Merge branch 'main' into controls-work

.github/ISSUE_TEMPLATE/release_proposal.md

@@ -23,7 +23,7 @@ assignees: "damienjburks"
 - [ ] Modify the `metadata.yaml` files to include the latest release details. This can be accomplished in an automated form by running the following command:
 
   ```text
-  cd delivery-tooling
+  cd delivery-toolkit
   go run . release-notes -t /services/storage/object
   ```
 

.github/workflows/pr-title.yaml

@@ -0,0 +1,30 @@
+## Reference: https://github.com/amannn/action-semantic-pull-request
+---
+name: "Lint PR Title"
+on:
+  # pull_request_target event is required for autolabeler to support all PRs including forks
+  pull_request_target:
+    types: [opened, reopened, edited, synchronize]
+jobs:
+  lint_pr_title:
+    permissions:
+      contents: read
+      pull-requests: read
+      statuses: write
+    uses: jmeridth/reusable-workflows/.github/workflows/pr-title.yaml@d788c4f6994c7b37134a9f592fe5db42fd7a0957
+    with:
+      types: |
+        add
+        change
+        remove
+      scopes: |
+        ci
+        docs
+        feature
+        threat
+        control
+        category
+        family
+      requireScope: true
+    secrets:
+      github-token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/release.yml

@@ -17,7 +17,7 @@ jobs:
     runs-on: ubuntu-latest
     defaults:
       run:
-        working-directory: ./delivery-tooling
+        working-directory: ./delivery-toolkit
     steps:
       - uses: actions/checkout@v4
         name: Build
@@ -65,7 +65,7 @@ jobs:
         uses: actions/[email protected]
         with:
           name: ccc-catalogs
-          path: ./delivery-tooling/artifacts/*
+          path: ./delivery-toolkit/artifacts/*
           if-no-files-found: error
           retention-days: 1 # Maximum Retention
 

.github/workflows/sonatype_scan.yaml

@@ -9,7 +9,7 @@ on:
 env:
   SonatypeUrl: "https://finos.sonatype.app/platform/"
   SonatypeAppId: "ccc-delivery"
-  SonatypeScanTarget: "delivery-tooling/"
+  SonatypeScanTarget: "delivery-toolkit/"
   ExcludeDirectory: ""
 
 jobs:

.gitignore

@@ -3,5 +3,5 @@ build/oscal-cli
 # VS Code 
 .DS_Store
 # Delivery Tooling
-delivery-tooling/artifacts
+delivery-toolkit/artifacts
 .env/

.prettierignore

@@ -1 +1 @@
-delivery-tooling/*
+delivery-toolkit/*

.vscode/common-controls.code-snippets

@@ -1,66 +1,90 @@
 {
-    "Prevent unencrypted requests": {
-      "scope": "yaml",
-      "prefix": "CC1, CC Prevent unencrypted requests",
-      "body": [
-        "- CCC.C01 # Prevent unencrypted requests control"
-      ],
-      "description": "Common Control Prevent unencrypted requests"
-    },
-    "Ensure data encryption at rest": {
-      "scope": "yaml",
-      "prefix": "CC2, CC Ensure data encryption at rest",
-      "body": [
-        "- CCC.C02 # Ensure data encryption at rest for all stored data"
-      ],
-      "description": "Common Control Ensure data encryption at rest"
-    },
-    "Implement multi-factor authentication": {
-      "scope": "yaml",
-      "prefix": "CC3, CC Implement MFA for access",
-      "body": [
-        "- CCC.C03 # Implement multi-factor authentication (MFA) for access"
-      ],
-      "description": "Common Control Implement multi-factor authentication (MFA) for access"
-    },
-    "Log all access and changes": {
-      "scope": "yaml",
-      "prefix": "CC4, CC Log all access and changes",
-      "body": [
-        "- CCC.C04 # Log all access and changes"
-      ],
-      "description": "Common Control Log all access and changes"
-    },
-    "Prevent access from untrusted entities": {
-      "scope": "yaml",
-      "prefix": "CC5, CC Prevent access from untrusted entities",
-      "body": [
-        "- CCC.C05 # Prevent access from untrusted entities"
-      ],
-      "description": "Common Control Prevent access from untrusted entities control"
-    },
-    "Prevent deployment in restricted regions": {
-      "scope": "yaml",
-      "prefix": "CC6, CC Prevent deployment in restricted regions",
-      "body": [
-        "- CCC.C06 # Prevent deployment in restricted regions"
-      ],
-      "description": "Common Control Prevent deployment in restricted regions"
-    },
-    "Alert on non-human enumeration": {
-      "scope": "yaml",
-      "prefix": "CC7, CC Alert on non-human enumeration",
-      "body": [
-        "- CCC.C07 # Alert on non-human enumeration"
-      ],
-      "description": "Common Control Alert on non-human enumeration"
-    },
-    "Enable multi-zone or multi-region data replication": {
-      "scope": "yaml",
-      "prefix": "CC8, CC Enable multi-zone or multi-region data replication",
-      "body": [
-        "- CCC.C08 # Enable multi-zone or multi-region data replication"
-      ],
-      "description": "Common Control Enable multi-zone or multi-region data replication"
-    }
-  }
+	"Prevent Unencrypted Requests": {
+		"scope": "yaml",
+		"prefix": "CC1, CC Prevent Unencrypted Requests",
+		"body": [
+			"- CCC.C01 # Prevent Unencrypted Requests"
+		  ],
+		"description": "Common Control Prevent Unencrypted Requests"
+	},
+	"Ensure Data Encryption at Rest for All Stored Data": {
+		"scope": "yaml",
+		"prefix": "CC2, CC Ensure Data Encryption at Rest for All Stored Data",
+		"body": [
+			"- CCC.C02 # Ensure Data Encryption at Rest for All Stored Data"
+		  ],
+		"description": "Common Control Ensure Data Encryption at Rest for All Stored Data"
+	},
+	"Implement Multi-factor Authentication (MFA) for Access": {
+		"scope": "yaml",
+		"prefix": "CC3, CC Implement Multi-factor Authentication (MFA) for Access",
+		"body": [
+			"- CCC.C03 # Implement Multi-factor Authentication (MFA) for Access"
+		  ],
+		"description": "Common Control Implement Multi-factor Authentication (MFA) for Access"
+	},
+	"Log All Access and Changes": {
+		"scope": "yaml",
+		"prefix": "CC4, CC Log All Access and Changes",
+		"body": [
+			"- CCC.C04 # Log All Access and Changes"
+		  ],
+		"description": "Common Control Log All Access and Changes"
+	},
+	"Prevent Access from Untrusted Entities": {
+		"scope": "yaml",
+		"prefix": "CC5, CC Prevent Access from Untrusted Entities",
+		"body": [
+			"- CCC.C05 # Prevent Access from Untrusted Entities"
+		  ],
+		"description": "Common Control Prevent Access from Untrusted Entities"
+	},
+	"Prevent Deployment in Restricted Regions": {
+		"scope": "yaml",
+		"prefix": "CC6, CC Prevent Deployment in Restricted Regions",
+		"body": [
+			"- CCC.C06 # Prevent Deployment in Restricted Regions"
+		  ],
+		"description": "Common Control Prevent Deployment in Restricted Regions"
+	},
+	"Alert on Unusual Enumeration Activity": {
+		"scope": "yaml",
+		"prefix": "CC7, CC Alert on Unusual Enumeration Activity",
+		"body": [
+			"- CCC.C07 # Alert on Unusual Enumeration Activity"
+		  ],
+		"description": "Common Control Alert on Unusual Enumeration Activity"
+	},
+	"Enable Multi-zone or Multi-region Data Replication": {
+		"scope": "yaml",
+		"prefix": "CC8, CC Enable Multi-zone or Multi-region Data Replication",
+		"body": [
+			"- CCC.C08 # Enable Multi-zone or Multi-region Data Replication"
+		  ],
+		"description": "Common Control Enable Multi-zone or Multi-region Data Replication"
+	},
+	"Prevent Tampering, Deletion, or Unauthorized Access to Access Logs": {
+		"scope": "yaml",
+		"prefix": "CC9, CC Prevent Tampering, Deletion, or Unauthorized Access to Access Logs",
+		"body": [
+			"- CCC.C09 # Prevent Tampering, Deletion, or Unauthorized Access to Access Logs"
+		],
+		"description": "Common Control Prevent Tampering, Deletion, or Unauthorized Access to Access Logs"
+	},
+	"Prevent Data Replication to Destinations Outside of Defined Trust Perimeter": {
+		"scope": "yaml",
+		"prefix": "CC10, CC Prevent Data Replication to Destinations Outside of Defined Trust Perimeter",
+		"body": [
+			"- CCC.C10 # Prevent Data Replication to Destinations Outside of Defined Trust Perimeter"
+		],
+		"description": "Common Control Prevent Data Replication to Destinations Outside of Defined Trust Perimeter"
+	},
+	"Enforce Key Management Policies": {
+		"scope": "yaml",
+		"prefix": "CC11, CC Enforce Key Management Policies",
+		"body": [
+			"- CCC.C11 # Enforce Key Management Policies"
+		],
+		"description": "Common Control Enforce Key Management Policies"
+	},
+}

.vscode/common-features.code-snippets

@@ -119,13 +119,13 @@
 		  ],
 		"description": "Common Feature Cost Management"
 	},
-	"BudgetingAlerting": {
+	"Budgeting": {
 		"scope": "yaml",
-		"prefix": "CF16, CF BudgetingAlerting",
+		"prefix": "CF16, CF Budgeting",
 		"body": [
-			"- CCC.F16 # BudgetingAlerting"
+			"- CCC.F16 # Budgeting"
 		  ],
-		"description": "Common Feature BudgetingAlerting"
+		"description": "Common Feature Budgeting"
 	},
 	"Alerting": {
 		"scope": "yaml",
@@ -143,13 +143,13 @@
 		  ],
 		"description": "Common Feature Versioning"
 	},
-	"On-Demand Scaling": {
+	"On-demand Scaling": {
 		"scope": "yaml",
-		"prefix": "CF19, CF On-Demand Scaling",
+		"prefix": "CF19, CF On-demand Scaling",
 		"body": [
-			"- CCC.F19 # On-Demand Scaling"
+			"- CCC.F19 # On-demand Scaling"
 		  ],
-		"description": "Common Feature On-Demand Scaling"
+		"description": "Common Feature On-demand Scaling"
 	},
 	"Tagging": {
 		"scope": "yaml",
@@ -184,5 +184,5 @@
 			"- CCC.F23 # Network Access Rules"
 		  ],
 		"description": "Common Feature Network Access Rules"
-	}
+	},
 }