Mv dependencies (#1820)

* 0.11.1 okta * Update siteapp/authentication/OIDCAuthentication.py * Dynamically set Internet schme (http or https) for swagger interface * Bulk update a component's statements across all systems #1797 * Added support for multiple overlays and compliance catalogs Load default SSP AppSource and Webhooks * Add SAST and secrets detection to linting * Sync requirements.in with latest version * 1-Add CMMCv2 catalog/baselines * 1-Update python libraries for urllib3 * 2-Add --extra-index-url to requirements.txt * 3-Change python index to pypi.org/simple * 4-Bump pyopenssl==23.2.0 * 5-downgrade to Django 18 * 6-Controls/models.py auto_prefetch.Model.Meta * 7-Bump Django version to 3.2.19 * 8-Point index-url to pypi * 1-Add CMMCv2 catalog/baselines * 2-Updated python libraries * 3-GovReady updae python requirements * Delete q-files/vendors/laurasia directory --------- Co-authored-by: Schaad, Mark A <mark.schaad@mantech.com> Co-authored-by: Muhlenkamp, Brian F <brian.muhlenkamp@mantech.com> Co-authored-by: Drake, Xavier <xavier.drake@mantech.com> Co-authored-by: Greg Elin <gregelin@govready.com>
GovReady · Jun 25, 2023 · 9851f5e · 9851f5e
1 parent b408ae5
commit 9851f5e
Show file tree

Hide file tree

Showing 39 changed files with 147,014 additions and 192 deletions.
diff --git a/.editorconfig b/.editorconfig
@@ -0,0 +1,69 @@
+# see http://editorconfig.org
+root = true
+
+[*]
+end_of_line = lf
+trim_trailing_whitespace = true
+insert_final_newline = false
+indent_style = space
+indent_size = 4
+charset = utf-8
+
+[*.{tf,tfvars,tpl}]
+end_of_line = lf
+trim_trailing_whitespace = true
+insert_final_newline = true
+indent_style = space
+indent_size = 2
+charset = utf-8
+
+[*.sh]
+indent_style = unset
+trim_trailing_whitespace = unset
+insert_final_newline = unset
+indent_size = 2
+charset = utf-8
+
+[*.py]
+charset = utf-8
+
+[*.md]
+trim_trailing_whitespace = false
+indent_size = 2
+charset = utf-8
+
+[*.{yml,ansible-lint,yamllint}]
+end_of_line = lf
+trim_trailing_whitespace = true
+insert_final_newline = true
+indent_style = space
+indent_size = 2
+charset = utf-8
+
+[Makefile]
+indent_style = tab
+indent_size = 1
+
+[*.ps1]
+indent_style = space
+indent_size = 4
+
+[*.snyk]
+indent_size = 2
+charset = utf-8
+
+[/**]
+indent_size = unset
+insert_final_newline = unset
+indent_size = unset
+indent_style = unset
+insert_final_newline = unset
+trim_trailing_whitespace = unset
+
+[q-files/**]
+indent_size = unset
+insert_final_newline = unset
+indent_size = unset
+indent_style = unset
+insert_final_newline = unset
+trim_trailing_whitespace = unset
diff --git a/.gitignore b/.gitignore
@@ -128,4 +128,4 @@ frontend/static/
 environment.okta.json
 
 # branding
-*_branding
+*_branding
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
@@ -0,0 +1,122 @@
+---
+variables:
+  PYTHONIOENCODING: "utf-8"
+  LDRNET_CERT: $LDRNET_CERT
+  UMBRELLA_CERT: $UMBRELLA_CERT
+
+default:
+  tags:
+    - docker
+
+include:
+  - template: Jobs/SAST-IaC.gitlab-ci.yml
+  - template: Jobs/SAST.gitlab-ci.yml
+  - template: Jobs/Secret-Detection.gitlab-ci.yml
+
+stages:
+  - lint
+  - test
+
+lint-terraform:
+  stage: lint
+  image:
+    name: hashicorp/terraform:latest
+    entrypoint: [""]
+  environment:
+    name: "Terraform Lint Check"
+  script:
+    - terraform fmt -check=true -diff=true -recursive
+  when: always
+  only:
+    - pushes
+    - merge_requests
+  tags:
+    - docker
+
+lint-editorconfig:
+  stage: lint
+  image: moskey71/eclint-lint:v1
+  script:
+    - make -f /Makefile eclint/lint
+  when: always
+  only:
+    - pushes
+    - merge_requests
+  tags:
+    - docker
+
+secret_detection:
+  tags:
+    - docker
+
+iac-sast:
+  tags:
+    - docker
+
+kics-iac-sast:
+  tags:
+    - docker
+
+sast:
+  tags:
+    - docker
+
+bandit-sast:
+  tags:
+    - docker
+
+brakeman-sast:
+  tags:
+    - docker
+
+eslint-sast:
+  tags:
+    - docker
+
+flawfinder-sast:
+  tags:
+    - docker
+
+kubesec-sast:
+  tags:
+    - docker
+
+gosec-sast:
+  tags:
+    - docker
+
+mobsf-android-sast:
+  tags:
+    - docker
+
+mobsf-ios-sast:
+  tags:
+    - docker
+
+nodejs-scan-sast:
+  tags:
+    - docker
+
+phpcs-security-audit-sast:
+  tags:
+    - docker
+
+pmd-apex-sast:
+  tags:
+    - docker
+
+security-code-scan-sast:
+  tags:
+    - docker
+
+semgrep-sast:
+  tags:
+    - docker
+
+sobelow-sast:
+  tags:
+    - docker
+
+spotbugs-sast:
+  tags:
+    - docker
diff --git a/.yamllint b/.yamllint
@@ -0,0 +1,13 @@
+---
+extends: default
+rules:
+  document-end: disable
+  document-start: disable
+  comments:
+    min-spaces-from-content: 1
+  line-length:
+    level: warning
+    max: 500
+
+yaml-files:
+  - '*.yaml'
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,69 @@
 GovReady-Q Release Notes
 ========================
+v0.12.2-multi (June 5, 2023)
+---------------------------
+
+* Add CMMC version2 catalog and baseline level 1 & 2
+* Updated VERSION and CHANGELOG.md
+
+**Laurasia changes**
+
+v0.12.1-dev (April 19, 2023)
+---------------------------
+
+**Laurasia changes**
+
+* Add new siteapp/management/commands to load default Laurasia SSP if it doesn't exist. This works
+around the problem of this feature in API.
+
+- Bulk update a component's statements across all systems 
+- Add JSIG and Privacy catalogs/baselines
+- Extended Django Webhooks and Management Commands
+  - load_app_template.py calls a compliance app template like JSIG_SSP
+  - set_baseline_controls.py sets compliance catalog baseline
+  - Add support for multiple overlays
+  - load_component_from_library.py places a Library Component into a target SSP
+  - import_control_catalog.py allows uploading a new control catalog source
+- Update python packages and pin urllib3
+- Add Laurasia JSIG questionnaire template and Appsource
+- Added support for printing SSP with multiple catalogs
+
+v0.11.6 (March 14, 2023)
+---------------------------
+
+**Developer changes**
+
+* Upgrade Python libraries.
+
+**Developer changes**
+* Add siteapp.management_views as webhooks for calling Django management commands.
+
+v0.11.5 (March 2, 2023)
+---------------------------
+
+**Developer changes**
+
+* Upgrade Python libraries.
+* Update npm packages.
+
+v0.12.0-dev (February 4, 2022)
+---------------------------
+
+**Developer changes**
+
+* Add API endpoint and Element (component) model method to force update all Element consuming systems's control implementation statements with library Elements content.
+* Add parameter createOSCAL API endpoint to indicate update existing components.
+* Upgrade Python libraries.
+* Update NPM libraries.
+
+
+v0.11.4 (December 17, 2022)
+---------------------------
+
+**Developer changes**
+
+* Dynamically set Internet schme (http or https) for swagger interface to support proper URL strings in swagger.
+
 
 v0.11.7 (June 11, 2023)
 ---------------------------
@@ -45,8 +109,7 @@ v0.11.3 (December 10, 2022)
 
 **Developer changes**
 
-* Add processing for question actions targeted at system to handle `system/add_baseline/<value>` to add additional baseline set of controls to a system without deleting already assigned controls.A
-
+* Add processing for question actions targeted at system to handle `system/add_baseline/<value>` to add additional baseline set of controls to a system without deleting already assigned controls.
 
 v0.11.2 (December 10, 2022)
 ---------------------------
@@ -2048,12 +2111,12 @@ v0.9.1.20 (May 31, 2020)
     # Legacy version local/environment.json file using deprecated host, https parameter
 
     {
-       "db": "mysql://USER:PASSWORD@HOST:PORT/NAME",
-       "host": "localhost:8000",
-       "https": false,
-       "debug": false,
-       "secret-key": "long_random_string_here",
-       ...
+      "db": "mysql://USER:PASSWORD@HOST:PORT/NAME",
+      "host": "localhost:8000",
+      "https": false,
+      "debug": false,
+      "secret-key": "long_random_string_here",
+      ...
     }
 ```
 
@@ -2889,4 +2952,4 @@ Development changes:
 v0.7.0-rc2 (January 8, 2018)
 ----------------------------
 
-First release.
+First release.