Skip to content

feat!: establish mapping boundary between inline and document#313

Merged
jpower432 merged 6 commits intogemaraproj:mainfrom
jpower432:mapping-artifact
Mar 6, 2026
Merged

feat!: establish mapping boundary between inline and document#313
jpower432 merged 6 commits intogemaraproj:mainfrom
jpower432:mapping-artifact

Conversation

@jpower432
Copy link
Copy Markdown
Contributor

@jpower432 jpower432 commented Feb 28, 2026
edited
Loading

Description

Adds initial mapping PR for discussion

EDITED
Summary of discussion in #306 regarding how to handle gap analysis:

  • Controls at Layer 2 are self-contained; extending or importing a catalog preserves all existing technical mappings.
  • Transitive relationships (A-to-C) are maintained and "flattened" when imported into a Layer 3 Policy.
  • The Gemara schema should remain declarative; gaps should be a calculated outcome during OSCAL conversion (to be validated)
  • A use case: Consuming systems system could flag missing coverage as Risk candidates for audit teams to investigate in the Audit Layer.
  • Determine how to populate source-gap-summary and target-gap-summary to align with the OSCAL mapping-collection model.
  • Detemine a way to quickly detect omitted controls without parsing every individual mapping.
  • Explore how mappings "tighten" or change when a control is tailored for a specific "profile" or technical implementation.

Schema Changes

Schema Changes Made

  • No schema changes
  • Layer 1 schema (layer-1.cue) changes
  • Layer 2 schema (layer-2.cue) changes
  • Layer 3 schema (layer-3.cue) changes
  • Layer 5 schema (layer-5.cue) changes

Schema Change Details

<!-- If applicable, provide a brief summary or example of schema changes -->

Testing

  • Unit tests added/updated
  • Manual testing performed
  • Test data updated (if applicable)

Related Issues

Closes #304
Closes #86 (?)
Blocked by #312
Continues discussion of #306

Reviewer Hints

Self-review checklist

  • This PR has content that was created with AI assistance.
  • I have the experience and knowledge necessary to answer maintainer questions about the content of this PR, without using AI.

@jpower432 jpower432 force-pushed the mapping-artifact branch 3 times, most recently from 89c4f96 to 69f45e9 Compare February 28, 2026 23:18
This was referenced Mar 2, 2026
Closed
Merged
@jpower432 jpower432 marked this pull request as ready for review March 3, 2026 01:20
@jpower432 jpower432 requested a review from a team as a code owner March 3, 2026 01:20
@jpower432
Copy link
Copy Markdown
Contributor Author

jpower432 commented Mar 3, 2026

@eddie-knight I am wondering if we need to review whether these mapping structures can support - ossf/scorecard#4952 (comment)

@hbraswelrh hbraswelrh mentioned this pull request Mar 3, 2026
Merged
11 tasks
@jpower432 jpower432 mentioned this pull request Mar 3, 2026
Merged
11 tasks
@jpower432
feat!: establish mapping boundary between inline and document
e60115d 
See docs/adrs/0014-mapping-boundaries.md

Assisted by: Cursor
Signed-off-by: Jennifer Power <barnabei.jennifer@gmail.com>
jpower432 and others added 3 commits March 3, 2026 21:18
@jpower432
feat: add an id to the mapping and update test data
60f8fa7 
Signed-off-by: Jennifer Power <barnabei.jennifer@gmail.com>
@eddie-knight
typofix newlines
ded780e 
Signed-off-by: Eddie Knight <knight@linux.com>
@eddie-knight
another typofix newlines
82139b1 
Signed-off-by: Eddie Knight <knight@linux.com>
@eddie-knight eddie-knight changed the title feat!: establish mapping boundary between inline and document [DISCUSSION] feat!: establish mapping boundary between inline and document Mar 4, 2026
@jpower432 jpower432 mentioned this pull request Mar 5, 2026
Merged
11 tasks
@jpower432
docs: add new types to schema-nav
d944791 
Signed-off-by: Jennifer Power <barnabei.jennifer@gmail.com>
@jpower432
Copy link
Copy Markdown
Contributor Author

jpower432 commented Mar 5, 2026

Doing a quick prototyping check in go-gemara to see how this maps to the Control Mapping Model in gemaraconv before merging this

@jpower432
fix: updates validations for go type generation
e9aba14 
Signed-off-by: Jennifer Power <barnabei.jennifer@gmail.com>
@jpower432
Copy link
Copy Markdown
Contributor Author

jpower432 commented Mar 5, 2026

@eddie-knight I think this is actually ready for review now. The last fixes were made to ensure the generated Go types are what we expected.

@jpower432 jpower432 mentioned this pull request Mar 6, 2026
Open
3 tasks
@jpower432 jpower432 merged commit 6b7a507 into gemaraproj:main Mar 6, 2026
8 checks passed
@hbraswelrh hbraswelrh mentioned this pull request Mar 6, 2026
Merged
11 tasks
@jpower432 jpower432 mentioned this pull request Mar 9, 2026
Open
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@eddie-knight eddie-knight eddie-knight approved these changes

Assignees

No one assigned

Labels

feature

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Proposal] Explore support for different types of mappings Increase fidelity of mapping relationships

2 participants

@jpower432 @eddie-knight