeration Activity": {
+		"scope": "yaml",
+		"prefix": "CC7, CC Alert on Unusual Enumeration Activity",
+		"body": [
+			"- CCC.C07 # Alert on Unusual Enumeration Activity"
+		  ],
+		"description": "Common Control Alert on Unusual Enumeration Activity"
+	},
+	"Enable Multi-zone or Multi-region Data Replication": {
+		"scope": "yaml",
+		"prefix": "CC8, CC Enable Multi-zone or Multi-region Data Replication",
+		"body": [
+			"- CCC.C08 # Enable Multi-zone or Multi-region Data Replication"
+		  ],
+		"description": "Common Control Enable Multi-zone or Multi-region Data Replication"
+	},
+	"Prevent Tampering, Deletion, or Unauthorized Access to Access Logs": {
+		"scope": "yaml",
+		"prefix": "CC9, CC Prevent Tampering, Deletion, or Unauthorized Access to Access Logs",
+		"body": [
+			"- CCC.C09 # Prevent Tampering, Deletion, or Unauthorized Access to Access Logs"
+		],
+		"description": "Common Control Prevent Tampering, Deletion, or Unauthorized Access to Access Logs"
+	},
+	"Prevent Data Replication to Destinations Outside of Defined Trust Perimeter": {
+		"scope": "yaml",
+		"prefix": "CC10, CC Prevent Data Replication to Destinations Outside of Defined Trust Perimeter",
+		"body": [
+			"- CCC.C10 # Prevent Data Replication to Destinations Outside of Defined Trust Perimeter"
+		],
+		"description": "Common Control Prevent Data Replication to Destinations Outside of Defined Trust Perimeter"
+	},
+	"Enforce Key Management Policies": {
+		"scope": "yaml",
+		"prefix": "CC11, CC Enforce Key Management Policies",
+		"body": [
+			"- CCC.C11 # Enforce Key Management Policies"
+		],
+		"description": "Common Control Enforce Key Management Policies"
+	},
+}

.vscode/common-features.code-snippets

@@ -119,13 +119,13 @@
 		  ],
 		"description": "Common Feature Cost Management"
 	},
-	"BudgetingAlerting": {
+	"Budgeting": {
 		"scope": "yaml",
-		"prefix": "CF16, CF BudgetingAlerting",
+		"prefix": "CF16, CF Budgeting",
 		"body": [
-			"- CCC.F16 # BudgetingAlerting"
+			"- CCC.F16 # Budgeting"
 		  ],
-		"description": "Common Feature BudgetingAlerting"
+		"description": "Common Feature Budgeting"
 	},
 	"Alerting": {
 		"scope": "yaml",
@@ -143,13 +143,13 @@
 		  ],
 		"description": "Common Feature Versioning"
 	},
-	"On-Demand Scaling": {
+	"On-demand Scaling": {
 		"scope": "yaml",
-		"prefix": "CF19, CF On-Demand Scaling",
+		"prefix": "CF19, CF On-demand Scaling",
 		"body": [
-			"- CCC.F19 # On-Demand Scaling"
+			"- CCC.F19 # On-demand Scaling"
 		  ],
-		"description": "Common Feature On-Demand Scaling"
+		"description": "Common Feature On-demand Scaling"
 	},
 	"Tagging": {
 		"scope": "yaml",
@@ -184,5 +184,5 @@
 			"- CCC.F23 # Network Access Rules"
 		  ],
 		"description": "Common Feature Network Access Rules"
-	}
+	},
 }