Skip to content

Trestle demonstration projects and content¤

Trestle has a number of demonstrations setup in the IBM/compliance-trestle-demos repository which is intended to be a single point of call for demonstrations and content.

If you are interested in contributing a demonstration / content open a PR to the demonstration repo and a PR to this page.

Demonstrations, where practical, should include instructions on how they were created.

Current demonstrations¤

Simple sdk examples.¤

This folder contains a number of small examples for using the trestle OSCAL sdks.

Australian government Information Security Manual (ISM)¤

This demonstration uses trestle as an SDK for generating OSCAL files. This demonstration downloads all currently available versions of the Australian Government ISM from ACSC and converts those documents to a set of OSCAL catalogs and profiles. Read more about the demo here.

arc42 architectural template enforcement using trestle author.¤

arc42 have created a set of open-source architecture documentation templates. This demonstration uses trestle author to enforce use of the (modified) arc42 templates.

A CICD pipeline (using github actions) is used for this demonstration. The full repository, including working CICD is here. Read more about the demo here.

Trestle flask microservice demonstration.¤

trestle uses a python library called pydantic to form the underlying OSCAL object models. flask-pydantic introduces a mechanism which integrates pydantic models into flask, providing automated user input validation in one line of code. This demo accepts a catalog as a POSTed object, throwing errors if the catalog does not meet the schema, and returns the catalog in the response. Find the demonstration here.

Creating a CIS controls catalog from an excel spreadsheet.¤

The Centre for Internet Security (CIS) produce a number of cross industry standards for IT security including their platform specific benchmarks and a suite of controls. This demo converts a spreadsheet of those controls into a a catalog and three profiles.

Creating an SSP using trestle author.¤

trestle author ssp-generate and trestle author ssp-assemble allow users to generate first a set of markdown documents to allow easy editing of control responses and second to reassemble that information up into an OSCAL ssp document. This is a 'baseline' demonstration with more sophisticated updates expected in the near term.

Trestle Repository API (trestle.core.repository)¤

trestle.core.repository is an API which abstracts users from the file system of a trestle repository. It provides a way for external developers to access a trestle repository without relying on presumptions (such as cwd being within the repository). Find the demo here.

Converting a spreadsheet into a component-definition¤

Plenty of compliance content exists today in spreadsheets. This demonstration show how to use the xlsx-to-oscal-component-definition MVP functionality.

Task examples¤

Spreadsheet to component definition¤