Name | sag-reader JSON |
Version |
1.0.4
JSON |
| download |
home_page | None |
Summary | Python app to read CISA Software Acquisition Guide Spreadsheets based on CISA format https://cisa.gov/sag |
upload_time | 2024-12-09 23:53:20 |
maintainer | None |
docs_url | None |
author | None |
requires_python | >=3.10 |
license | MIT License Copyright (c) 2024 Business Cyber Guardian a Reliable Energy Analytics LLC Company Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. |
keywords |
software acquisition guide
cisa
secure by design
|
VCS |
 |
bugtrack_url |
|
requirements |
openpyxl
pandas
pre-commit
pylint
pytest
typer
xlrd
|
Travis-CI |
No Travis.
|
coveralls test coverage |
No coveralls.
|
# CISASAGReader
Python app to read CISA Software Acquisition Guide Spreadsheets based on CISA format https://cisa.gov/sag
V 1.0.2 SAGSCORE Trust Label: https://softwareassuranceguardian.com/SAGCTR_inquiry/getTrustedProductLabel?ProductID=9429E05DF9DDA377F4CF0359904ED020B2AA67C54E945C8F0DAD84B6FFDF3AB1&html=1
V 1.0.3 SAGSCore Trust Label: https://softwareassuranceguardian.com/SAGCTR_inquiry/getTrustedProductLabel?ProductID=5D60680109AAC8DDEED1DD2D0D709179799E6CDC1C2FF918CD371A26D04079A8&html=1
SBOM: SPDX Version 2.3 in JSON format
VDR: Follows open-source VDR format https://github.com/rjb4standards/REA-Products/blob/master/SAGVulnDisclosure.xsd using JSON output format
The CISASAGReader product also serves as a *role model* for what a Secure by Design solution *should* provide to satisfy the Secure by Design transparency principle by providing consumers with artifacts to enable a comprehensive software risk assessment, such as an SBOM, living Vulnerability Disclosure Report (VDR), Vendor Response File (VRF) listing additional company information and SDLC policy details, and the CISA Software Acquisition Guide Spreadsheet completed by the software producer.
## Installation
You may use `pip` or `pipx` (https://pipx.pypa.io/stable/) to install the CISASAGReader.
We recommend installing it with `pipx` for ease of use after installation.
Simply run
```sh
pipx install sag-reader`
```
## Use
Assuming that you installed the CISASAGReader with `pipx`, running it is as simple as
running `sag-reader` from the command line.
To get information on usage, simply run
```sh
sag-reader --help
```
### Try it out for yourself.
*Download the CISASAGReader spreadsheet here*: https://github.com/rjb4standards/CISASAGReader/raw/refs/heads/main/CISASAGReader-spreadsheet.xlsx
*Run sag-reader to view the CISASAGReader Secure by Design responses in the dowloaded spreadsheet*:
```sh
sag-reader --include-descriptions CISASAGReader-spreadsheet.xlsx
```
## Output
The CISASAGReader will parse Excel files (.xlsx and .xls) in the CISA format. It will remove those answers that the spreadsheet indicates do not have to be answered to reduce overall noise.
Output is human-readable by default. However, the `sag-reader` application can also be used to produce output in a JSON format that may be used in downstream processing, such as automated risk analysis, datalake inclusion for population analysis, or simple inclusion in a database for electronic recall and display. For example:
```sh
sag-reader spreadsheet.xls json
```
JSON output is hierarchical by CONTROL or TASK, then the designator broken up by its components. Leaf values in the resultant tree are the values entered on the spreadsheet.
Descriptions are not included in the JSON output or the human-readable output by default. They may be turned on for the human-readable output, for example:
```sh
sag-reader --include-descriptions spreadsheet.xls
```
Raw data
{
"_id": null,
"home_page": null,
"name": "sag-reader",
"maintainer": null,
"docs_url": null,
"requires_python": ">=3.10",
"maintainer_email": null,
"keywords": "Software Acquisition Guide, CISA, Secure by Design",
"author": null,
"author_email": "\"Richard (Dick) Brooks\" <dick@reliableenergyanalytics.com>, Joseph Wortmann <joseph.wortmann@gmail.com>",
"download_url": "https://files.pythonhosted.org/packages/00/26/0cd0bf9293ef04d13110333be9fc5706b92658550f496fdbe8950b7db8bc/sag_reader-1.0.4.tar.gz",
"platform": null,
"description": "# CISASAGReader\nPython app to read CISA Software Acquisition Guide Spreadsheets based on CISA format https://cisa.gov/sag\n\nV 1.0.2 SAGSCORE Trust Label: https://softwareassuranceguardian.com/SAGCTR_inquiry/getTrustedProductLabel?ProductID=9429E05DF9DDA377F4CF0359904ED020B2AA67C54E945C8F0DAD84B6FFDF3AB1&html=1\n\nV 1.0.3 SAGSCore Trust Label: https://softwareassuranceguardian.com/SAGCTR_inquiry/getTrustedProductLabel?ProductID=5D60680109AAC8DDEED1DD2D0D709179799E6CDC1C2FF918CD371A26D04079A8&html=1\n\nSBOM: SPDX Version 2.3 in JSON format\nVDR: Follows open-source VDR format https://github.com/rjb4standards/REA-Products/blob/master/SAGVulnDisclosure.xsd using JSON output format\n\nThe CISASAGReader product also serves as a *role model* for what a Secure by Design solution *should* provide to satisfy the Secure by Design transparency principle by providing consumers with artifacts to enable a comprehensive software risk assessment, such as an SBOM, living Vulnerability Disclosure Report (VDR), Vendor Response File (VRF) listing additional company information and SDLC policy details, and the CISA Software Acquisition Guide Spreadsheet completed by the software producer.\n\n## Installation\nYou may use `pip` or `pipx` (https://pipx.pypa.io/stable/) to install the CISASAGReader.\n\nWe recommend installing it with `pipx` for ease of use after installation.\n\nSimply run\n```sh\npipx install sag-reader`\n```\n\n## Use\nAssuming that you installed the CISASAGReader with `pipx`, running it is as simple as\nrunning `sag-reader` from the command line.\n\nTo get information on usage, simply run\n\n```sh\nsag-reader --help\n```\n\n### Try it out for yourself.\n*Download the CISASAGReader spreadsheet here*: https://github.com/rjb4standards/CISASAGReader/raw/refs/heads/main/CISASAGReader-spreadsheet.xlsx\n\n*Run sag-reader to view the CISASAGReader Secure by Design responses in the dowloaded spreadsheet*:\n\n```sh\nsag-reader --include-descriptions CISASAGReader-spreadsheet.xlsx\n```\n\n## Output\nThe CISASAGReader will parse Excel files (.xlsx and .xls) in the CISA format. It will remove those answers that the spreadsheet indicates do not have to be answered to reduce overall noise.\n\nOutput is human-readable by default. However, the `sag-reader` application can also be used to produce output in a JSON format that may be used in downstream processing, such as automated risk analysis, datalake inclusion for population analysis, or simple inclusion in a database for electronic recall and display. For example:\n\n```sh\nsag-reader spreadsheet.xls json\n```\n\nJSON output is hierarchical by CONTROL or TASK, then the designator broken up by its components. Leaf values in the resultant tree are the values entered on the spreadsheet.\n\nDescriptions are not included in the JSON output or the human-readable output by default. They may be turned on for the human-readable output, for example:\n\n```sh\nsag-reader --include-descriptions spreadsheet.xls\n```\n",
"bugtrack_url": null,
"license": "MIT License Copyright (c) 2024 Business Cyber Guardian a Reliable Energy Analytics LLC Company Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the \"Software\"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. ",
"summary": "Python app to read CISA Software Acquisition Guide Spreadsheets based on CISA format https://cisa.gov/sag",
"version": "1.0.4",
"project_urls": {
"Homepage": "https://github.com/rjb4standards/CISASAGReader",
"Issues": "https://github.com/rjb4standards/CISASAGReader/issues",
"Repository": "https://github.com/rjb4standards/CISASAGReader.git"
},
"split_keywords": [
"software acquisition guide",
" cisa",
" secure by design"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "dfb79af177b40f56993d9cd8cf9232c96ecb88b9497ec5046740ce7b7b98577c",
"md5": "8840b1c66b6de685f4cec22d29510b5f",
"sha256": "4154768c2fe9dc5f4222fd5fc47ffed659f3e85aeb62c19106e7ea04834b9f16"
},
"downloads": -1,
"filename": "sag_reader-1.0.4-py3-none-any.whl",
"has_sig": false,
"md5_digest": "8840b1c66b6de685f4cec22d29510b5f",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.10",
"size": 6390,
"upload_time": "2024-12-09T23:53:19",
"upload_time_iso_8601": "2024-12-09T23:53:19.051713Z",
"url": "https://files.pythonhosted.org/packages/df/b7/9af177b40f56993d9cd8cf9232c96ecb88b9497ec5046740ce7b7b98577c/sag_reader-1.0.4-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "00260cd0bf9293ef04d13110333be9fc5706b92658550f496fdbe8950b7db8bc",
"md5": "bba5a4eaa07634fcad7edcf859d7a958",
"sha256": "64424b342d42ce636e71351c5f4e07bdad6dd55203d4e891ac4a18c898ac9537"
},
"downloads": -1,
"filename": "sag_reader-1.0.4.tar.gz",
"has_sig": false,
"md5_digest": "bba5a4eaa07634fcad7edcf859d7a958",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.10",
"size": 210357,
"upload_time": "2024-12-09T23:53:20",
"upload_time_iso_8601": "2024-12-09T23:53:20.114598Z",
"url": "https://files.pythonhosted.org/packages/00/26/0cd0bf9293ef04d13110333be9fc5706b92658550f496fdbe8950b7db8bc/sag_reader-1.0.4.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-12-09 23:53:20",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "rjb4standards",
"github_project": "CISASAGReader",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"requirements": [
{
"name": "openpyxl",
"specs": [
[
"==",
"3.1.5"
]
]
},
{
"name": "pandas",
"specs": [
[
"==",
"2.2.3"
]
]
},
{
"name": "pre-commit",
"specs": [
[
"==",
"4.0.1"
]
]
},
{
"name": "pylint",
"specs": [
[
"==",
"3.3.2"
]
]
},
{
"name": "pytest",
"specs": [
[
"==",
"8.3.4"
]
]
},
{
"name": "typer",
"specs": [
[
"==",
"0.15.1"
]
]
},
{
"name": "xlrd",
"specs": [
[
"==",
"2.0.1"
]
]
}
],
"lcname": "sag-reader"
}