Skip to main content

The Auditree tool for adding external evidence

Project description

OS Compatibility Python Compatibility pre-commit Code validation Upload Python Package

auditree-plant

The Auditree tool for adding external evidence.

Introduction

Auditree plant is a command line tool that assists in adding evidence to an evidence locker. It provides a thoughtful way to add evidence to an evidence locker by managing the evidence metadata so that checks and dependent fetchers executed as part of the Auditree compliance framework can apply appropriate time to live validations.

Prerequisites

  • Supported for execution on OSX and LINUX.
  • Supported for execution with Python 3.6 and above.

Python 3 must be installed, it can be downloaded from the Python site or installed using your package manager.

Python version can be checked with:

python --version

or

python3 --version

The plant tool is available for download from PyPI.

Installation

It is best practice, but not mandatory, to run plant from a dedicated Python virtual environment. Assuming that you have the Python virtualenv package already installed, you can create a virtual environment named venv by executing virtualenv venv which will create a venv folder at the location of where you executed the command. Alternatively you can use the python venv module to do the same.

python3 -m venv venv

Assuming that you have a virtual environment and that virtual environment is in the current directory then to install a new instance of plant, activate your virtual environment and use pip to install plant like so:

. ./venv/bin/activate
pip install auditree-plant

As we add new features to plant you will want to upgrade your plant package. To upgrade plant to the most recent version do:

. ./venv/bin/activate
pip install auditree-plant --upgrade

See pip documentation for additional options when using pip.

Configuration

Since Auditree plant interacts with Git repositories, it requires Git remote hosting service credentials in order to do its thing. Auditree plant will by default look for a username and token in a ~/.credentials file. You can override the credentials file location by using the --creds option on a plant CLI execution. Valid section headings include github, github_enterprise, bitbucket, and gitlab. Below is an example of the expected credentials entry.

[github]
username=your-gh-username
token=your-gh-token

Execution

Auditree plant is a simple CLI that performs the function of adding evidence to an evidence locker. As such, it has two execution modes; a push-remote mode and a dry-run mode. Both modes will clone a git repository and place it into the $TMPDIR/plant folder. Both modes will also provide handy progress output as plant processes the new evidence. However, push-remote will push the changes to the remote repository before removing the locally cloned copy whereas dry-run will not. When provided an absolute path to a local git repository using the --repo-path option, plant will perform its plant-like duties as described on the specified local git repository. This can come in handy when looking to chain your plant execution after a successful run of the compliance automation fetchers and checks.

As most CLIs, Auditree plant comes with a help facility.

plant -h
plant push-remote -h
plant dry-run -h

push-remote mode

Use the push-remote mode when you want your changes to be applied to the remote evidence locker. You can provide as many evidence path/evidence detail key/value pairs as you need as part of the --config or as contents of your --config-file.

plant push-remote https://github.com/org-foo/repo-bar --config '{"/absolute/path/to/my/evidence.ext":{"category":"foo"}}'
plant push-remote https://github.com/org-foo/repo-bar --config-file ./path/to/my/config_file.json
plant push-remote https://github.com/org-foo/repo-bar --repo-path $TMPDIR"compliance" --config-file ./path/to/my/config_file.json

dry-run mode

Use the dry-run mode when you don't want your changes to be applied to the remote evidence locker and are just interested in seeing what effect the execution will have on your evidence locker before you commit to pushing your changes to the remote repository. You can provide as many evidence path/evidence detail key/value pairs as you need as part of the --config or as contents of your --config-file.

plant dry-run https://github.com/org-foo/repo-bar --config '{"/absolute/path/to/my/evidence.ext":{"category":"foo"}}'
plant dry-run https://github.com/org-foo/repo-bar --config-file ./path/to/my/config_file.json
plant dry-run https://github.com/org-foo/repo-bar --repo-path $TMPDIR"compliance" --config-file ./path/to/my/config_file.json

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

auditree-plant-1.0.0.tar.gz (9.7 kB view details)

Uploaded Source

Built Distribution

auditree_plant-1.0.0-py2.py3-none-any.whl (12.4 kB view details)

Uploaded Python 2 Python 3

File details

Details for the file auditree-plant-1.0.0.tar.gz.

File metadata

  • Download URL: auditree-plant-1.0.0.tar.gz
  • Upload date:
  • Size: 9.7 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.2.0 pkginfo/1.5.0.1 requests/2.24.0 setuptools/49.2.0 requests-toolbelt/0.9.1 tqdm/4.48.0 CPython/3.8.3

File hashes

Hashes for auditree-plant-1.0.0.tar.gz
Algorithm Hash digest
SHA256 887194ead385c63ff93f8083f26d517e538ac9516910fae2584d58f3a50e781d
MD5 bbc3ccff5ff4a0300d5dd9dce8910474
BLAKE2b-256 4628f726c2b2a950d3597678c086c45f7888c916b3d20ee40af5d4649fa5a01f

See more details on using hashes here.

File details

Details for the file auditree_plant-1.0.0-py2.py3-none-any.whl.

File metadata

  • Download URL: auditree_plant-1.0.0-py2.py3-none-any.whl
  • Upload date:
  • Size: 12.4 kB
  • Tags: Python 2, Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.2.0 pkginfo/1.5.0.1 requests/2.24.0 setuptools/49.2.0 requests-toolbelt/0.9.1 tqdm/4.48.0 CPython/3.8.3

File hashes

Hashes for auditree_plant-1.0.0-py2.py3-none-any.whl
Algorithm Hash digest
SHA256 1289975d8042dc2eeb1fbd95a1edeaaa08312b0ce5677a4de54bb260b5a3698e
MD5 949cc6374abfce9a02791b89d2b584d0
BLAKE2b-256 1a59777fc1b227c9677a32be691b0462ff9a1d193fc29e47d3c690a99b232b1e

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page