Publish SSVC v2025.9

.github/workflows/deploy_site.yml

@@ -32,28 +32,29 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Set up Python
-        uses: actions/setup-python@v5
+        uses: actions/setup-python@v6
         with:
           python-version: '3.12'
 
       - name: Install dependencies
         run: |
           python -m pip install --upgrade pip
-          python -m pip install -r requirements.txt
+          python -m pip install uv
+          uv sync --project=src --no-dev
 
       - name: Setup Pages
         uses: actions/configure-pages@v5
 
       - name: Build Site
         run: |
           export PYTHONPATH=src:$PYTHONPATH
-          mkdocs build --verbose --clean --config-file mkdocs.yml       
+          uv run --project=src mkdocs build --clean --config-file mkdocs.yml       
 
       - name: Upload artifact
-        uses: actions/upload-pages-artifact@v3
+        uses: actions/upload-pages-artifact@v4
         with:
           # Upload entire repository
           path: 'site'

.github/workflows/link_checker.yml

@@ -12,6 +12,7 @@ on:
       - .github/workflows/linkchecker.yml
       # run on any PR that changes the pip requirements
       - requirements.txt
+      - src/pyproject.toml
   # let us trigger it manually
   workflow_dispatch:
 
@@ -20,28 +21,23 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Set up Python
-        uses: actions/setup-python@v5
+        uses: actions/setup-python@v6
         with:
-          python-version: '3.10'
+          python-version: '3.12'
 
       - name: Install dependencies
         run: |
-          python -m pip install --upgrade pip
-          python -m pip install -r requirements.txt
-          python -m pip install linkchecker
-
-      - name: Install our python stuff
-        run: |
-          python -m pip install -e src
+          python -m pip install --upgrade pip uv
+          uv sync --dev --project=src
 
       - name: Build Site
         run: |
-          mkdocs build --verbose --clean --config-file mkdocs.yml       
+          uv run --project=src mkdocs build --verbose --clean --config-file mkdocs.yml
 
       - name: Check links
         run: |
-          linkchecker site/index.html
+          uv run --project=src linkchecker site/index.html
 

.github/workflows/lint_md_changes.yml

@@ -13,10 +13,10 @@ jobs:
   lint:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v5
       with:
         fetch-depth: 0
-    - uses: tj-actions/changed-files@ed68ef82c095e0d48ec87eccea555d944a631a4c
+    - uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62
       id: changed-files
       with:
         files: '**/*.md'

.github/workflows/python-app.yml

@@ -18,25 +18,24 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v5
       with:
         fetch-tags: true
     - name: Set up Python 3.12
-      uses: actions/setup-python@v5
+      uses: actions/setup-python@v6
       with:
         python-version: "3.12"
     - name: Install dependencies
       run: |
-        python -m pip install --upgrade pip
-        pip install pytest build
-        if [ -f requirements.txt ]; then pip install -r requirements.txt; fi
+        python -m pip install --upgrade pip uv
+        uv sync --project=src --dev --frozen
 #    - uses: psf/black@stable
     - name: Test with pytest
       run: |
-        pytest
+        uv run --project=src pytest
     - name: Build
       run: |
-        python -m build src
+        uv build --project=src
     - name: Upload Artifacts
       uses: actions/upload-artifact@v4
       with:

.gitignore

@@ -131,3 +131,4 @@ dmypy.json
 ssvc2-applier-wip.xlsx
 _version.py
 node_modules
+tmp

Makefile

@@ -1,48 +1,89 @@
 # Project-specific vars
 MKDOCS_PORT=8765
 DOCKER_DIR=docker
+PROJECT_DIR = ./src
+DOCKER_COMPOSE=docker-compose --project-directory $(DOCKER_DIR)
+UV_RUN=uv run --project $(PROJECT_DIR)
 
 # Targets
-.PHONY: all test docs docker_test clean help
+.PHONY: all test docs api docker_test clean help mdlint_fix up down regenerate_json
+
 
 all: help
 
+dev:
+	@echo "Set up dev environment..."
+	uv sync --dev --project $(PROJECT_DIR)
+
 mdlint_fix:
 	@echo "Running markdownlint..."
 	markdownlint --config .markdownlint.yml --fix .
 
 test:
 	@echo "Running tests locally..."
-	pytest -v src/test
+	uv run --project $(PROJECT_DIR) pytest -v
 
 docker_test:
+	@echo "Building the latest test image..."
+	$(DOCKER_COMPOSE) build test
 	@echo "Running tests in Docker..."
-	pushd $(DOCKER_DIR) && docker-compose run --rm test
+	$(DOCKER_COMPOSE) run --rm test
+
+docs_local:
+	@echo "Building and running docs locally..."
+	$(UV_RUN) mkdocs serve
 
 docs:
 	@echo "Building and running docs in Docker..."
-	pushd $(DOCKER_DIR) && docker-compose up docs
+	$(DOCKER_COMPOSE) up docs
+
+api:
+	@echo "Building and running API in Docker..."
+	$(DOCKER_COMPOSE) up api
+
+api_dev:
+	$(UV_RUN) uvicorn ssvc.api.main:app --reload
 
 up:
 	@echo "Starting Docker services..."
-	pushd $(DOCKER_DIR) && docker-compose up -d
+	$(DOCKER_COMPOSE) up -d
 
 down:
 	@echo "Stopping Docker services..."
-	pushd $(DOCKER_DIR) && docker-compose down
+	$(DOCKER_COMPOSE) down
+
+regenerate_json:
+	@echo "Regenerating JSON files..."
+	rm -rf data/json/decision_points
+	export PYTHONPATH=$(PWD)/src && ./src/ssvc/doctools.py --datadir=./data --overwrite
 
 clean:
 	@echo "Cleaning up Docker resources..."
-	pushd $(DOCKER_DIR) && docker-compose down --rmi local || true
-
+	$(DOCKER_COMPOSE) down --rmi local || true
+	rm -rf $(PROJECT_DIR)/.venv $(PROJECT_DIR)/uv.lock
 help:
 	@echo "Usage: make [target]"
 	@echo ""
 	@echo "Targets:"
 	@echo " all         - Display this help message"
-	@echo " mdlint_fix  - Run markdownlint with --fix"
-	@echo " test        - Run the tests in a local shell"
-	@echo " docs        - Build and run the docs Docker service"
-	@echo " docker_test - Run the tests in a Docker container"
-	@echo " clean       - Remove Docker containers and images"
-	@echo " help        - Display this help message"
+
+	@echo " dev        - Set up development environment"
+	@echo " mdlint_fix  - Run markdownlint with fix"
+	@echo " test       - Run tests locally"
+	@echo " docker_test - Run tests in Docker"
+
+	@echo " docs       - Build and run documentation in Docker"
+	@echo " docs_local - Build and run documentation locally"
+
+	@echo " api        - Build and run API in Docker"
+	@echo " api_dev    - Run API locally with auto-reload"
+
+	@echo " up         - Start Docker services"
+	@echo " down       - Stop Docker services"
+
+	@echo " regenerate_json - Regenerate JSON files from python modules"
+
+	@echo " clean      - Clean up Docker resources"
+	@echo " help       - Display this help message"
+
+

README.md

@@ -45,20 +45,22 @@ The data folder contains detailed data files that define suggested prioritizatio
 
 There are both `.csv` and `.json` files in this directory.
 
-### `/data/csvs/*`
+### `/data/csv/*`
 
-The `.csv` files are the primary data files used by the `ssvc.py` module.
+The `.csv` files are generated from the python `ssvc` module.
 
-Also included in data are the lookup tables as csv files which `ssvc_v2.py` reads in.
-These files define one row per possible path through the trees as described in the documentation.
+These files define one row per possible path through the decision tables as described in the documentation.
 Customizing the "outcome" column in this csv is the primary recommended way that stakeholders might adapt SSVC to their environment.
 
 ### `/data/json/*`
 
-These json files are generated examples from the python `ssvc` module.
+These json files are generated examples from the python `ssvc` module,
+which uses `pydantic` to define the data models.
 
 ### `/data/schema/*` and `/data/schema_examples/*`
 
+These json schema files are used to validate the structure of the `.json` files in `/data/json/*`.
+They are generated from the python `ssvc` module, which uses `pydantic` to define the data models.
 These files are used by the `ssvc-calc` module.
 
 ## `/docker/*`
@@ -85,15 +87,6 @@ These modules are used to generate documentation for various [Decision Points](h
 
 Documentation for the `ssvc` module can be found at [https://certcc.github.io/SSVC/reference/code/](https://certcc.github.io/SSVC/reference/code/)
 
-### `src/ssvc_v2.py`
-
-A basic Python module for interacting with the SSVC trees. `ssvc_v2.py` has
-two methods: `applier_tree()` and `developer_tree()`
-
-The two methods just loop through their respective lookup tables until
-they hit a match, then return the outcome. Maybe not the best implementation,
-but it worked well enough for what was needed at the time.
-
 ## Local development
 
 The simplest way to get started with local development is to use Docker.
@@ -140,7 +133,6 @@ Options for running the test suite are provided below.
 | Make, ~~Docker~~ | `make test` | runs in host OS |
 | ~~Make~~, ~~Docker~~ | `pytest src/test` | runs in host OS |
 
-
 ## Environment Variables
 
 If you encounter a problem with the `ssvc` module not being found, you may need to set the `PYTHONPATH` environment variable.

data/abnf/ssvc_namespace_pattern.abnf

@@ -0,0 +1 @@
+../../src/ssvc/utils/ssvc_namespace_pattern.abnf

data/csv/cisa/cisa_coordinator_2_0_3.csv

@@ -0,0 +1,37 @@
+row,Exploitation v1.1.0,Automatable v2.0.0,Technical Impact v1.0.0,Mission and Well-Being Impact v1.0.0,CISA Levels v1.1.0 (cisa)
+0,none,no,partial,low,track
+1,none,no,partial,medium,track
+2,none,no,partial,high,track
+3,none,no,total,low,track
+4,none,no,total,medium,track
+5,none,no,total,high,track*
+6,none,yes,partial,low,track
+7,none,yes,partial,medium,track
+8,none,yes,partial,high,attend
+9,none,yes,total,low,track
+10,none,yes,total,medium,track
+11,none,yes,total,high,attend
+12,public poc,no,partial,low,track
+13,public poc,no,partial,medium,track
+14,public poc,no,partial,high,track*
+15,public poc,no,total,low,track
+16,public poc,no,total,medium,track*
+17,public poc,no,total,high,attend
+18,public poc,yes,partial,low,track
+19,public poc,yes,partial,medium,track
+20,public poc,yes,partial,high,attend
+21,public poc,yes,total,low,track
+22,public poc,yes,total,medium,track*
+23,public poc,yes,total,high,attend
+24,active,no,partial,low,track
+25,active,no,partial,medium,track
+26,active,no,partial,high,attend
+27,active,no,total,low,track
+28,active,no,total,medium,attend
+29,active,no,total,high,act
+30,active,yes,partial,low,attend
+31,active,yes,partial,medium,attend
+32,active,yes,partial,high,act
+33,active,yes,total,low,attend
+34,active,yes,total,medium,act
+35,active,yes,total,high,act