config

package
v0.11.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 18, 2026 License: BSD-2-Clause Imports: 4 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	DefaultRepo = "sirosfoundation/compliance"
	DefaultURL  = "https://compliance.siros.org"
	DefaultName = "Compliance Dashboard"
)

Defaults used when no .grc.yaml exists.

View Source 
var DefaultFrameworks = []FrameworkConfig{
	{ID: "eudi", Name: "EUDI Security Requirements", CatalogFile: "eudi-secreq.yaml", MappingFile: "eudi-secreq.yaml", SidebarPosition: 1, ListKey: "requirements", KeyField: "id", StatusField: "result", WorkStatusField: "status", NotesField: "observation", DeriveMode: "result", Slug: "eudi", Source: "ENISA – Security Requirements for European Digital Identity Wallets v0.5"},
	{ID: "iso27001", Name: "ISO 27001 Annex A", CatalogFile: "iso27001-annexa.yaml", MappingFile: "iso27001-annexa.yaml", SidebarPosition: 2, KeyField: "annex_a", Source: "ISO/IEC 27001:2022 Annex A"},
	{ID: "gdpr", Name: "GDPR Checklist", CatalogFile: "gdpr-checklist.yaml", MappingFile: "gdpr.yaml", SidebarPosition: 3, KeyField: "match_name", Source: "GDPR Checklist for Data Controllers"},
	{ID: "owasp-asvs", Name: "OWASP ASVS 4.0.3 Level 3", CatalogFile: "owasp-asvs.yaml", MappingFile: "owasp-asvs.yaml", SidebarPosition: 4, KeyField: "section", Source: "OWASP Application Security Verification Standard 4.0.3"},
}

DefaultFrameworks is used when no .grc.yaml is present (backward compat).

Functions

This section is empty.

Types

type CatalogConfig added in v0.2.0 

type CatalogConfig struct {
	Dir           string   `yaml:"dir"`
	Subdirs       []string `yaml:"subdirs"`
	FrameworksDir string   `yaml:"frameworks_subdir"`
}

CatalogConfig holds catalog-specific settings.

type ComponentConfig added in v0.7.6 

type ComponentConfig struct {
	Name    string `yaml:"name"`
	Repo    string `yaml:"repo"`     // GitHub org/repo (e.g. "sirosfoundation/go-wallet-backend")
	DocsURL string `yaml:"docs_url"` // developer docs URL (optional)
}

ComponentConfig maps a logical component name to its repository and docs.

type Config 

type Config struct {
	Root        string
	CatalogDir  string
	MappingsDir string
	AuditsDir   string
	SiteDir     string
	OSCALDir    string
	RiskDir     string

	Project          ProjectConfig
	Frameworks       []FrameworkConfig
	Components       []ComponentConfig
	Profiles         []ProfileConfig
	RiskRegister     RiskRegisterConfig
	YearCycle        YearCycleConfig
	CatalogSubdirs   []string
	FrameworksSubdir string
}

Config holds the resolved runtime configuration.

func New 

func New(root string) (*Config, error)

New loads configuration from .grc.yaml if present, falling back to defaults. Returns an error if .grc.yaml exists but is malformed.

func (*Config) DefaultProfile added in v0.11.0 

func (c *Config) DefaultProfile() string

DefaultProfile returns the ID of the default profile, or "" if no profiles are defined.

func (*Config) HasProfile added in v0.11.0 

func (c *Config) HasProfile(id string) bool

HasProfile reports whether a profile with the given ID is configured.

func (*Config) ProfileIDs added in v0.11.0 

func (c *Config) ProfileIDs() []string

ProfileIDs returns the list of all configured profile IDs.

func (*Config) Validate added in v0.4.0 

func (c *Config) Validate() error

Validate checks the config for common mistakes.

type DirConfig added in v0.2.0 

type DirConfig struct {
	Dir string `yaml:"dir"`
}

DirConfig holds directory layout settings.

type FrameworkConfig added in v0.2.0 

type FrameworkConfig struct {
	ID              string `yaml:"id"`
	Name            string `yaml:"name"`
	CatalogFile     string `yaml:"catalog_file"`
	MappingFile     string `yaml:"mapping_file"`
	SidebarPosition int    `yaml:"sidebar_position"`

	// Mapping schema fields (generic loading/deriving).
	ListKey         string   `yaml:"list_key"`          // top-level YAML key (default: "mappings")
	Sections        []string `yaml:"sections"`          // multiple YAML keys to merge (overrides list_key)
	KeyField        string   `yaml:"key_field"`         // field name for requirement ID
	StatusField     string   `yaml:"status_field"`      // assessment status field (default: "coverage")
	WorkStatusField string   `yaml:"work_status_field"` // optional secondary status field
	NotesField      string   `yaml:"notes_field"`       // field name for notes (default: "notes")
	DeriveMode      string   `yaml:"derive_mode"`       // "result" or "coverage" (default: "coverage")
	Slug            string   `yaml:"slug"`              // URL slug for framework dir (default: ID)
	Source          string   `yaml:"source"`            // source attribution for per-requirement pages
	SourceURL       string   `yaml:"source_url"`        // live URL to the framework standard
}

FrameworkConfig describes one compliance framework to load and render.

func (*FrameworkConfig) ApplyDefaults added in v0.3.0 

func (fw *FrameworkConfig) ApplyDefaults()

ApplyDefaults fills in zero-value fields with sensible defaults.

type GRCFile added in v0.2.0 

type GRCFile struct {
	Project      ProjectConfig      `yaml:"project"`
	Catalog      CatalogConfig      `yaml:"catalog"`
	Mappings     DirConfig          `yaml:"mappings"`
	Audits       DirConfig          `yaml:"audits"`
	Site         DirConfig          `yaml:"site"`
	OSCAL        DirConfig          `yaml:"oscal"`
	Frameworks   []FrameworkConfig  `yaml:"frameworks"`
	Components   []ComponentConfig  `yaml:"components"`
	Profiles     []ProfileConfig    `yaml:"profiles"`
	RiskRegister RiskRegisterConfig `yaml:"risk_register"`
	YearCycle    YearCycleConfig    `yaml:"year_cycle"`
}

GRCFile is the top-level .grc.yaml file structure.

type ProfileConfig added in v0.11.0 

type ProfileConfig struct {
	ID          string `yaml:"id"`
	Name        string `yaml:"name"`
	Description string `yaml:"description,omitempty"`
	Default     bool   `yaml:"default,omitempty"`  // the base profile (findings without profiles: apply here)
	Inherits    string `yaml:"inherits,omitempty"` // parent profile ID (overrides extend parent)
}

ProfileConfig defines a deployment profile for tracking compliance per configuration.

type ProjectConfig added in v0.2.0 

type ProjectConfig struct {
	Name string `yaml:"name"`
	Repo string `yaml:"repo"`
	URL  string `yaml:"url"`
}

ProjectConfig holds project-level identity settings.

type RiskRegisterConfig added in v0.11.0 

type RiskRegisterConfig struct {
	Dir    string   `yaml:"dir"`
	Files  []string `yaml:"files"`
	Public bool     `yaml:"public"` // whether to include in public site render
}

RiskRegisterConfig holds configuration for the risk register.

type YearCycleConfig added in v0.11.0 

type YearCycleConfig struct {
	Title  string `yaml:"title"`  // heading for the year-cycle page
	Source string `yaml:"source"` // URL or local path to an iCal (.ics) feed
	Public bool   `yaml:"public"` // whether to include in public site render
}

YearCycleConfig holds configuration for the year-cycle calendar view.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.