diff --git a/.config/.markdownlint.yaml b/.config/.markdownlint.yaml
index 41542ad8..999f256f 100644
--- a/.config/.markdownlint.yaml
+++ b/.config/.markdownlint.yaml
@@ -84,7 +84,7 @@ MD022:
MD023: true
# MD024/no-duplicate-heading : Multiple headings with the same content : https://github.com/DavidAnson/markdownlint/blob/v0.34.0/doc/md024.md
-MD024:
+MD024:
siblings_only: true
# MD025/single-title/single-h1 : Multiple top-level headings in the same document : https://github.com/DavidAnson/markdownlint/blob/v0.34.0/doc/md025.md
@@ -246,4 +246,4 @@ MD055:
style: "consistent"
# MD056/table-column-count : Table column count : https://github.com/DavidAnson/markdownlint/blob/v0.34.0/doc/md056.md
-MD056: true
\ No newline at end of file
+MD056: true
diff --git a/.config/.yamllint b/.config/.yamllint
new file mode 100644
index 00000000..4f46df53
--- /dev/null
+++ b/.config/.yamllint
@@ -0,0 +1,15 @@
+extends: relaxed
+
+ignore:
+ - .config
+ - .gitvote.yml
+
+rules:
+ indentation:
+ level: error
+ spaces: 2 # Enforce 2 spaces for indentation
+ line-length:
+ level: error
+ max: 120 # Allow up to 120 characters per line
+ new-lines:
+ type: unix
diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
index 243a79f5..a59152df 100644
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@@ -24,7 +24,7 @@
########
#
# Community Guidelines only need review from the Community Structure WG
-/docs/governance/community-guidelines @finos/ccc-wg-community-structure
+/docs/community-guidelines @finos/ccc-wg-community-structure
#
########
diff --git a/.github/ISSUE_TEMPLATE/minutes_all-hands-comms.md b/.github/ISSUE_TEMPLATE/minutes_all-hands-comms.md
index 6183558f..514c83a9 100644
--- a/.github/ISSUE_TEMPLATE/minutes_all-hands-comms.md
+++ b/.github/ISSUE_TEMPLATE/minutes_all-hands-comms.md
@@ -23,7 +23,7 @@ MM/DD/YYYY - 12:00 ET / 17:00 UK
## Meeting notices
- FINOS **Project leads** are responsible for observing the FINOS guidelines for [running project meetings](https://community.finos.org/docs/governance/meeting-procedures/). Project maintainers can find additional resources in the [FINOS Maintainers Cheatsheet](https://community.finos.org/docs/finos-maintainers-cheatsheet).
-- **All participants** in FINOS project meetings are subject to the [LF Antitrust Policy](https://www.linuxfoundation.org/antitrust-policy/), the [FINOS Community Code of Conduct](https://community.finos.org/docs/governance/code-of-conduct) and all other [FINOS policies](https://community.finos.org/docs/governance/#policies).
+- **All participants** in FINOS project meetings are subject to the [LF Antitrust Policy](https://www.linuxfoundation.org/legal/antitrust-policy), the [FINOS Community Code of Conduct](https://community.finos.org/docs/governance/code-of-conduct) and all other [FINOS policies](https://community.finos.org/docs/governance/#policies).
- FINOS meetings involve participation by industry competitors, and it is the intention of FINOS and the Linux Foundation to conduct all of its activities in accordance with applicable antitrust and competition laws. It is therefore extremely important that attendees adhere to meeting agendas, and be aware of, and not participate in, any activities that are prohibited under applicable US state, federal or foreign antitrust and competition laws. Please contact legal@finos.org with any questions.
- FINOS project meetings may be recorded for use solely by the FINOS team for administration purposes. In very limited instances, and with explicit approval, recordings may be made more widely available.
diff --git a/.github/ISSUE_TEMPLATE/minutes_community-structure.md b/.github/ISSUE_TEMPLATE/minutes_community-structure.md
index d3c2d052..2a9a9e64 100644
--- a/.github/ISSUE_TEMPLATE/minutes_community-structure.md
+++ b/.github/ISSUE_TEMPLATE/minutes_community-structure.md
@@ -21,7 +21,7 @@ MM/DD/YYYY - 12:00 ET / 17:00 UK
## Meeting notices
- FINOS **Project leads** are responsible for observing the FINOS guidelines for [running project meetings](https://community.finos.org/docs/governance/meeting-procedures/). Project maintainers can find additional resources in the [FINOS Maintainers Cheatsheet](https://community.finos.org/docs/finos-maintainers-cheatsheet).
-- **All participants** in FINOS project meetings are subject to the [LF Antitrust Policy](https://www.linuxfoundation.org/antitrust-policy/), the [FINOS Community Code of Conduct](https://community.finos.org/docs/governance/code-of-conduct) and all other [FINOS policies](https://community.finos.org/docs/governance/#policies).
+- **All participants** in FINOS project meetings are subject to the [LF Antitrust Policy](https://www.linuxfoundation.org/legal/antitrust-policy), the [FINOS Community Code of Conduct](https://community.finos.org/docs/governance/code-of-conduct) and all other [FINOS policies](https://community.finos.org/docs/governance/#policies).
- FINOS meetings involve participation by industry competitors, and it is the intention of FINOS and the Linux Foundation to conduct all of its activities in accordance with applicable antitrust and competition laws. It is therefore extremely important that attendees adhere to meeting agendas, and be aware of, and not participate in, any activities that are prohibited under applicable US state, federal or foreign antitrust and competition laws. Please contact legal@finos.org with any questions.
- FINOS project meetings may be recorded for use solely by the FINOS team for administration purposes. In very limited instances, and with explicit approval, recordings may be made more widely available.
diff --git a/.github/ISSUE_TEMPLATE/minutes_delivery.md b/.github/ISSUE_TEMPLATE/minutes_delivery.md
index be74991d..1affa699 100644
--- a/.github/ISSUE_TEMPLATE/minutes_delivery.md
+++ b/.github/ISSUE_TEMPLATE/minutes_delivery.md
@@ -21,7 +21,7 @@ MM/DD/YYYY - 11:30 ET / 16:30 UK
## Meeting notices
- FINOS **Project leads** are responsible for observing the FINOS guidelines for [running project meetings](https://community.finos.org/docs/governance/meeting-procedures/). Project maintainers can find additional resources in the [FINOS Maintainers Cheatsheet](https://community.finos.org/docs/finos-maintainers-cheatsheet).
-- **All participants** in FINOS project meetings are subject to the [LF Antitrust Policy](https://www.linuxfoundation.org/antitrust-policy/), the [FINOS Community Code of Conduct](https://community.finos.org/docs/governance/code-of-conduct) and all other [FINOS policies](https://community.finos.org/docs/governance/#policies).
+- **All participants** in FINOS project meetings are subject to the [LF Antitrust Policy](https://www.linuxfoundation.org/legal/antitrust-policy), the [FINOS Community Code of Conduct](https://community.finos.org/docs/governance/code-of-conduct) and all other [FINOS policies](https://community.finos.org/docs/governance/#policies).
- FINOS meetings involve participation by industry competitors, and it is the intention of FINOS and the Linux Foundation to conduct all of its activities in accordance with applicable antitrust and competition laws. It is therefore extremely important that attendees adhere to meeting agendas, and be aware of, and not participate in, any activities that are prohibited under applicable US state, federal or foreign antitrust and competition laws. Please contact legal@finos.org with any questions.
- FINOS project meetings may be recorded for use solely by the FINOS team for administration purposes. In very limited instances, and with explicit approval, recordings may be made more widely available.
diff --git a/.github/ISSUE_TEMPLATE/minutes_duplication-reduction.md b/.github/ISSUE_TEMPLATE/minutes_duplication-reduction.md
index 7051d23a..600cd447 100644
--- a/.github/ISSUE_TEMPLATE/minutes_duplication-reduction.md
+++ b/.github/ISSUE_TEMPLATE/minutes_duplication-reduction.md
@@ -21,7 +21,7 @@ MM/DD/YYYY - 12:30 ET / 17:30 UK
## Meeting notices
- FINOS **Project leads** are responsible for observing the FINOS guidelines for [running project meetings](https://community.finos.org/docs/governance/meeting-procedures/). Project maintainers can find additional resources in the [FINOS Maintainers Cheatsheet](https://community.finos.org/docs/finos-maintainers-cheatsheet).
-- **All participants** in FINOS project meetings are subject to the [LF Antitrust Policy](https://www.linuxfoundation.org/antitrust-policy/), the [FINOS Community Code of Conduct](https://community.finos.org/docs/governance/code-of-conduct) and all other [FINOS policies](https://community.finos.org/docs/governance/#policies).
+- **All participants** in FINOS project meetings are subject to the [LF Antitrust Policy](https://www.linuxfoundation.org/legal/antitrust-policy), the [FINOS Community Code of Conduct](https://community.finos.org/docs/governance/code-of-conduct) and all other [FINOS policies](https://community.finos.org/docs/governance/#policies).
- FINOS meetings involve participation by industry competitors, and it is the intention of FINOS and the Linux Foundation to conduct all of its activities in accordance with applicable antitrust and competition laws. It is therefore extremely important that attendees adhere to meeting agendas, and be aware of, and not participate in, any activities that are prohibited under applicable US state, federal or foreign antitrust and competition laws. Please contact legal@finos.org with any questions.
- FINOS project meetings may be recorded for use solely by the FINOS team for administration purposes. In very limited instances, and with explicit approval, recordings may be made more widely available.
diff --git a/.github/ISSUE_TEMPLATE/minutes_security.md b/.github/ISSUE_TEMPLATE/minutes_security.md
index 52834bc6..0a9c72c9 100644
--- a/.github/ISSUE_TEMPLATE/minutes_security.md
+++ b/.github/ISSUE_TEMPLATE/minutes_security.md
@@ -21,7 +21,7 @@ MM/DD/YYYY - 11:00 ET / 16:00 UK
## Meeting notices
- FINOS **Project leads** are responsible for observing the FINOS guidelines for [running project meetings](https://community.finos.org/docs/governance/meeting-procedures/). Project maintainers can find additional resources in the [FINOS Maintainers Cheatsheet](https://community.finos.org/docs/finos-maintainers-cheatsheet).
-- **All participants** in FINOS project meetings are subject to the [LF Antitrust Policy](https://www.linuxfoundation.org/antitrust-policy/), the [FINOS Community Code of Conduct](https://community.finos.org/docs/governance/code-of-conduct) and all other [FINOS policies](https://community.finos.org/docs/governance/#policies).
+- **All participants** in FINOS project meetings are subject to the [LF Antitrust Policy](https://www.linuxfoundation.org/legal/antitrust-policy), the [FINOS Community Code of Conduct](https://community.finos.org/docs/governance/code-of-conduct) and all other [FINOS policies](https://community.finos.org/docs/governance/#policies).
- FINOS meetings involve participation by industry competitors, and it is the intention of FINOS and the Linux Foundation to conduct all of its activities in accordance with applicable antitrust and competition laws. It is therefore extremely important that attendees adhere to meeting agendas, and be aware of, and not participate in, any activities that are prohibited under applicable US state, federal or foreign antitrust and competition laws. Please contact legal@finos.org with any questions.
- FINOS project meetings may be recorded for use solely by the FINOS team for administration purposes. In very limited instances, and with explicit approval, recordings may be made more widely available.
diff --git a/.github/ISSUE_TEMPLATE/minutes_taxonomy.md b/.github/ISSUE_TEMPLATE/minutes_taxonomy.md
index 7c044b6e..b9a46ea6 100644
--- a/.github/ISSUE_TEMPLATE/minutes_taxonomy.md
+++ b/.github/ISSUE_TEMPLATE/minutes_taxonomy.md
@@ -21,7 +21,7 @@ MM/DD/YYYY - 11:30 ET / 16:30 UK
## Meeting notices
- FINOS **Project leads** are responsible for observing the FINOS guidelines for [running project meetings](https://community.finos.org/docs/governance/meeting-procedures/). Project maintainers can find additional resources in the [FINOS Maintainers Cheatsheet](https://community.finos.org/docs/finos-maintainers-cheatsheet).
-- **All participants** in FINOS project meetings are subject to the [LF Antitrust Policy](https://www.linuxfoundation.org/antitrust-policy/), the [FINOS Community Code of Conduct](https://community.finos.org/docs/governance/code-of-conduct) and all other [FINOS policies](https://community.finos.org/docs/governance/#policies).
+- **All participants** in FINOS project meetings are subject to the [LF Antitrust Policy](https://www.linuxfoundation.org/legal/antitrust-policy), the [FINOS Community Code of Conduct](https://community.finos.org/docs/governance/code-of-conduct) and all other [FINOS policies](https://community.finos.org/docs/governance/#policies).
- FINOS meetings involve participation by industry competitors, and it is the intention of FINOS and the Linux Foundation to conduct all of its activities in accordance with applicable antitrust and competition laws. It is therefore extremely important that attendees adhere to meeting agendas, and be aware of, and not participate in, any activities that are prohibited under applicable US state, federal or foreign antitrust and competition laws. Please contact legal@finos.org with any questions.
- FINOS project meetings may be recorded for use solely by the FINOS team for administration purposes. In very limited instances, and with explicit approval, recordings may be made more widely available.
diff --git a/.github/ISSUE_TEMPLATE/release_proposal.md b/.github/ISSUE_TEMPLATE/release_proposal.md
index 19ed066c..a8fd6017 100644
--- a/.github/ISSUE_TEMPLATE/release_proposal.md
+++ b/.github/ISSUE_TEMPLATE/release_proposal.md
@@ -23,7 +23,7 @@ assignees: "damienjburks"
- [ ] Modify the `metadata.yaml` files to include the latest release details. This can be accomplished in an automated form by running the following command:
```text
- cd delivery-tooling
+ cd delivery-toolkit
go run . release-notes -t /services/storage/object
```
diff --git a/.github/workflows/format-check.yml b/.github/workflows/format-check.yml
index 52e5be72..8f379a43 100644
--- a/.github/workflows/format-check.yml
+++ b/.github/workflows/format-check.yml
@@ -10,14 +10,14 @@ jobs:
steps:
- name: Checkout repository
uses: actions/checkout@v3
-
+
- name: Set up Node.js
uses: actions/setup-node@v3
with:
- node-version: '16'
-
+ node-version: "16"
+
- name: Install Prettier
run: npm install --save-dev prettier
-
+
- name: Check formatting with Prettier
- run: npx prettier --check "**/*.md" --config ./.config/.prettierrc
\ No newline at end of file
+ run: npx prettier --check "**/*.md" --config ./.config/.prettierrc
diff --git a/.github/workflows/links.yml b/.github/workflows/links.yml
index f0bb2987..f581d1f6 100644
--- a/.github/workflows/links.yml
+++ b/.github/workflows/links.yml
@@ -13,6 +13,7 @@ jobs:
id: lychee
uses: lycheeverse/lychee-action@v1
with:
- args: --base . --verbose --no-progress './**/*.md'
- output: lychee/results.md
- token: ${{ secrets.GITHUB_TOKEN }}
+ args: --base . --verbose --no-progress './**/*.md'
+ output: lychee/results.md
+ token: ${{ secrets.GITHUB_TOKEN }}
+ fail: true
diff --git a/.github/workflows/linting-check.yml b/.github/workflows/linting-check.yml
index 7d5c47f5..d1364956 100644
--- a/.github/workflows/linting-check.yml
+++ b/.github/workflows/linting-check.yml
@@ -20,4 +20,25 @@ jobs:
run: npm install -g markdownlint-cli
- name: Run markdownlint
- run: markdownlint '**/*.md' --config ./.config/.markdownlint.yaml
\ No newline at end of file
+ run: markdownlint '**/*.md' --config ./.config/.markdownlint.yaml
+
+ yaml-lint:
+ runs-on: ubuntu-latest
+
+ steps:
+ - name: Checkout repository
+ uses: actions/checkout@v3
+
+ - name: Set up Python
+ uses: actions/setup-python@v4
+ with:
+ python-version: "3.x" # Use any compatible Python 3 version
+
+ - name: Install yamllint
+ run: |
+ python -m pip install --upgrade pip
+ pip install yamllint
+
+ - name: Run yamllint
+ run: |
+ yamllint -c ./.config/.yamllint .
diff --git a/.github/workflows/pr-title.yaml b/.github/workflows/pr-title.yaml
new file mode 100644
index 00000000..fa583658
--- /dev/null
+++ b/.github/workflows/pr-title.yaml
@@ -0,0 +1,30 @@
+## Reference: https://github.com/amannn/action-semantic-pull-request
+---
+name: "Lint PR Title"
+on:
+ # pull_request_target event is required for autolabeler to support all PRs including forks
+ pull_request_target:
+ types: [opened, reopened, edited, synchronize]
+jobs:
+ lint_pr_title:
+ permissions:
+ contents: read
+ pull-requests: read
+ statuses: write
+ uses: jmeridth/reusable-workflows/.github/workflows/pr-title.yaml@d788c4f6994c7b37134a9f592fe5db42fd7a0957
+ with:
+ types: |
+ add
+ change
+ remove
+ scopes: |
+ ci
+ docs
+ feature
+ threat
+ control
+ category
+ family
+ requireScope: true
+ secrets:
+ github-token: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/pull_request.yaml b/.github/workflows/pull_request.yaml
index 3444bab4..7e5e279a 100644
--- a/.github/workflows/pull_request.yaml
+++ b/.github/workflows/pull_request.yaml
@@ -10,17 +10,18 @@ jobs:
permissions:
pull-requests: write
contents: read
-
+
run-linting-check:
- uses: ./.github/workflows/linting-check.yml
- permissions:
- pull-requests: write
+ uses: ./.github/workflows/linting-check.yml
+ permissions:
+ pull-requests: write
link-checker:
- uses: ./.github/workflows/links.yml
- permissions:
- pull-requests: write
- contents: read
+ uses: ./.github/workflows/links.yml
+ permissions:
+ pull-requests: write
+ contents: read
+
yaml-checker:
uses: ./.github/workflows/yaml-check.yml
permissions:
@@ -32,4 +33,3 @@ jobs:
permissions:
pull-requests: write
contents: read
-
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 379f5074..87ef6041 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -4,10 +4,10 @@ on:
workflow_dispatch:
inputs:
build_target:
- description: 'Build Target (e.g storage/object)'
+ description: "Build Target (e.g storage/object)"
required: true
tag:
- description: 'Tag for this release'
+ description: "Tag for this release"
required: true
# TODO: Add in pre-release tag to distinguish whether or not we want to have an official release
@@ -17,7 +17,7 @@ jobs:
runs-on: ubuntu-latest
defaults:
run:
- working-directory: ./delivery-tooling
+ working-directory: ./delivery-toolkit
steps:
- uses: actions/checkout@v4
name: Build
@@ -27,13 +27,13 @@ jobs:
- name: Install dependencies
run: go mod download
-
+
- name: Get Build Target
id: process_target
run: |
# Read the input for a single build target
build_target="${{ github.event.inputs.build_target }}"
-
+
# Print and save the build target
echo "Build target: $build_target"
echo "target=$build_target" >> $GITHUB_OUTPUT
@@ -46,12 +46,12 @@ jobs:
go run . "yaml" --build-target $build_target
go run . "md" --build-target $build_target
go run . "release-notes" --build-target $build_target
-
+
# Create PDF files from MD files
echo "Converting MD file to PDF"
for md_file in ./artifacts/*.md; do
filename=$(basename "$md_file" .md)
-
+
# Check if the filename contains "release-notes"
if [[ $filename != *"release_notes"* ]]; then
echo "Converting $md_file to $filename.pdf"
@@ -61,12 +61,11 @@ jobs:
fi
done
-
- name: Upload Artifacts
uses: actions/upload-artifact@v4.4.0
with:
name: ccc-catalogs
- path: ./delivery-tooling/artifacts/*
+ path: ./delivery-toolkit/artifacts/*
if-no-files-found: error
retention-days: 1 # Maximum Retention
@@ -104,4 +103,4 @@ jobs:
-H "Content-Type: application/octet-stream" \
--data-binary @"$file" \
"${{ steps.create_release.outputs.upload_url }}=$filename&label=$filename"
- done
\ No newline at end of file
+ done
diff --git a/.github/workflows/sonatype_scan.yaml b/.github/workflows/sonatype_scan.yaml
new file mode 100644
index 00000000..4e0aa212
--- /dev/null
+++ b/.github/workflows/sonatype_scan.yaml
@@ -0,0 +1,45 @@
+name: Sonatype SCA Scanning
+on:
+ workflow_dispatch:
+ pull_request_target:
+ paths:
+ - "**.go"
+ - "**/go.mod"
+ - "**/go.sum"
+env:
+ SonatypeUrl: "https://finos.sonatype.app/platform/"
+ SonatypeAppId: "ccc-delivery"
+ SonatypeScanTarget: "delivery-toolkit/"
+ ExcludeDirectory: ""
+
+jobs:
+ build:
+ if: github.repository_owner == 'finos'
+ name: Build
+ runs-on: ubuntu-latest
+ steps:
+ - uses: actions/checkout@v4
+ - name: Sonatype Lifecycle SCA Scan
+ id: evaluate
+ uses: sonatype/actions/evaluate@v1
+ with:
+ iq-server-url: ${{ env.SonatypeUrl }}
+ username: ${{ secrets.SONATYPE_SCANNER_USERNAME }}
+ password: ${{ secrets.SONATYPE_SCANNER_PASSWORD }}
+ application-id: ${{ env.SonatypeAppId }}
+ stage: "build"
+ scan-targets: ${{ env.SonatypeScanTarget }}
+ module-exclude: ${{ env.ExcludeDirectory }}
+
+ - name: Save Sonatype SBOM
+ uses: sonatype/actions/fetch-sbom@v1
+ if: always() && steps.evaluate.outputs.scan-id
+ with:
+ iq-server-url: ${{ env.SonatypeUrl }}
+ username: ${{ secrets.SONATYPE_SCANNER_USERNAME }}
+ password: ${{ secrets.SONATYPE_SCANNER_PASSWORD }}
+ application-id: ${{ env.SonatypeAppId }}
+ scan-id: ${{ steps.evaluate.outputs.scan-id }}
+ sbom-standard: spdx
+ sbom-version: 2.3
+ artifact-name: ${{ env.SonatypeAppId }}-sonatype-bom
diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml
index cc81d1a5..1800f099 100644
--- a/.github/workflows/stale.yml
+++ b/.github/workflows/stale.yml
@@ -7,27 +7,29 @@ name: Mark stale issues and pull requests
on:
schedule:
- - cron: '18 22 * * *'
+ - cron: "18 22 * * *"
jobs:
stale:
-
runs-on: ubuntu-latest
permissions:
issues: write
pull-requests: write
steps:
- - uses: actions/stale@v5
- with:
- repo-token: ${{ secrets.GITHUB_TOKEN }}
- stale-issue-label: stale
- stale-pr-label: stale
- labels-to-remove-when-unstale: stale
- days-before-stale: 30
- days-before-close: 7
- exempt-issue-labels: longstanding issue
- stale-issue-message: This issue will be closed as stale in 7 days. Please update this issue if it is still needed.
- stale-pr-message: This issue will be closed as stale in 7 days. If this issue is blocked, please tag or assign the appropriate party to move this forward.
- close-issue-message: Closed as stale. An update may reopen this issue.
- close-pr-message: Closed as stale. An update may reopen this PR.
+ - uses: actions/stale@v5
+ with:
+ repo-token: ${{ secrets.GITHUB_TOKEN }}
+ stale-issue-label: stale
+ stale-pr-label: stale
+ labels-to-remove-when-unstale: stale
+ days-before-stale: 30
+ days-before-close: 7
+ exempt-issue-labels: longstanding issue
+ stale-issue-message: |
+ This issue will be closed as stale in 7 days. Please update this issue if it is still needed.
+ stale-pr-message: |
+ This issue will be closed as stale in 7 days. If this issue is blocked,
+ please tag or assign the appropriate party to move this forward.
+ close-issue-message: Closed as stale. An update may reopen this issue.
+ close-pr-message: Closed as stale. An update may reopen this PR.
diff --git a/.github/workflows/stale_meeting.yml b/.github/workflows/stale_meeting.yml
index 0d593d70..60a10c43 100644
--- a/.github/workflows/stale_meeting.yml
+++ b/.github/workflows/stale_meeting.yml
@@ -1,8 +1,8 @@
name: Auto Close Stale Meeting Issues
on:
- schedule:
- - cron: '18 22 * * *'
+ schedule:
+ - cron: "18 22 * * *"
jobs:
close-stale-meeting:
diff --git a/.github/workflows/todo-check.yml b/.github/workflows/todo-check.yml
index 6db0e615..3a21b501 100644
--- a/.github/workflows/todo-check.yml
+++ b/.github/workflows/todo-check.yml
@@ -1,7 +1,7 @@
name: TODO Checker
on:
- workflow_call:
+ workflow_call:
jobs:
find-todos:
@@ -11,8 +11,7 @@ jobs:
- name: Checkout code
uses: actions/checkout@v4
- - name: Check for TODOs in services directory
+ - name: Check for TODOs in services directory
uses: damienjburks/simple-todo-checker@1.0.0
- with:
+ with:
path: "./services"
-
\ No newline at end of file
diff --git a/.github/workflows/yaml-check.yml b/.github/workflows/yaml-check.yml
index c49cf25f..12ba76d1 100644
--- a/.github/workflows/yaml-check.yml
+++ b/.github/workflows/yaml-check.yml
@@ -1,7 +1,7 @@
name: YAML Check
on:
- workflow_call:
+ workflow_call:
jobs:
yaml-check:
@@ -14,10 +14,10 @@ jobs:
- name: Validate YAML Schema
uses: InoUno/yaml-ls-check@develop
with:
- schemaMapping: |
- {
- "schemas/controls-schema.json": [ "services/**/controls.yml", "services/**/controls.yaml" ],
- "schemas/features-schema.json": [ "services/**/features.yml", "services/**/features.yaml" ],
- "schemas/metadata-schema.json": [ "services/**/metadata.yml", "services/**/metadata.yaml" ],
- "schemas/threats-schema.json": [ "services/**/threats.yml", "services/**/threats.yaml" ]
- }
+ schemaMapping: |
+ {
+ "schemas/controls-schema.json": [ "services/**/controls.yml", "services/**/controls.yaml" ],
+ "schemas/features-schema.json": [ "services/**/features.yml", "services/**/features.yaml" ],
+ "schemas/metadata-schema.json": [ "services/**/metadata.yml", "services/**/metadata.yaml" ],
+ "schemas/threats-schema.json": [ "services/**/threats.yml", "services/**/threats.yaml" ]
+ }
diff --git a/.gitignore b/.gitignore
index cdc67bc0..bca159a7 100644
--- a/.gitignore
+++ b/.gitignore
@@ -3,5 +3,5 @@ build/oscal-cli
# VS Code
.DS_Store
# Delivery Tooling
-delivery-tooling/artifacts
+delivery-toolkit/artifacts
.env/
\ No newline at end of file
diff --git a/.gitvote.yml b/.gitvote.yml
index 02a80eb8..c1aa10ce 100644
--- a/.gitvote.yml
+++ b/.gitvote.yml
@@ -12,4 +12,4 @@ profiles:
periodic_status_check: null
# Close vote on passing
- close_on_passing: true
\ No newline at end of file
+ close_on_passing: true
diff --git a/.prettierignore b/.prettierignore
index d74cda5b..f31b1f48 100644
--- a/.prettierignore
+++ b/.prettierignore
@@ -1 +1 @@
-delivery-tooling/*
\ No newline at end of file
+delivery-toolkit/*
\ No newline at end of file
diff --git a/.vscode/common-controls.code-snippets b/.vscode/common-controls.code-snippets
index 044c6b3f..467db55c 100644
--- a/.vscode/common-controls.code-snippets
+++ b/.vscode/common-controls.code-snippets
@@ -1,66 +1,90 @@
{
- "Prevent unencrypted requests": {
- "scope": "yaml",
- "prefix": "CT1, CT Prevent unencrypted requests",
- "body": [
- "- CCC.C01 # Prevent unencrypted requests control"
- ],
- "description": "Common Control Prevent unencrypted requests"
- },
- "Ensure data encryption at rest": {
- "scope": "yaml",
- "prefix": "CT2, CT Ensure data encryption at rest",
- "body": [
- "- CCC.C02 # Ensure data encryption at rest for all stored data"
- ],
- "description": "Common Control Ensure data encryption at rest"
- },
- "Implement multi-factor authentication": {
- "scope": "yaml",
- "prefix": "CT3, CT Implement MFA for access",
- "body": [
- "- CCC.C03 # Implement multi-factor authentication (MFA) for access"
- ],
- "description": "Common Control Implement multi-factor authentication (MFA) for access"
- },
- "Log all access and changes": {
- "scope": "yaml",
- "prefix": "CT4, CT Log all access and changes",
- "body": [
- "- CCC.C04 # Log all access and changes"
- ],
- "description": "Common Control Log all access and changes"
- },
- "Prevent access from untrusted entities": {
- "scope": "yaml",
- "prefix": "CT5, CT Prevent access from untrusted entities",
- "body": [
- "- CCC.C05 # Prevent access from untrusted entities"
- ],
- "description": "Common Control Prevent access from untrusted entities control"
- },
- "Prevent deployment in restricted regions": {
- "scope": "yaml",
- "prefix": "CT6, CT Prevent deployment in restricted regions",
- "body": [
- "- CCC.C06 # Prevent deployment in restricted regions"
- ],
- "description": "Common Control Prevent deployment in restricted regions"
- },
- "Alert on non-human enumeration": {
- "scope": "yaml",
- "prefix": "CT7, CT Alert on non-human enumeration",
- "body": [
- "- CCC.C07 # Alert on non-human enumeration"
- ],
- "description": "Common Control Alert on non-human enumeration"
- },
- "Enable multi-zone or multi-region data replication": {
- "scope": "yaml",
- "prefix": "CT8, CT Enable multi-zone or multi-region data replication",
- "body": [
- "- CCC.C08 # Enable multi-zone or multi-region data replication"
- ],
- "description": "Common Control Enable multi-zone or multi-region data replication"
- }
- }
+ "Prevent Unencrypted Requests": {
+ "scope": "yaml",
+ "prefix": "CC1, CC Prevent Unencrypted Requests",
+ "body": [
+ "- CCC.C01 # Prevent Unencrypted Requests"
+ ],
+ "description": "Common Control Prevent Unencrypted Requests"
+ },
+ "Ensure Data Encryption at Rest for All Stored Data": {
+ "scope": "yaml",
+ "prefix": "CC2, CC Ensure Data Encryption at Rest for All Stored Data",
+ "body": [
+ "- CCC.C02 # Ensure Data Encryption at Rest for All Stored Data"
+ ],
+ "description": "Common Control Ensure Data Encryption at Rest for All Stored Data"
+ },
+ "Implement Multi-factor Authentication (MFA) for Access": {
+ "scope": "yaml",
+ "prefix": "CC3, CC Implement Multi-factor Authentication (MFA) for Access",
+ "body": [
+ "- CCC.C03 # Implement Multi-factor Authentication (MFA) for Access"
+ ],
+ "description": "Common Control Implement Multi-factor Authentication (MFA) for Access"
+ },
+ "Log All Access and Changes": {
+ "scope": "yaml",
+ "prefix": "CC4, CC Log All Access and Changes",
+ "body": [
+ "- CCC.C04 # Log All Access and Changes"
+ ],
+ "description": "Common Control Log All Access and Changes"
+ },
+ "Prevent Access from Untrusted Entities": {
+ "scope": "yaml",
+ "prefix": "CC5, CC Prevent Access from Untrusted Entities",
+ "body": [
+ "- CCC.C05 # Prevent Access from Untrusted Entities"
+ ],
+ "description": "Common Control Prevent Access from Untrusted Entities"
+ },
+ "Prevent Deployment in Restricted Regions": {
+ "scope": "yaml",
+ "prefix": "CC6, CC Prevent Deployment in Restricted Regions",
+ "body": [
+ "- CCC.C06 # Prevent Deployment in Restricted Regions"
+ ],
+ "description": "Common Control Prevent Deployment in Restricted Regions"
+ },
+ "Alert on Unusual Enumeration Activity": {
+ "scope": "yaml",
+ "prefix": "CC7, CC Alert on Unusual Enumeration Activity",
+ "body": [
+ "- CCC.C07 # Alert on Unusual Enumeration Activity"
+ ],
+ "description": "Common Control Alert on Unusual Enumeration Activity"
+ },
+ "Enable Multi-zone or Multi-region Data Replication": {
+ "scope": "yaml",
+ "prefix": "CC8, CC Enable Multi-zone or Multi-region Data Replication",
+ "body": [
+ "- CCC.C08 # Enable Multi-zone or Multi-region Data Replication"
+ ],
+ "description": "Common Control Enable Multi-zone or Multi-region Data Replication"
+ },
+ "Prevent Tampering, Deletion, or Unauthorized Access to Access Logs": {
+ "scope": "yaml",
+ "prefix": "CC9, CC Prevent Tampering, Deletion, or Unauthorized Access to Access Logs",
+ "body": [
+ "- CCC.C09 # Prevent Tampering, Deletion, or Unauthorized Access to Access Logs"
+ ],
+ "description": "Common Control Prevent Tampering, Deletion, or Unauthorized Access to Access Logs"
+ },
+ "Prevent Data Replication to Destinations Outside of Defined Trust Perimeter": {
+ "scope": "yaml",
+ "prefix": "CC10, CC Prevent Data Replication to Destinations Outside of Defined Trust Perimeter",
+ "body": [
+ "- CCC.C10 # Prevent Data Replication to Destinations Outside of Defined Trust Perimeter"
+ ],
+ "description": "Common Control Prevent Data Replication to Destinations Outside of Defined Trust Perimeter"
+ },
+ "Enforce Key Management Policies": {
+ "scope": "yaml",
+ "prefix": "CC11, CC Enforce Key Management Policies",
+ "body": [
+ "- CCC.C11 # Enforce Key Management Policies"
+ ],
+ "description": "Common Control Enforce Key Management Policies"
+ },
+}
\ No newline at end of file
diff --git a/.vscode/common-features.code-snippets b/.vscode/common-features.code-snippets
index bbd3e468..7d14e391 100644
--- a/.vscode/common-features.code-snippets
+++ b/.vscode/common-features.code-snippets
@@ -119,13 +119,13 @@
],
"description": "Common Feature Cost Management"
},
- "BudgetingAlerting": {
+ "Budgeting": {
"scope": "yaml",
- "prefix": "CF16, CF BudgetingAlerting",
+ "prefix": "CF16, CF Budgeting",
"body": [
- "- CCC.F16 # BudgetingAlerting"
+ "- CCC.F16 # Budgeting"
],
- "description": "Common Feature BudgetingAlerting"
+ "description": "Common Feature Budgeting"
},
"Alerting": {
"scope": "yaml",
@@ -143,13 +143,13 @@
],
"description": "Common Feature Versioning"
},
- "On-Demand Scaling": {
+ "On-demand Scaling": {
"scope": "yaml",
- "prefix": "CF19, CF On-Demand Scaling",
+ "prefix": "CF19, CF On-demand Scaling",
"body": [
- "- CCC.F19 # On-Demand Scaling"
+ "- CCC.F19 # On-demand Scaling"
],
- "description": "Common Feature On-Demand Scaling"
+ "description": "Common Feature On-demand Scaling"
},
"Tagging": {
"scope": "yaml",
@@ -166,5 +166,23 @@
"- CCC.F21 # Replication"
],
"description": "Common Feature Replication"
- }
+ },
+
+ "Location Lock-In": {
+ "scope": "yaml",
+ "prefix": "CF22, CF Location Lock-In",
+ "body": [
+ "- CCC.F22 # Location Lock-In"
+ ],
+ "description": "Common Feature Location Lock-In"
+ },
+
+ "Network Access Rules": {
+ "scope": "yaml",
+ "prefix": "CF23, CF Network Access Rules",
+ "body": [
+ "- CCC.F23 # Network Access Rules"
+ ],
+ "description": "Common Feature Network Access Rules"
+ },
}
\ No newline at end of file
diff --git a/.vscode/common-threats.code-snippets b/.vscode/common-threats.code-snippets
index 2d4a3a45..51fcb5de 100644
--- a/.vscode/common-threats.code-snippets
+++ b/.vscode/common-threats.code-snippets
@@ -1,51 +1,51 @@
{
- "Access control is misconfigured": {
+ "Access Control is Misconfigured": {
"scope": "yaml",
- "prefix": "CT1, CT Access control is misconfigured",
+ "prefix": "CT1, CT Access Control is Misconfigured",
"body": [
- "- CCC.TH01 # Access control is misconfigured"
+ "- CCC.TH01 # Access Control is Misconfigured"
],
- "description": "Common Threat Access control is misconfigured"
+ "description": "Common Threat Access Control is Misconfigured"
},
- "Data is intercepted in transit": {
+ "Data is Intercepted in Transit": {
"scope": "yaml",
- "prefix": "CT2, CT Data is intercepted in transit",
+ "prefix": "CT2, CT Data is Intercepted in Transit",
"body": [
- "- CCC.TH02 # Data is intercepted in transit"
+ "- CCC.TH02 # Data is Intercepted in Transit"
],
- "description": "Common Threat Data is intercepted in transit"
+ "description": "Common Threat Data is Intercepted in Transit"
},
- "Deployment region network is untrusted": {
+ "Deployment Region Network is Untrusted": {
"scope": "yaml",
- "prefix": "CT3, CT Deployment region network is untrusted",
+ "prefix": "CT3, CT Deployment Region Network is Untrusted",
"body": [
- "- CCC.TH03 # Deployment region network is untrusted"
+ "- CCC.TH03 # Deployment Region Network is Untrusted"
],
- "description": "Common Threat Deployment region network is untrusted"
+ "description": "Common Threat Deployment Region Network is Untrusted"
},
- "Resource is replicated to untrusted or external locations": {
+ "Data is Replicated to Untrusted or External Locations": {
"scope": "yaml",
- "prefix": "CT4, CT Resource is replicated to untrusted or external locations",
+ "prefix": "CT4, CT Data is Replicated to Untrusted or External Locations",
"body": [
- "- CCC.TH04 # Resource is replicated to untrusted or external locations"
+ "- CCC.TH04 # Data is Replicated to Untrusted or External Locations"
],
- "description": "Common Threat Resource is replicated to untrusted or external locations"
+ "description": "Common Threat Data is Replicated to Untrusted or External Locations"
},
- "Data is corrupted during replication": {
+ "Data is Corrupted During Replication": {
"scope": "yaml",
- "prefix": "CT5, CT Data is corrupted during replication",
+ "prefix": "CT5, CT Data is Corrupted During Replication",
"body": [
- "- CCC.TH05 # Data is corrupted during replication"
+ "- CCC.TH05 # Data is Corrupted During Replication"
],
- "description": "Common Threat Data is corrupted during replication"
+ "description": "Common Threat Data is Corrupted During Replication"
},
- "Data is lost or corrupted": {
+ "Data is Lost or Corrupted": {
"scope": "yaml",
- "prefix": "CT6, CT Data is lost or corrupted",
+ "prefix": "CT6, CT Data is Lost or Corrupted",
"body": [
- "- CCC.TH06 # Data is lost or corrupted"
+ "- CCC.TH06 # Data is Lost or Corrupted"
],
- "description": "Common Threat Data is lost or corrupted"
+ "description": "Common Threat Data is Lost or Corrupted"
},
"Logs are Tampered With or Deleted": {
"scope": "yaml",
@@ -87,28 +87,36 @@
],
"description": "Common Threat Event Notifications are Incorrectly Triggered"
},
- "Resource constraints are exhaustedResource Tags Are Manipulated": {
+ "Resource Constraints are Exhausted": {
"scope": "yaml",
- "prefix": "CT12, CT Resource constraints are exhaustedResource Tags Are Manipulated",
+ "prefix": "CT12, CT Resource Constraints are Exhausted",
"body": [
- "- CCC.TH12 # Resource constraints are exhaustedResource Tags Are Manipulated"
+ "- CCC.TH12 # Resource Constraints are Exhausted"
],
- "description": "Common Threat Resource constraints are exhaustedResource Tags Are Manipulated"
+ "description": "Common Threat Resource Constraints are Exhausted"
},
- "Resource Tags Are Manipulated": {
+ "Resource Tags are Manipulated": {
"scope": "yaml",
- "prefix": "CT13, CT Resource Tags Are Manipulated",
+ "prefix": "CT13, CT Resource Tags are Manipulated",
"body": [
- "- CCC.TH13 # Resource Tags Are Manipulated"
+ "- CCC.TH13 # Resource Tags are Manipulated"
],
- "description": "Common Threat Resource Tags Are Manipulated"
+ "description": "Common Threat Resource Tags are Manipulated"
},
- "Older Resource Versions Are Exploited": {
+ "Older Resource Versions are Exploited": {
"scope": "yaml",
- "prefix": "CT14, CT Older Resource Versions Are Exploited",
+ "prefix": "CT14, CT Older Resource Versions are Exploited",
"body": [
- "- CCC.TH14 # Older Resource Versions Are Exploited"
+ "- CCC.TH14 # Older Resource Versions are Exploited"
],
- "description": "Common Threat Older Resource Versions Are Exploited"
+ "description": "Common Threat Older Resource Versions are Exploited"
+ },
+ "Automated Enumeration and Reconnaissance by Non-human Entities": {
+ "scope": "yaml",
+ "prefix": "CT14, CT Automated Enumeration and Reconnaissance by Non-human Entities",
+ "body": [
+ "- CCC.TH14 # Automated Enumeration and Reconnaissance by Non-human Entities"
+ ],
+ "description": "Common Threat Automated Enumeration and Reconnaissance by Non-human Entities"
},
}
\ No newline at end of file
diff --git a/README.md b/README.md
index 214b6c22..bf85cf51 100644
--- a/README.md
+++ b/README.md
@@ -12,7 +12,7 @@ FINOS Common Cloud Controls (FINOS CCC) is an open standard project that describ
This standard is a collaborative project which aims to develop a unified set of cybersecurity, resiliency, and compliance controls for common services across the major cloud service providers (CSPs).
-[Download the FINOS CCC Primer Here](./docs/training/FINOS-CCC-Primer-June-2024.pdf)
+[Download the FINOS CCC Primer Here](./docs/resources/training/FINOS-CCC-Primer-June-2024.pdf)
## What Are The Benefits?
diff --git a/delivery-tooling/go.sum b/delivery-tooling/go.sum
deleted file mode 100644
index 500d4b39..00000000
--- a/delivery-tooling/go.sum
+++ /dev/null
@@ -1,113 +0,0 @@
-github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8 h1:wPbRQzjjwFc0ih8puEVAOFGELsn1zoIIYdxvML7mDxA=
-github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8/go.mod h1:I0gYDMZ6Z5GRU7l58bNFSkPTFN6Yl12dsUlAZ8xy98g=
-github.com/bwesterb/go-ristretto v1.2.0/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0=
-github.com/cloudflare/circl v1.1.0/go.mod h1:prBCrKB9DV4poKZY1l9zBXg2QJY7mvgRvtMxxK7fi4I=
-github.com/cloudflare/circl v1.3.3 h1:fE/Qz0QdIGqeWfnwq0RE0R7MI51s0M2E4Ga9kq5AEMs=
-github.com/cloudflare/circl v1.3.3/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUKZrLbUZFA=
-github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
-github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA=
-github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM=
-github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
-github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
-github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg=
-github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
-github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-github/v53 v53.2.0 h1:wvz3FyF53v4BK+AsnvCmeNhf8AkTaeh2SoYu/XUvTtI=
-github.com/google/go-github/v53 v53.2.0/go.mod h1:XhFRObz+m/l+UCm9b7KSIC3lT3NWSXGt7mOsAWEloao=
-github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8=
-github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17icRSOU623lUBU=
-github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4=
-github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
-github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=
-github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
-github.com/magiconair/properties v1.8.7 h1:IeQXZAiQcpL9mgcAe1Nu6cX9LLw6ExEHKjN0VQdvPDY=
-github.com/magiconair/properties v1.8.7/go.mod h1:Dhd985XPs7jluiymwWYZ0G4Z61jb3vdS329zhj2hYo0=
-github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY=
-github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
-github.com/pelletier/go-toml/v2 v2.2.2 h1:aYUidT7k73Pcl9nb2gScu7NSrKCSHIDE89b3+6Wq+LM=
-github.com/pelletier/go-toml/v2 v2.2.2/go.mod h1:1t835xjRzz80PqgE6HHgN2JOsmgYu/h4qDAS4n929Rs=
-github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
-github.com/sagikazarmark/locafero v0.4.0 h1:HApY1R9zGo4DBgr7dqsTH/JJxLTTsOt7u6keLGt6kNQ=
-github.com/sagikazarmark/locafero v0.4.0/go.mod h1:Pe1W6UlPYUk/+wc/6KFhbORCfqzgYEpgQ3O5fPuL3H4=
-github.com/sagikazarmark/slog-shim v0.1.0 h1:diDBnUNK9N/354PgrxMywXnAwEr1QZcOr6gto+ugjYE=
-github.com/sagikazarmark/slog-shim v0.1.0/go.mod h1:SrcSrq8aKtyuqEI1uvTDTK1arOWRIczQRv+GVI1AkeQ=
-github.com/sourcegraph/conc v0.3.0 h1:OQTbbt6P72L20UqAkXXuLOj79LfEanQ+YQFNpLA9ySo=
-github.com/sourcegraph/conc v0.3.0/go.mod h1:Sdozi7LEKbFPqYX2/J+iBAM6HpqSLTASQIKqDmF7Mt0=
-github.com/spf13/afero v1.11.0 h1:WJQKhtpdm3v2IzqG8VMqrr6Rf3UYpEF239Jy9wNepM8=
-github.com/spf13/afero v1.11.0/go.mod h1:GH9Y3pIexgf1MTIWtNGyogA5MwRIDXGUr+hbWNoBjkY=
-github.com/spf13/cast v1.6.0 h1:GEiTHELF+vaR5dhz3VqZfFSzZjYbgeKDpBxQVS4GYJ0=
-github.com/spf13/cast v1.6.0/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo=
-github.com/spf13/cobra v1.8.1 h1:e5/vxKd/rZsfSJMUX1agtjeTDf+qv1/JdBF8gg5k9ZM=
-github.com/spf13/cobra v1.8.1/go.mod h1:wHxEcudfqmLYa8iTfL+OuZPbBZkmvliBWKIezN3kD9Y=
-github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
-github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
-github.com/spf13/viper v1.19.0 h1:RWq5SEjt8o25SROyN3z2OrDB9l7RPd3lwTWU8EcEdcI=
-github.com/spf13/viper v1.19.0/go.mod h1:GQUN9bilAbhU/jgc1bKs99f/suXKeUMct8Adx5+Ntkg=
-github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
-github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
-github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA=
-github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
-github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
-github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
-github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
-github.com/subosito/gotenv v1.6.0 h1:9NlTDc1FTs4qu0DDq7AEtTPNw6SVm7uBMsUCUjABIf8=
-github.com/subosito/gotenv v1.6.0/go.mod h1:Dk4QP5c2W3ibzajGcXpNraDfq2IrhjMIvMSWPKKo0FU=
-github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
-go.uber.org/atomic v1.9.0 h1:ECmE8Bn/WFTYwEW/bpKD3M8VtR/zQVbavAoalC1PYyE=
-go.uber.org/atomic v1.9.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
-go.uber.org/multierr v1.9.0 h1:7fIwc/ZtS0q++VgcfqFDxSBZVv/Xo49/SYnDFupUwlI=
-go.uber.org/multierr v1.9.0/go.mod h1:X2jQV1h+kxSjClGpnseKVIxpmcjrj7MNnI0bnlfKTVQ=
-golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
-golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
-golang.org/x/crypto v0.21.0 h1:X31++rzVUdKhX5sWmSOFZxx8UW/ldWx55cbf08iNAMA=
-golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs=
-golang.org/x/exp v0.0.0-20230905200255-921286631fa9 h1:GoHiUyI/Tp2nVkLI2mCxVkOjsbSXD66ic0XW0js0R9g=
-golang.org/x/exp v0.0.0-20230905200255-921286631fa9/go.mod h1:S2oDrQGGwySpoQPVqRShND87VCbxmc6bL1Yd2oYrm6k=
-golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
-golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
-golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
-golang.org/x/oauth2 v0.18.0 h1:09qnuIAgzdx1XplqJvW6CQqMCtGZykZWcXzPMPUusvI=
-golang.org/x/oauth2 v0.18.0/go.mod h1:Wf7knwG0MPoWIMMBgFlEaSUDaKskp0dCfrlJRJXbBi8=
-golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20211007075335-d3039528d8ac/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4=
-golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
-golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
-golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
-golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
-golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ=
-golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
-golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
-golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
-golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-google.golang.org/appengine v1.6.8 h1:IhEN5q69dyKagZPYMSdIjS2HqprW324FRQZJcGqPAsM=
-google.golang.org/appengine v1.6.8/go.mod h1:1jJ3jBArFh5pcgW8gCtRJnepW8FzD1V44FJffLiz/Ds=
-google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
-google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
-google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI=
-google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
-gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
-gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA=
-gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
-gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
-gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
diff --git a/delivery-tooling/logos/logo_wall.svg b/delivery-tooling/logos/logo_wall.svg
deleted file mode 100644
index daf5ecb8..00000000
--- a/delivery-tooling/logos/logo_wall.svg
+++ /dev/null
@@ -1 +0,0 @@
-
\ No newline at end of file
diff --git a/delivery-tooling/catalog-compiler.go b/delivery-toolkit/catalog-compiler.go
similarity index 81%
rename from delivery-tooling/catalog-compiler.go
rename to delivery-toolkit/catalog-compiler.go
index 5aa7a85e..e88d5d3b 100644
--- a/delivery-tooling/catalog-compiler.go
+++ b/delivery-toolkit/catalog-compiler.go
@@ -1,10 +1,12 @@
package main
import (
+ "bytes"
"fmt"
"log"
"os"
"path/filepath"
+ "strings"
"github.com/spf13/viper"
"gopkg.in/yaml.v3"
@@ -30,6 +32,7 @@ type Control struct {
NISTCSF string `yaml:"nist_csf"`
ControlMappings map[string]interface{} `yaml:"control_mappings"`
TestRequirements []TestRequirements `yaml:"test_requirements"`
+ Link string
}
type TestRequirements struct {
@@ -57,7 +60,7 @@ type ReleaseDetails struct {
ThreatModelURL string `yaml:"threat_model_url"`
ThreatModelAuthor string `yaml:"threat_model_author"`
RedTeam string `yaml:"red_team"`
- RedTeamExercizeURL string `yaml:"red_team_exercize_url"`
+ RedTeamExerciseURL string `yaml:"red_team_exercise_url"`
ReleaseManager ReleaseManager `yaml:"release_manager"`
ChangeLog []string `yaml:"change_log"`
Contributors []Contributors `yaml:"contributors"`
@@ -86,6 +89,7 @@ type Feature struct {
ID string `yaml:"id"`
Title string `yaml:"title"`
Description string `yaml:"description"`
+ Link string
}
// ThreatSet is a struct that represents the threats.yaml file
@@ -100,6 +104,7 @@ type Threat struct {
Description string `yaml:"description"`
Features []string `yaml:"features"`
MITRETechnique []string `yaml:"mitre_technique"`
+ Link string
}
func formatList(items []string) string {
@@ -159,6 +164,33 @@ func unmarshalData(dataName string, dataSet interface{}) {
}
}
+func createLink(id string, title string) string {
+ var buffer bytes.Buffer
+
+ buffer.WriteString(strings.ToLower(strings.ReplaceAll(id, ".", "")))
+ buffer.WriteString("---")
+ buffer.WriteString(strings.ToLower(strings.ReplaceAll(strings.ReplaceAll(title, ",", ""), " ", "-")))
+ return buffer.String()
+}
+
+func addFeatureLink(features []Feature) {
+ for index, element := range features {
+ features[index].Link = createLink(element.ID, element.Title)
+ }
+}
+
+func addThreatLink(threats []Threat) {
+ for index, element := range threats {
+ threats[index].Link = createLink(element.ID, element.Title)
+ }
+}
+
+func addControlLink(controls []Control) {
+ for index, element := range controls {
+ controls[index].Link = createLink(element.ID, element.Title)
+ }
+}
+
func readAndCompileCatalog() (data CompiledCatalog) {
// read controls.yaml, features.yaml, threats.yaml, and metadata.yaml from dir path
controlsData := ControlSet{}
@@ -178,6 +210,13 @@ func readAndCompileCatalog() (data CompiledCatalog) {
commonThreatsData := ThreatSet{}
unmarshalData("common-threats", &commonThreatsData)
+ addFeatureLink(featuresData.SpecificFeatures)
+ addFeatureLink(commonFeaturesData.SpecificFeatures)
+ addThreatLink(threatsData.SpecificThreats)
+ addThreatLink(commonThreatsData.SpecificThreats)
+ addControlLink(controlsData.SpecificControls)
+ addControlLink(commonControlsData.SpecificControls)
+
return CompiledCatalog{
Metadata: metadata,
Controls: append(commonControlsData.SpecificControls, controlsData.SpecificControls...),
diff --git a/delivery-tooling/gen-markdown.go b/delivery-toolkit/gen-markdown.go
similarity index 100%
rename from delivery-tooling/gen-markdown.go
rename to delivery-toolkit/gen-markdown.go
diff --git a/delivery-tooling/gen-release-notes.go b/delivery-toolkit/gen-release-notes.go
similarity index 100%
rename from delivery-tooling/gen-release-notes.go
rename to delivery-toolkit/gen-release-notes.go
diff --git a/delivery-tooling/gen-yaml.go b/delivery-toolkit/gen-yaml.go
similarity index 100%
rename from delivery-tooling/gen-yaml.go
rename to delivery-toolkit/gen-yaml.go
diff --git a/delivery-tooling/go.mod b/delivery-toolkit/go.mod
similarity index 50%
rename from delivery-tooling/go.mod
rename to delivery-toolkit/go.mod
index 8ad1f513..4bcc4448 100644
--- a/delivery-tooling/go.mod
+++ b/delivery-toolkit/go.mod
@@ -4,34 +4,30 @@ go 1.22.5
require (
github.com/google/go-github/v53 v53.2.0
- golang.org/x/oauth2 v0.18.0
+ golang.org/x/oauth2 v0.24.0
gopkg.in/yaml.v3 v3.0.1
)
require (
- github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8 // indirect
- github.com/cloudflare/circl v1.3.3 // indirect
- github.com/fsnotify/fsnotify v1.7.0 // indirect
- github.com/golang/protobuf v1.5.3 // indirect
+ github.com/ProtonMail/go-crypto v1.1.2 // indirect
+ github.com/cloudflare/circl v1.5.0 // indirect
+ github.com/fsnotify/fsnotify v1.8.0 // indirect
github.com/google/go-querystring v1.1.0 // indirect
github.com/hashicorp/hcl v1.0.0 // indirect
github.com/magiconair/properties v1.8.7 // indirect
github.com/mitchellh/mapstructure v1.5.0 // indirect
- github.com/pelletier/go-toml/v2 v2.2.2 // indirect
- github.com/sagikazarmark/locafero v0.4.0 // indirect
+ github.com/pelletier/go-toml/v2 v2.2.3 // indirect
+ github.com/sagikazarmark/locafero v0.6.0 // indirect
github.com/sagikazarmark/slog-shim v0.1.0 // indirect
github.com/sourcegraph/conc v0.3.0 // indirect
github.com/spf13/afero v1.11.0 // indirect
- github.com/spf13/cast v1.6.0 // indirect
+ github.com/spf13/cast v1.7.0 // indirect
github.com/subosito/gotenv v1.6.0 // indirect
- go.uber.org/atomic v1.9.0 // indirect
- go.uber.org/multierr v1.9.0 // indirect
- golang.org/x/crypto v0.21.0 // indirect
- golang.org/x/exp v0.0.0-20230905200255-921286631fa9 // indirect
- golang.org/x/sys v0.18.0 // indirect
- golang.org/x/text v0.14.0 // indirect
- google.golang.org/appengine v1.6.8 // indirect
- google.golang.org/protobuf v1.33.0 // indirect
+ go.uber.org/multierr v1.11.0 // indirect
+ golang.org/x/crypto v0.29.0 // indirect
+ golang.org/x/exp v0.0.0-20241108190413-2d47ceb2692f // indirect
+ golang.org/x/sys v0.27.0 // indirect
+ golang.org/x/text v0.20.0 // indirect
gopkg.in/ini.v1 v1.67.0 // indirect
)
diff --git a/delivery-toolkit/go.sum b/delivery-toolkit/go.sum
new file mode 100644
index 00000000..66d6857d
--- /dev/null
+++ b/delivery-toolkit/go.sum
@@ -0,0 +1,78 @@
+github.com/ProtonMail/go-crypto v1.1.2 h1:A7JbD57ThNqh7XjmHE+PXpQ3Dqt3BrSAC0AL0Go3KS0=
+github.com/ProtonMail/go-crypto v1.1.2/go.mod h1:rA3QumHc/FZ8pAHreoekgiAbzpNsfQAosU5td4SnOrE=
+github.com/cloudflare/circl v1.5.0 h1:hxIWksrX6XN5a1L2TI/h53AGPhNHoUBo+TD1ms9+pys=
+github.com/cloudflare/circl v1.5.0/go.mod h1:uddAzsPgqdMAYatqJ0lsjX1oECcQLIlRpzZh3pJrofs=
+github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=
+github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHkI4W8=
+github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0=
+github.com/fsnotify/fsnotify v1.8.0 h1:dAwr6QBTBZIkG8roQaJjGof0pp0EeF+tNV7YBP3F/8M=
+github.com/fsnotify/fsnotify v1.8.0/go.mod h1:8jBTzvmWwFyi3Pb8djgCCO5IBqzKJ/Jwo8TRcHyHii0=
+github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
+github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/google/go-github/v53 v53.2.0 h1:wvz3FyF53v4BK+AsnvCmeNhf8AkTaeh2SoYu/XUvTtI=
+github.com/google/go-github/v53 v53.2.0/go.mod h1:XhFRObz+m/l+UCm9b7KSIC3lT3NWSXGt7mOsAWEloao=
+github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8=
+github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17icRSOU623lUBU=
+github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4=
+github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
+github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=
+github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
+github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
+github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
+github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
+github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
+github.com/magiconair/properties v1.8.7 h1:IeQXZAiQcpL9mgcAe1Nu6cX9LLw6ExEHKjN0VQdvPDY=
+github.com/magiconair/properties v1.8.7/go.mod h1:Dhd985XPs7jluiymwWYZ0G4Z61jb3vdS329zhj2hYo0=
+github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY=
+github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
+github.com/pelletier/go-toml/v2 v2.2.3 h1:YmeHyLY8mFWbdkNWwpr+qIL2bEqT0o95WSdkNHvL12M=
+github.com/pelletier/go-toml/v2 v2.2.3/go.mod h1:MfCQTFTvCcUyyvvwm1+G6H/jORL20Xlb6rzQu9GuUkc=
+github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=
+github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/rogpeppe/go-internal v1.9.0 h1:73kH8U+JUqXU8lRuOHeVHaa/SZPifC7BkcraZVejAe8=
+github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs=
+github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
+github.com/sagikazarmark/locafero v0.6.0 h1:ON7AQg37yzcRPU69mt7gwhFEBwxI6P9T4Qu3N51bwOk=
+github.com/sagikazarmark/locafero v0.6.0/go.mod h1:77OmuIc6VTraTXKXIs/uvUxKGUXjE1GbemJYHqdNjX0=
+github.com/sagikazarmark/slog-shim v0.1.0 h1:diDBnUNK9N/354PgrxMywXnAwEr1QZcOr6gto+ugjYE=
+github.com/sagikazarmark/slog-shim v0.1.0/go.mod h1:SrcSrq8aKtyuqEI1uvTDTK1arOWRIczQRv+GVI1AkeQ=
+github.com/sourcegraph/conc v0.3.0 h1:OQTbbt6P72L20UqAkXXuLOj79LfEanQ+YQFNpLA9ySo=
+github.com/sourcegraph/conc v0.3.0/go.mod h1:Sdozi7LEKbFPqYX2/J+iBAM6HpqSLTASQIKqDmF7Mt0=
+github.com/spf13/afero v1.11.0 h1:WJQKhtpdm3v2IzqG8VMqrr6Rf3UYpEF239Jy9wNepM8=
+github.com/spf13/afero v1.11.0/go.mod h1:GH9Y3pIexgf1MTIWtNGyogA5MwRIDXGUr+hbWNoBjkY=
+github.com/spf13/cast v1.7.0 h1:ntdiHjuueXFgm5nzDRdOS4yfT43P5Fnud6DH50rz/7w=
+github.com/spf13/cast v1.7.0/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo=
+github.com/spf13/cobra v1.8.1 h1:e5/vxKd/rZsfSJMUX1agtjeTDf+qv1/JdBF8gg5k9ZM=
+github.com/spf13/cobra v1.8.1/go.mod h1:wHxEcudfqmLYa8iTfL+OuZPbBZkmvliBWKIezN3kD9Y=
+github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
+github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
+github.com/spf13/viper v1.19.0 h1:RWq5SEjt8o25SROyN3z2OrDB9l7RPd3lwTWU8EcEdcI=
+github.com/spf13/viper v1.19.0/go.mod h1:GQUN9bilAbhU/jgc1bKs99f/suXKeUMct8Adx5+Ntkg=
+github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
+github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
+github.com/subosito/gotenv v1.6.0 h1:9NlTDc1FTs4qu0DDq7AEtTPNw6SVm7uBMsUCUjABIf8=
+github.com/subosito/gotenv v1.6.0/go.mod h1:Dk4QP5c2W3ibzajGcXpNraDfq2IrhjMIvMSWPKKo0FU=
+go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=
+go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=
+golang.org/x/crypto v0.29.0 h1:L5SG1JTTXupVV3n6sUqMTeWbjAyfPwoda2DLX8J8FrQ=
+golang.org/x/crypto v0.29.0/go.mod h1:+F4F4N5hv6v38hfeYwTdx20oUvLLc+QfrE9Ax9HtgRg=
+golang.org/x/exp v0.0.0-20241108190413-2d47ceb2692f h1:XdNn9LlyWAhLVp6P/i8QYBW+hlyhrhei9uErw2B5GJo=
+golang.org/x/exp v0.0.0-20241108190413-2d47ceb2692f/go.mod h1:D5SMRVC3C2/4+F/DB1wZsLRnSNimn2Sp/NPsCrsv8ak=
+golang.org/x/oauth2 v0.24.0 h1:KTBBxWqUa0ykRPLtV69rRto9TLXcqYkeswu48x/gvNE=
+golang.org/x/oauth2 v0.24.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
+golang.org/x/sys v0.27.0 h1:wBqf8DvsY9Y/2P8gAfPDEYNuS30J4lPHJxXSb/nJZ+s=
+golang.org/x/sys v0.27.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/text v0.20.0 h1:gK/Kv2otX8gz+wn7Rmb3vT96ZwuoxnQlY+HlJVj7Qug=
+golang.org/x/text v0.20.0/go.mod h1:D4IsuqiFMhST5bX19pQ9ikHC2GsaKyk/oF+pn3ducp4=
+golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 h1:YR8cESwS4TdDjEe65xsg0ogRM/Nc3DYOhEAlW+xobZo=
+gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA=
+gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
+gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
diff --git a/delivery-toolkit/logos/logo_wall.svg b/delivery-toolkit/logos/logo_wall.svg
new file mode 100644
index 00000000..d197a919
--- /dev/null
+++ b/delivery-toolkit/logos/logo_wall.svg
@@ -0,0 +1 @@
+
diff --git a/delivery-tooling/main.go b/delivery-toolkit/main.go
similarity index 98%
rename from delivery-tooling/main.go
rename to delivery-toolkit/main.go
index e4294fb3..a192c4dd 100644
--- a/delivery-tooling/main.go
+++ b/delivery-toolkit/main.go
@@ -35,7 +35,7 @@ var (
},
Run: func(cmd *cobra.Command, args []string) {
fmt.Println(divider)
- fmt.Println("Welcome to the CCC Delivery Tooling CLI v" + Version)
+ fmt.Println("Welcome to the CCC Delivery Toolkit CLI v" + Version)
fmt.Print(logo)
fmt.Println(divider)
fmt.Println("You appear to be exploring!")
diff --git a/delivery-tooling/templates/catalog.md b/delivery-toolkit/templates/catalog.md
similarity index 88%
rename from delivery-tooling/templates/catalog.md
rename to delivery-toolkit/templates/catalog.md
index c3b82513..be962dde 100644
--- a/delivery-tooling/templates/catalog.md
+++ b/delivery-toolkit/templates/catalog.md
@@ -7,7 +7,7 @@
## Release Notes
-> _{{ .LatestReleaseDetails.ReleaseManager.Summary }}_
+> {{ .LatestReleaseDetails.ReleaseManager.Summary }}
Release Manager - **{{ .LatestReleaseDetails.ReleaseManager.Name }}, {{ .LatestReleaseDetails.ReleaseManager.Company }}** ([{{ .LatestReleaseDetails.ReleaseManager.GithubId }}](https://github.com/{{ .LatestReleaseDetails.ReleaseManager.GithubId }}))
@@ -21,7 +21,7 @@ Release Manager - **{{ .LatestReleaseDetails.ReleaseManager.Name }}, {{ .LatestR
|Feature ID|Feature Title|
|----|----|
{{- range .Features }}
-|{{ .ID }}|{{ .Title }}|
+|[{{ .ID }}](#{{ .Link }})|{{ .Title }}|
{{- end }}
---
@@ -36,7 +36,7 @@ Release Manager - **{{ .LatestReleaseDetails.ReleaseManager.Name }}, {{ .LatestR
|Threat ID|Threat Title|
|----|----|
{{- range .Threats }}
-|{{ .ID }}|{{ .Title }}|
+|[{{ .ID }}](#{{ .Link }})|{{ .Title }}|
{{- end }}
---
@@ -49,9 +49,9 @@ Release Manager - **{{ .LatestReleaseDetails.ReleaseManager.Name }}, {{ .LatestR
- {{ . }}
{{- end }}
-**Related MITRE ATT&CK Values:**
+**Related MITRE ATT&CK Techniques:**
{{ range .MITRETechnique }}
-- {{ . }}
+- [{{ . }}](https://attack.mitre.org/techniques/{{ . }})
{{- end }}
{{ end }}
@@ -60,7 +60,7 @@ Release Manager - **{{ .LatestReleaseDetails.ReleaseManager.Name }}, {{ .LatestR
|Control ID|Control Title|
|----|----|
{{- range .Controls }}
-|{{ .ID }}|{{ .Title }}|
+|[{{ .ID }}](#{{ .Link }})|{{ .Title }}|
{{- end }}
---
diff --git a/delivery-tooling/templates/release-notes.md b/delivery-toolkit/templates/release-notes.md
similarity index 93%
rename from delivery-tooling/templates/release-notes.md
rename to delivery-toolkit/templates/release-notes.md
index 8031b61f..960ed269 100644
--- a/delivery-tooling/templates/release-notes.md
+++ b/delivery-toolkit/templates/release-notes.md
@@ -1,5 +1,5 @@
-# {{ .Metadata.Title }} Release Details - v{{ .LatestReleaseDetails.Version }} ({{ .Metadata.ID }})
+# {{ .Metadata.Title }} - v{{ .LatestReleaseDetails.Version }} ({{ .Metadata.ID }})
## Summary
{{ .LatestReleaseDetails.ReleaseManager.Summary }}
diff --git a/delivery-tooling/update-metadata.go b/delivery-toolkit/update-metadata.go
similarity index 91%
rename from delivery-tooling/update-metadata.go
rename to delivery-toolkit/update-metadata.go
index 3be014c7..943baaa0 100644
--- a/delivery-tooling/update-metadata.go
+++ b/delivery-toolkit/update-metadata.go
@@ -16,8 +16,8 @@ import (
)
var (
- MetadataFilepath string
BuildDirectoryPath string
+ MetadataFilePath string
// baseCmd represents the base command when called without any subcommands
updateMetadataCmd = &cobra.Command{
@@ -37,14 +37,14 @@ var (
servicesDir := viper.GetString("services-dir")
buildTarget := viper.GetString("build-target")
- buildDirectoryPath := filepath.Join(servicesDir, buildTarget)
- MetadataFilepath = filepath.Join(buildDirectoryPath, "metadata.yaml")
+ BuildDirectoryPath = filepath.Join(servicesDir, buildTarget)
+ MetadataFilePath = filepath.Join(BuildDirectoryPath, "metadata.yaml")
err := updateMetadata()
if err != nil {
fmt.Println(err)
} else {
- fmt.Printf("Metadata has been updated successfully: %s\n", MetadataFilepath)
+ fmt.Printf("Metadata has been updated successfully: %s\n", MetadataFilePath)
}
},
}
@@ -70,12 +70,11 @@ func updateMetadata() (err error) {
// Create a new GitHub client
client := github.NewClient(tc)
- // Prepare the options to filter commits by the specified path (directory)
+ // Fetch the list of commits from the repository
+ cleanedPath := strings.Replace(filepath.ToSlash(BuildDirectoryPath), "../", "", 1)
opts := &github.CommitsListOptions{
- Path: BuildDirectoryPath,
+ Path: cleanedPath,
}
-
- // Fetch the list of commits from the repository
commits, _, err := client.Repositories.ListCommits(ctx, repoOwner, repoName, opts)
if err != nil {
log.Fatalf("Error fetching commits: %v", err)
@@ -137,7 +136,7 @@ func updateMetadata() (err error) {
log.Fatalf("Error marshaling YAML: %v", err)
}
- err = os.WriteFile(MetadataFilepath, metadataData, os.FileMode(0666))
+ err = os.WriteFile(MetadataFilePath, metadataData, os.FileMode(0666))
if err != nil {
log.Fatalf("Error writing to the YAML file: %v", err)
}
@@ -148,7 +147,7 @@ func updateMetadata() (err error) {
func getMetadataYaml() Metadata {
// Read the YAML file
- yamlFile, err := os.ReadFile(MetadataFilepath)
+ yamlFile, err := os.ReadFile(MetadataFilePath)
if err != nil {
log.Fatalf("Error reading YAML file: %v", err)
}
diff --git a/delivery-tooling/utils.go b/delivery-toolkit/utils.go
similarity index 100%
rename from delivery-tooling/utils.go
rename to delivery-toolkit/utils.go
diff --git a/docs/community-guidelines/README.md b/docs/community-guidelines/README.md
index 26ee0e2e..019e555c 100644
--- a/docs/community-guidelines/README.md
+++ b/docs/community-guidelines/README.md
@@ -4,19 +4,5 @@ Guidelines are formal recommendations to the community provided as structured ou
This directory will contain all guidelines recommended.
-## Adding or Modifying a Guideline
-
-- Changes can be suggested by anyone by raising a PR and notifying the Community Structure [WG] using the mailing list for consideration.
-- Then the members of the Community Structure [WG] should discuss this issue in their [WG] meetings and approve the PR for it to become a recommendation.
-
-## Upgrading a Recommendation to become a Policy
-
-In order for a guideline to become a policy a [SC], they must be put forward for a [vote] by a [SC] member sponsor.
-
-1. A pull request should be made by the [SC] sponsor to move the guideline into the [Policies] directory.
-2. The [SC] sponsor should call a [SC] [vote] and if approved by the majority the PR can be merged and the recommendation is now a policy.
-
-[Policies]: ../community-policies
-[vote]: ../steering/charter.md#voting
-[SC]: ../community-groups.md#steering-committee
-[WG]: ../community-groups.md#working-groups
+[SC]: ../governance/community-structure.md#steering-committee
+[WG]: ../governance/community-structure.md#working-groups
diff --git a/docs/community-guidelines/adding-modifying-guidelines.md b/docs/community-guidelines/adding-modifying-guidelines.md
new file mode 100644
index 00000000..d4a67053
--- /dev/null
+++ b/docs/community-guidelines/adding-modifying-guidelines.md
@@ -0,0 +1,9 @@
+# Adding or Modifying Community Guidelines
+
+This document is a [community guideline].
+
+- New community guidelines or changes to existing ones can be suggested by anyone by raising a PR and notifying the [Community Structure WG] using the mailing list for consideration.
+- Then the members of the [Community Structure WG] should discuss this issue in their WG meetings and approve the PR for it to become a recommendation.
+
+[community guideline]: ./README.md
+[Community Structure WG]: ../governance/community-structure.md#working-groups
diff --git a/docs/community-guidelines/communication.md b/docs/community-guidelines/communication.md
index f3c94e5f..59269cc7 100644
--- a/docs/community-guidelines/communication.md
+++ b/docs/community-guidelines/communication.md
@@ -36,7 +36,7 @@ Any meeting published on the public calendar must additionally adhere to a stric
- If these meetings are hosted by FINOS they must follow the guidance for [FINOS hosted meetings](#finos-hosted-meetings).
- If these meetings are NOT hosted by FINOS then any noteworthy decisions or outcomes should be communicated back to the wider [WG] via the mailing list.
-[SC]: ../community-groups.md#steering-committee
-[WG]: ../community-groups.md#working-groups
+[SC]: ../governance/community-structure.md#steering-committee
+[WG]: ../governance/community-structure.md#working-groups
[community guideline]: ./README.md
-[FINOS Point of Contact]: ../finos-poc.md
+[FINOS Point of Contact]: ../governance/finos-poc.md
diff --git a/docs/community-guidelines/content-standards-and-practices/README.md b/docs/community-guidelines/content-standards-and-practices/README.md
index 285286bb..5591a2ab 100644
--- a/docs/community-guidelines/content-standards-and-practices/README.md
+++ b/docs/community-guidelines/content-standards-and-practices/README.md
@@ -27,6 +27,6 @@ This directory will contain the content development standards and practices, whe
Feedback on these policies is vital for continuous improvement. If you have suggestions or updates, please communicate this to the [Delivery WG]. Do note that new policies and standards may be created or modified by a [vote] of the [SC] at any time, following the same process as [Upgrading a Recommendation to become a Policy](../../community-guidelines/README.md#upgrading-a-recommendation-to-become-a-policy).
-[SC]: ../../community-groups.md#steering-committee
-[vote]: ../../steering/charter.md#voting
-[Delivery WG]: ../../working-groups/delivery
+[SC]: ../../governance/community-structure.md#steering-committee
+[vote]: ../../governance/steering/charter.md#voting
+[Delivery WG]: ../../governance/working-groups/delivery/charter.md
diff --git a/docs/community-guidelines/content-standards-and-practices/control-definitions.md b/docs/community-guidelines/content-standards-and-practices/control-definitions.md
index 6be06a7f..fc86fcd0 100644
--- a/docs/community-guidelines/content-standards-and-practices/control-definitions.md
+++ b/docs/community-guidelines/content-standards-and-practices/control-definitions.md
@@ -8,7 +8,7 @@ Each service category in the CCC Taxonomy should have its own set of control def
To streamline maintenance, the CCC project maintains a list of [common controls].
-Each service category’s `controls.yaml` file references these by listing their IDs under the top-level `common_controls` value. During the release pipeline, our [delivery tooling] compiles these common controls into the final document alongside any specific controls. In the final output, both types of controls are presented consistently, with the unique identifier being the only difference.
+Each service category’s `controls.yaml` file references these by listing their IDs under the top-level `common_controls` value. During the release pipeline, our [Delivery Toolkit] compiles these common controls into the final document alongside any specific controls. In the final output, both types of controls are presented consistently, with the unique identifier being the only difference.
### Common Controls
@@ -30,7 +30,7 @@ When creating or updating a `controls.yaml` file for a service category, follow
## Control Definition Format
-To maintain consistency, all controls— whether common or specific— must follow the same format, style, and tone. Each control should adhere to the [control template](../templates/controls.yaml) before release.
+To maintain consistency, all controls— whether common or specific— must follow the same format, style, and tone. Each control should adhere to the [control template](../../resources/templates/controls.yaml) before release.
### Control Definition Values
@@ -56,6 +56,70 @@ A control family refers to a group of related security controls that are organiz
The list of control families is maintained in the [common controls] data.
[common controls]: /services/common-controls.yaml
-[delivery tooling]: /delivery-tooling
+[Delivery Toolkit]: /delivery-toolkit
[threats]: ./threat-definitions.md
[ref]: https://www.cisa.gov/sites/default/files/2023-02/tlp-2-0-user-guide_508c.pdf
+
+## Style Guide for Test Requirements
+
+### Structure
+
+Test requirements must follow a **"When-Then-MUST/MUST NOT"** structure to ensure they are **actionable, specific, measurable, and verifiable**:
+
+1. **When**: Describe the triggering condition or scenario under which the test is applied.
+2. **Then**: Specify the expected outcome of the test in a clear and measurable manner.
+3. Use **MUST** or **MUST NOT** to define mandatory conditions.
+
+This approach ensures that test requirements are actionable by providing clear instructions for verification, making them easy to implement and audit.
+
+> **Note:** The **Then** statement does not need to be explicitly written if the expected outcome is clearly implied by the **When** condition and the use of **MUST** or **MUST NOT**.
+
+### Examples
+
+#### Good Example
+
+```yaml
+test_requirements:
+ - id: CCC.VPC.C01.TR01
+ text: |
+ When a subscription is created, the subscription MUST NOT
+ contain default network resources.
+ tlp_levels:
+ - tlp_amber
+ - tlp_red
+```
+
+#### Why It’s Good
+
+- Clearly describes the triggering condition ("When a subscription is created").
+- Specifies the measurable outcome ("MUST NOT contain default network resources").
+- Provides clear verification criteria, making it actionable and easy to test.
+- Aligns with the control objective by verifying a critical security configuration.
+
+#### Bad Example
+
+```yaml
+test_requirements:
+ - id: CCC.VPC.C01.TR01
+ text: |
+ A subscription MUST NOT have default networks.
+ tlp_levels:
+ - tlp_amber
+ - tlp_red
+```
+
+#### Issues
+
+- Missing the "When-Then" structure.
+- Ambiguous context for the condition.
+- Lacks specificity about how to verify the requirement.
+- Does not align directly with the control objective or provide measurable verification.
+
+### Best Practices
+
+1. **Actionable Requirements**: Define test requirements that are specific, measurable, and verifiable.
+2. **Clarity and Specificity**: Ensure test requirements clearly articulate the triggering condition and expected outcome.
+3. **When-Then Structure**: Clearly define the triggering condition (_When_) and expected result (_Then_) for clarity.
+4. **Mandatory Language**: Use **MUST** or **MUST NOT** to convey non-negotiable requirements.
+5. **Avoid Ambiguity**: Avoid vague terms like "should" or "could."
+6. **Alignment with Control Objective**: Ensure test requirements align with and verify the control objective effectively.
diff --git a/docs/community-guidelines/content-standards-and-practices/feature-definitions.md b/docs/community-guidelines/content-standards-and-practices/feature-definitions.md
index 4ed2bc48..8620de54 100644
--- a/docs/community-guidelines/content-standards-and-practices/feature-definitions.md
+++ b/docs/community-guidelines/content-standards-and-practices/feature-definitions.md
@@ -8,7 +8,7 @@ Each feature definition should be created for a service in the CCC Taxonomy, wit
To streamline maintenance, the CCC project maintains a list of [common features].
-Each service category’s `features.yaml` file references common features by listing their IDs under the top-level `common_features` value. During the release pipeline, our [delivery tooling] compiles these common features into the final document alongside any specific features. In the final output, both types of features are presented consistently, with the unique identifier being the only difference.
+Each service category’s `features.yaml` file references common features by listing their IDs under the top-level `common_features` value. During the release pipeline, our [Delivery Toolkit] compiles these common features into the final document alongside any specific features. In the final output, both types of features are presented consistently, with the unique identifier being the only difference.
### Common Features
@@ -30,7 +30,7 @@ When creating or updating a `features.yaml` file for a service category, follow
## Feature Definition Format
-To maintain consistency, all features—whether common or specific—must follow the same format, style, and tone. Each feature should adhere to the [feature template](../templates/features.yaml) before release.
+To maintain consistency, all features—whether common or specific—must follow the same format, style, and tone. Each feature should adhere to the [feature template](../../resources/templates/features.yaml) before release.
### Feature Definition Values
@@ -46,5 +46,5 @@ When creating a new feature definition, use the following values:
Although a review from the [Communications WG] is optional, it may be useful if additional support is needed to match the writing style or tone of the document.
[common features]: /services/common-features.yaml
-[Communications WG]: ../../working-groups/communications/charter.md
-[delivery tooling]: /delivery-tooling
+[Communications WG]: ../../governance/working-groups/communications/charter.md
+[Delivery Toolkit]: /delivery-toolkit
diff --git a/docs/community-guidelines/content-standards-and-practices/markdown/formatting-guidelines.md b/docs/community-guidelines/content-standards-and-practices/markdown/formatting-guidelines.md
index f8a5709b..317ba46f 100644
--- a/docs/community-guidelines/content-standards-and-practices/markdown/formatting-guidelines.md
+++ b/docs/community-guidelines/content-standards-and-practices/markdown/formatting-guidelines.md
@@ -36,4 +36,4 @@ This section of this document contains a list of rules that are enabled for this
Adhering to these formatting guidelines and using `prettier` will help ensure that our Markdown documents are not only consistent but also maintain a high standard of quality and readability. Regular use of `prettier` will streamline the document creation process, making it easier for everyone to produce well-formatted documentation.
-[WG]: ../../../community-groups.md#working-groups
+[WG]: ../../../governance/community-structure.md#working-groups
diff --git a/docs/community-guidelines/content-standards-and-practices/markdown/linting-guidelines.md b/docs/community-guidelines/content-standards-and-practices/markdown/linting-guidelines.md
index aee987d0..4e12b652 100644
--- a/docs/community-guidelines/content-standards-and-practices/markdown/linting-guidelines.md
+++ b/docs/community-guidelines/content-standards-and-practices/markdown/linting-guidelines.md
@@ -73,4 +73,4 @@ This section of this document contains a list of rules that are enabled for this
Following these Markdown linting guidelines will help maintain a standard style across all our documents. Consistent formatting not only improves readability but also creates a professional appearance for all our communications. We encourage all contributors to adhere to these practices to ensure clarity and uniformity in our documentation.
-[WG]: ../../../community-groups.md#working-groups
+[WG]: ../../../governance/community-structure.md#working-groups
diff --git a/docs/community-guidelines/content-standards-and-practices/release-assets.md b/docs/community-guidelines/content-standards-and-practices/release-assets.md
index cdd3bd6d..575bdad5 100644
--- a/docs/community-guidelines/content-standards-and-practices/release-assets.md
+++ b/docs/community-guidelines/content-standards-and-practices/release-assets.md
@@ -73,7 +73,7 @@ release_details:
- "PR#34: Updated controls for increased encryption requirements."
```
-[release]: ../releases.md
+[release]: ../releases/README.md
[features]: ./feature-definitions.md
[threats]: ./threat-definitions.md
[controls]: ./control-definitions.md
diff --git a/docs/community-guidelines/content-standards-and-practices/threat-definitions.md b/docs/community-guidelines/content-standards-and-practices/threat-definitions.md
index 64dc0cdc..c4c4618c 100644
--- a/docs/community-guidelines/content-standards-and-practices/threat-definitions.md
+++ b/docs/community-guidelines/content-standards-and-practices/threat-definitions.md
@@ -8,7 +8,7 @@ Each threat definition corresponds to a service in the CCC Taxonomy, with every
To streamline maintenance, the CCC project maintains a list of [common threats].
-Each service category’s `threats.yaml` file references these common threats by listing their IDs under the top-level `common_threats` value. During the release pipeline, our [delivery tooling] compiles these common threats into the final document alongside any service-specific threats. In the final output, both types of threats are presented consistently, with the unique identifier being the only difference.
+Each service category’s `threats.yaml` file references these common threats by listing their IDs under the top-level `common_threats` value. During the release pipeline, our [Delivery Toolkit] compiles these common threats into the final document alongside any service-specific threats. In the final output, both types of threats are presented consistently, with the unique identifier being the only difference.
### Common Threats
@@ -28,16 +28,54 @@ When creating or updating a `threats.yaml` file for a service category, follow t
2. **Define Specific Threats**: If a threat is unique to the service category, document it in the `threats` section of the `threats.yaml` file.
3. **Consider Generalization**: If a specific threat could apply to at least three other service categories, evaluate whether it can be generalized and added to the [common threats] list.
-## Threat Definition Format
+## Threat Definition Style
To maintain consistency, all threats—whether common or specific—must follow the same format, style, and tone. Each threat should adhere to the [threats template] before release.
+### Definition of a Threat
+
+According to **NIST SP 800-30 Rev. 1**, a threat is defined as:
+
+> **"Any circumstance or event with the potential to adversely impact organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, or the Nation through an information system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service."**
+
+This definition emphasizes that a threat focuses on potential adverse impacts, not necessarily malicious intent.
+
+### Neutral Approach to Threat Descriptions
+
+#### Key Differences
+
+| **Aspect** | **Good Example** | **Bad Example** |
+| ---------------------- | ------------------------------------------------------------ | --------------------------------------------------------- |
+| **Neutral Tone** | Describes the condition neutrally. | Attributes the issue to an "attacker," assuming intent. |
+| **Focus on Condition** | Focuses on what went wrong and potential consequences. | Assumes exploitation and focuses on malicious actions. |
+| **Objectivity** | Leaves room for non-malicious scenarios (e.g., human error). | Frames the issue exclusively as a malicious exploitation. |
+
+#### Examples
+
+**Good Example**:
+**Title**: Access Control is Misconfigured
+**Description**:
+Misconfigured access controls may grant excessive privileges or fail to restrict unauthorized access to sensitive resources. This could result in unintended data exposure or unauthorized actions being performed within the system.
+
+**Bad Example**:
+**Title**: Access Control is Misconfigured
+**Description**:
+An attacker can exploit misconfigured access controls to gain excessive privileges or unauthorized access to sensitive resources. This could lead to data breaches or malicious actions within the system.
+
+### Best Practices
+
+1. **Neutral Tone**: Describe threats in a neutral, objective manner without assuming malicious intent or attributing actions to an attacker.
+2. **Focus on Conditions and Consequences**: Highlight the misconfiguration, condition, or situation that might result in an undesirable outcome, not the actor causing it.
+3. **Avoid Redundancy**: Ensure that new threats are distinct from existing ones and do not overlap unnecessarily.
+4. **Clarity and Precision**: Use clear language that conveys the nature and impact of the threat effectively to a broad audience.
+5. **Consistent Formatting**: Follow the specified structure and guidelines for all entries to maintain uniformity.
+
### Threat Definition Values
When creating a new threat definition, use the following values:
- **Threat ID** (`id`): A unique identifier for the threat, following the format `.TH<#>`.
-- **Threat Title** (`title`): A short name or title that succinctly describes the threat.
+- **Threat Title** (`title`): A short name or title using Title Case that succinctly describes the threat.
- **Threat Description** (`description`): A detailed description of the threat, including its nature and potential impact.
- **Feature IDs** (`features`): A list of IDs for the corresponding CCC features that this threat is associated with.
- **MITRE ATT&CK Technique** (`mitre_technique`): The unique identifier for the most relevant MITRE ATT&CK Technique.
@@ -50,6 +88,6 @@ Although a review from the [Communications WG] is optional, it may be useful if
This structure ensures that threats are standardized and can be consistently identified and addressed across all services within the CCC Taxonomy.
[common threats]: /services/common-threats.yaml
-[Communications WG]: ../../working-groups/communications/charter.md
-[delivery tooling]: /delivery-tooling
-[threats template]: ../templates/threats.yaml
+[Communications WG]: ../../governance/working-groups/communications/charter.md
+[Delivery Toolkit]: /delivery-toolkit
+[threats template]: ../../resources/templates/threats.yaml
diff --git a/docs/community-guidelines/guidelines-to-policies.md b/docs/community-guidelines/guidelines-to-policies.md
new file mode 100644
index 00000000..bb2bad0b
--- /dev/null
+++ b/docs/community-guidelines/guidelines-to-policies.md
@@ -0,0 +1,18 @@
+# Upgrading a Recommendation to become a Policy
+
+This document is a [community guideline].
+
+In order for a community guideline to become a community policy, the guideline must pass a [SC] [vote]. A [vote] can be called for by a [SC] member sponsor or the [Community Structure WG] Lead.
+
+1. A pull request should be made by the [SC] member sponsor or [Community Structure WG] Lead to move the guideline into the [Policies] directory.
+2. The [SC] member sponsor or [Community Structure WG] Lead should call a [SC] [vote] and, if approved by the majority, the PR can be merged and the recommendation is now a policy.
+3. The vote will be initiated on the pull request using [GitVote], enabling [SC] members to cast their votes directly on the associated pull request.
+4. The voting period will remain open for 7 days.
+5. A majority vote is required for the proposal to pass.
+
+[community guideline]: ./README.md
+[Policies]: ../community-policies
+[vote]: ../governance/steering/charter.md#voting
+[SC]: ../governance/community-structure.md#steering-committee
+[Community Structure WG]: ../governance/community-structure.md#working-groups
+[GitVote]: https://github.com/cncf/gitvote
diff --git a/docs/community-guidelines/meetings.md b/docs/community-guidelines/meetings.md
index ca078b97..25effa26 100644
--- a/docs/community-guidelines/meetings.md
+++ b/docs/community-guidelines/meetings.md
@@ -51,6 +51,6 @@ Once minutes are added to the GitHub issue, close the issue.
In the event that a meeting needs to be cancelled then the [FINOS Point of Contact] should be notified as soon as possible. The cancellation should also be communicated via the mailing list for the [WG].
-[WG]: ../community-groups.md#working-groups
-[FINOS Point of Contact]: ../finos-poc.md
+[WG]: ../governance/community-structure.md#working-groups
+[FINOS Point of Contact]: ../governance/finos-poc.md
[community guideline]: ./README.md
diff --git a/docs/community-guidelines/member-roles.md b/docs/community-guidelines/member-roles.md
index 9b7285eb..b04a2a89 100644
--- a/docs/community-guidelines/member-roles.md
+++ b/docs/community-guidelines/member-roles.md
@@ -144,6 +144,6 @@ Specific group charters may specify a shorter period for their roles.
[Linux Foundation Code of Conduct]: https://events.linuxfoundation.org/about/code-of-conduct/
[CODEOWNERS]: https://github.com/finos/common-cloud-controls/blob/main/.github/CODEOWNERS
[community mail group]: mailto:ccc-participants+subscribe@finos.org
-[community groups]: ../community-groups.md
-[SC]: ../community-groups.md#steering-committee
-[WG]: ../community-groups.md#working-groups
+[community groups]: ../governance/community-structure.md
+[SC]: ../governance/community-structure.md#steering-committee
+[WG]: ../governance/community-structure.md#working-groups
diff --git a/docs/community-guidelines/proposing-working-group.md b/docs/community-guidelines/proposing-working-group.md
index 01e904bc..28ef32a7 100644
--- a/docs/community-guidelines/proposing-working-group.md
+++ b/docs/community-guidelines/proposing-working-group.md
@@ -2,13 +2,13 @@
To propose a new working group complete the items in the check list below:
-- Create a PR with a draft charter which follows this [template](./templates/charter.md).
+- Create a PR with a draft charter which follows this [template](../resources/templates/charter.md).
- Find a [SC] member to sponsor the [WG].
- The proposal must include the name of the [WG] Lead.
- The [SC] sponsor will call for a [vote] on the new [WG] when it is ready.
- If the proposal receives a majority [vote], it is immediately considered active and responsible to act according to its charter.
- After the [SC] has approved the [WG], the sponsor should promptly request a mailing list for the [WG] by contacting . The mailing list should use the naming convention `ccc-[wg-name]@lists.finos.org`.
-[WG]: ../community-groups.md#working-groups
-[SC]: ../community-groups.md#steering-committee
-[vote]: ../steering/charter.md#voting
+[WG]: ../governance/community-structure.md#working-groups
+[SC]: ../governance/community-structure.md#steering-committee
+[vote]: ../governance/steering/charter.md#voting
diff --git a/docs/governance/community-guidelines/releases/README.md b/docs/community-guidelines/releases/README.md
similarity index 92%
rename from docs/governance/community-guidelines/releases/README.md
rename to docs/community-guidelines/releases/README.md
index 2cb0d85e..37e23932 100644
--- a/docs/governance/community-guidelines/releases/README.md
+++ b/docs/community-guidelines/releases/README.md
@@ -66,10 +66,10 @@ The release process involves contributors proposing changes through a pull reque
1. **Publishing:** The Release Manager creates the official release based on the final approved release candidate. This is published on GitHub along with release notes and documentation updates.
2. **Announcement:** The [Communications WG] announces the release through appropriate channels suchs as mailing lists and social media.
-[WG]: ../../community-groups.md#working-groups
-[Security WG]: ../../working-groups/security/charter.md
-[Taxonomy WG]: ../../working-groups/taxonomy/charter.md
-[Delivery WG]: ../../working-groups/delivery/charter.md
+[WG]: ../../governance/community-structure.md#working-groups
+[Security WG]: ../../governance/working-groups/security/charter.md
+[Taxonomy WG]: ../../governance/working-groups/taxonomy/charter.md
+[Delivery WG]: ../../governance/working-groups/delivery/charter.md
[Change Management Board]: ./cmb.md
-[Communications WG]: ../../working-groups/communications/charter.md
+[Communications WG]: ../../governance/working-groups/communications/charter.md
[community guideline]: ../README.md
diff --git a/docs/governance/community-guidelines/releases/cmb.md b/docs/community-guidelines/releases/cmb.md
similarity index 97%
rename from docs/governance/community-guidelines/releases/cmb.md
rename to docs/community-guidelines/releases/cmb.md
index fe44e0df..2f4ac2a4 100644
--- a/docs/governance/community-guidelines/releases/cmb.md
+++ b/docs/community-guidelines/releases/cmb.md
@@ -95,6 +95,6 @@ Appointments shall be permanently revoked in the following cases:
- Repeat abandonment of a stated commitment
- Undermining the process, such as deliberately circumventing or disregarding documented norms
-[Security WG]: ../working-groups/security/charter.md
-[Delivery WG]: ../working-groups/delivery/charter.md
+[Security WG]: ../../governance/working-groups/security/charter.md
+[Delivery WG]: ../../governance/working-groups/delivery/charter.md
[community guideline]: ./README.md
diff --git a/docs/community-guidelines/releases/cmb/README.md b/docs/community-guidelines/releases/cmb/README.md
new file mode 100644
index 00000000..1543f1fa
--- /dev/null
+++ b/docs/community-guidelines/releases/cmb/README.md
@@ -0,0 +1,90 @@
+# Change Management Board
+
+This document is a [community guideline].
+
+## Purpose
+
+The document outlines and defines the guidelines for the Change Management Board (CMB) for the Common Cloud Controls (CCC) project.
+
+The CMB is a body of representatives from financial institutions of varying sizes and types. Its primary role is to review and approve changes and new catalogs that are within the Release Candidate. The CMB collectively represents end-user stakeholders, ensuring that each artifact is adaptable to the needs of a wide range of institutions while maintaining consistency and integrity across the board.
+
+## Process
+
+The process followed by the CMB to manage changes includes:
+
+1. **Proposal Submission**
+ - Proposed changes are submitted for CMB review by contributors or working groups within the CCC project.
+1. **Review Cycle**
+ - The CMB reviews the changes based on the established guidelines and feedback from relevant working groups such as the [Security WG], [Delivery WG], and others.
+1. **Approval or Request for Modifications**
+ - After review, the CMB either approves the proposed changes for the next release candidate or requests modifications and additional feedback from the contributor or associated working group.
+1. **Final Approval and Release**
+ - Upon receiving approval, the release manager compiles the final release package, and the CMB confirms the official release of the updated framework.
+
+## Membership
+
+The change management board is composed of a Release Manager and the body of reviewers, both appointed by the [Delivery WG].
+
+A release cycle shall be a minimum of one month, during which time a Release Manager will solicit and arbitrate feedback from the reviewers prior to approving and initiating the release.
+
+### Release Manager Responsibilities
+
+The release manager is not a unilateral authority on the release, rather they are the representative of the group's opinions. Insomuch as they represent the CMB, the release manager holds the final guidance in the lifecycle of an asset.
+
+The release manager will be responsible for the following:
+
+- Collaborate with the CCC working group leads to ensure that the asset is ready for review.
+- Issue an announcement to the CMB, containing:
+ - Links to the asset under review
+ - Desired release date
+ - Deadline for initial responses (two weeks prior to desired release date)
+ - Instructions for participating in this review cycle
+- When a change request (CR) is received:
+ - Evaluate the quality of the CR. If necessary, request adjustments for clarity or conciseness.
+ - Relay the CR to all participating reviewers
+ - At least two members must agree on a CR before it moves forward, with majority opinion ruling when there is dissent.
+ - When discussion has been stabilized for at least 48 hours, determine the status of the CR
+ - If the CR is affirmed by the CMB, create a GitHub issue detailing the CR. Tag and notify the appropriate working group.
+ - If the CR is not affirmed by the CMB, notify the change requestor. The CR should not be resubmitted unless there are substantial changes to the request.
+- When all outstanding requests have been resolved and requested changes have been applied, initiate the release.
+ - Ensure that the release is no sooner than the expected delivery date, and that all actions follow the current processes of the [Delivery WG].
+
+### Reviewer Responsibilities
+
+Members are **not** obligated to review every release but will be notified and may choose to engage in reviews. [Read about the process here.](./member-responsibilities.md)
+
+### Qualifications for Participation
+
+Individuals of any background or experience level may participate in a review.
+
+To approve or request changes, an individual must be an appointed CMB member in good standing.
+
+CMB members are appointed by the [Delivery WG]. If you are interested or have any questions, please reach out to a current [Delivery WG] member or join the community call.
+
+### Release Manager Qualifications
+
+A release manager shall be a [Delivery WG] approver or a CMB member who has provided feedback on a previous release cycle.
+
+Release managers are expected to demonstrate the following qualities:
+
+- Strong written communication skills
+- High attention to detail
+- Commitment to process and protocol
+- Ability to parse and relay complex feedback
+- Fundamental knowledge of the domain featured in the release
+- Reasonable availability and responsiveness during the release cycle (at least one month)
+
+### Breach of Decorum
+
+Members of the Change Management Board are expected to follow the [FINOS Community Code of Conduct](https://community.finos.org/docs/governance/code-of-conduct) at all times.
+
+Appointments shall be permanently revoked in the following cases:
+
+- Repeat disrespectful communication
+- Repeat obstructive behavior such as vague or non-actionable feedback
+- Repeat abandonment of a stated commitment
+- Undermining the process, such as deliberately circumventing or disregarding documented norms
+
+[Security WG]: /docs/governance/working-groups/security/charter.md
+[Delivery WG]: /docs/governance/working-groups/delivery/charter.md
+[community guideline]: ./README.md
diff --git a/docs/community-guidelines/releases/cmb/feedback-guide.md b/docs/community-guidelines/releases/cmb/feedback-guide.md
new file mode 100644
index 00000000..a5c3fc6d
--- /dev/null
+++ b/docs/community-guidelines/releases/cmb/feedback-guide.md
@@ -0,0 +1,19 @@
+# CMB Feedback Guide
+
+This is a simple guide for CMB members on how to properly provide feedback within GitHub Discussions.
+
+## Steps
+
+1. Navigate to the Discussions Section in GitHub for this project:
+
+ 
+
+1. Find an active discussion that's associated with the release you would like to contribute to. You can find it here: [Active Discussions for CMB](https://github.com/finos/common-cloud-controls/discussions/categories/change-management-board-cmb?discussions_q=is%3Aopen+category%3A%22Change+Management+Board+%28CMB%29%22)
+
+ 
+
+1. If your issue is unique, please create a new thread in the discussion post by leaving a comment. Otherwise, feel free to leave a comment inside of the thread on the discussion.
+
+ 
+
+1. Double check to ensure you put your comment in the right place before hitting the green button!
diff --git a/docs/community-guidelines/releases/cmb/member-responsibilities.md b/docs/community-guidelines/releases/cmb/member-responsibilities.md
new file mode 100644
index 00000000..2d4abdb8
--- /dev/null
+++ b/docs/community-guidelines/releases/cmb/member-responsibilities.md
@@ -0,0 +1,21 @@
+# CMB Member Responsibilities
+
+As a member of the change management board (CMB), you will be invited to review any release candidate so that you may identify issues with the controls standard prior to the official release.
+
+[Find information about the CMB and underlying processes here.](./README.md)
+
+## Participation
+
+The Release Manager will create the discussion post within GitHub for the release candidate, which is where you will be expected to leave your feedback. Please follow this guide: [Feedback Guide](feedback-guide.md)
+
+Several release candidates may be open at the same time. Members are not obligated in any specific review, but are highly encouraged to participate in areas where they have subject matter expertise.
+
+## Expectations
+
+- Be thorough, thoughtful, and provide detailed feedback before requesting changes.
+ - Gather feedback from colleagues as needed to support a review.
+- If changes are requested, communicate clearly and promptly through the channels outlined by the Release Manager for the current release cycle.
+ - When a change request (CR) is received, the Release Manager will open discussions and facilitate responses from the board.
+- Members are encouraged to respond within 7 days if they have input on a CR.
+ - The Release Manager logs any dissenting opinions and communicates the majority decision.
+- A release cannot proceed without a minimum of 5 approvals; members are encouraged to help meet this threshold by approving, requesting changes, or contributing to discussion around open change requests.
diff --git a/docs/community-guidelines/releases/imgs/image-1.png b/docs/community-guidelines/releases/imgs/image-1.png
new file mode 100644
index 00000000..c4a380a2
Binary files /dev/null and b/docs/community-guidelines/releases/imgs/image-1.png differ
diff --git a/docs/community-guidelines/releases/imgs/image-2.png b/docs/community-guidelines/releases/imgs/image-2.png
new file mode 100644
index 00000000..f22be14c
Binary files /dev/null and b/docs/community-guidelines/releases/imgs/image-2.png differ
diff --git a/docs/community-guidelines/releases/imgs/image-3.png b/docs/community-guidelines/releases/imgs/image-3.png
new file mode 100644
index 00000000..b6ac3c3d
Binary files /dev/null and b/docs/community-guidelines/releases/imgs/image-3.png differ
diff --git a/docs/governance/community-guidelines/imgs/release-process.drawio.svg b/docs/community-guidelines/releases/imgs/release-process.drawio.svg
similarity index 100%
rename from docs/governance/community-guidelines/imgs/release-process.drawio.svg
rename to docs/community-guidelines/releases/imgs/release-process.drawio.svg
diff --git a/docs/community-guidelines/versioning.md b/docs/community-guidelines/versioning.md
index a9d71957..0ee712d1 100644
--- a/docs/community-guidelines/versioning.md
+++ b/docs/community-guidelines/versioning.md
@@ -27,7 +27,7 @@ Versioning will be scoped to each artifact delivered by the working groups. This
Releases should happen, at most, one time per month. This schedule ensures a manageable release cadence and maintains the stability of our artifacts. For more information about the releases, please refer to this document: [Releases](./README.md)
-[WG]: ../community-groups.md#working-groups
-[Communications WG]: ../working-groups/communications/charter.md
-[Delivery WG]: ../working-groups/delivery/charter.md
+[WG]: ../governance/community-structure.md#working-groups
+[Communications WG]: ../governance/working-groups/communications/charter.md
+[Delivery WG]: ../governance/working-groups/delivery/charter.md
[community guideline]: ./README.md
diff --git a/docs/community-policies/README.md b/docs/community-policies/README.md
index 3d4c6582..6e40701e 100644
--- a/docs/community-policies/README.md
+++ b/docs/community-policies/README.md
@@ -10,5 +10,5 @@ This directory will contain the latest version of all policies that must be adhe
Policies may be created or modified by a [vote] of the [SC] at any time, following the same process as [Upgrading a Recommendation to become a Policy](../community-guidelines/README.md/#upgrading-a-recommendation-to-become-a-policy).
-[SC]: ../community-groups.md#steering-committee
-[vote]: ../steering/charter.md#voting
+[SC]: ../governance/community-structure.md#steering-committee
+[vote]: ../governance/steering/charter.md#voting
diff --git a/docs/governance/steering/charter.md b/docs/governance/steering/charter.md
index c7ab951b..911dc53c 100644
--- a/docs/governance/steering/charter.md
+++ b/docs/governance/steering/charter.md
@@ -178,6 +178,7 @@ This document was adapted from the Kubernetes Steering Committee Charter [afb385
[Eligible voters]: elections.md#eligibility-for-voting
[Inclusive Open Source Community Orientation]: https://training.linuxfoundation.org/training/inclusive-open-source-community-orientation-lfc102/
[afb3858]: https://github.com/kubernetes/steering/blob/afb3858/charter.md
+[community groups]: ../community-structure.md#working-groups