@mitre/inspec-objects
Advanced tools
Readme
Typescript objects for InSpec profiles
This repository contains the source code that facilitates the writing of InSpec profiles (for use in things like stub generation and delta comparisons) more consistent with Chef Cookstyle formatting for ease of use when comparing with new changes from delta and when generating InSpec stubs that match a standard format.
For more information about Chef Cookstyle see:
The process code maintained in this repository generates a npm executable that is published to the npm registry as mitre-inspec-objects.
To use the mitre-inspec-objects npm package, simply add the package as a dependency to your project application using the npm install command:
npm install mitre-inspec-objects
The package is a CommonJS-based npm written in TypeScript
When using this library to parse InSpec profiles or xccdf files for the purposes of generating InSpec profiles, the general workflow is as follows:
- The input is processed, read into a typescript object
- Operated on with any required action / logic
- Then written into an InSpec profile as output.
This means that we can not simply write out in the same format we got in. Instead, we have to make choices about formatting for how to write out content.
Here are some formatting choices that are being made.
String quotation
| The string contains | Use |
|---|---|
| single (') and double (") quotes | percent string syntax - %q() |
| single (') quotes | double (") quotes |
| other | single (') quotes |
Tag keywords are not quoted (ex: tag severity: 'medium')
Each control file ends with a newline
© 2018-2022 The MITRE Corporation.
Approved for Public Release; Distribution Unlimited. Case Number 18-3678.
MITRE hereby grants express written permission to use, reproduce, distribute, modify, and otherwise leverage this software to the extent permitted by the licensed terms provided in the LICENSE.md file included with this project.
This software was produced for the U. S. Government under Contract Number HHSM-500-2012-00008I, and is subject to Federal Acquisition Regulation Clause 52.227-14, Rights in Data-General.
No other use other than that granted to the U. S. Government, or to those acting on behalf of the U. S. Government under that Clause is authorized without the express written permission of The MITRE Corporation.
For further information, please contact The MITRE Corporation, Contracts Management Office, 7515 Colshire Drive, McLean, VA 22102-7539, (703) 983-6000.
FAQs
Typescript objects for normalizing between InSpec profiles and XCCDF benchmarks
The npm package @mitre/inspec-objects receives a total of 930 weekly downloads. As such, @mitre/inspec-objects popularity was classified as not popular.
We found that @mitre/inspec-objects demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 7 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
This episode of the Risky Biz podcast discusses how the rise of small open source packages and the shift towards individual maintainers makes the ecosystem more vulnerable to supply chain attacks.
Product
Streamline your login process and enhance security by enabling Single Sign-On (SSO) on the Socket platform, now available for all customers on the Enterprise plan, supporting 20+ identity providers.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.