Python app to read CISA Software Acquisition Guide Spreadsheets based on CISA format https://cisa.gov/sag
Project description
CISASAGReader
Python app to read CISA Software Acquisition Guide Spreadsheets based on CISA format https://cisa.gov/sag
SAGSCORE Trust Label: https://softwareassuranceguardian.com/SAGCTR_inquiry/getTrustedProductLabel?ProductID=9429E05DF9DDA377F4CF0359904ED020B2AA67C54E945C8F0DAD84B6FFDF3AB1&html=1
SBOM: SPDX Version 2.3 in JSON format VDR: Follows open-source VDR format https://github.com/rjb4standards/REA-Products/blob/master/SAGVulnDisclosure.xsd using JSON output format
The CISASAGReader product also serves as a role model for what a Secure by Design solution should provide to satisfy the Secure by Design transparency principle by providing consumers with artifacts to enable a comprehensive software risk assessment, such as an SBOM, living Vulnerability Disclosure Report (VDR), Vendor Response File (VRF) listing additional company information and SDLC policy details, and the CISA Software Acquisition Guide Spreadsheet completed by the software producer.
Installation
You may use pip or pipx (https://pipx.pypa.io/stable/) to install the CISASAGReader.
We recommend installing it with pipx for ease of use after installation.
Simply run pipx install sag-reader.
Use
Assuming that you installed the CISASAGReader with pipx, running it is as simple as
running sag-reader from the command line.
To get information on usage, simple run sag-reader --help.
Output
The CISASAGReader will parse Excel files (.xlsx and .xls) in the CISA format. It will remove those answers that the spreadsheet indicates do not have to be answered to reduce overall noise.
Output is human-readable by default. However, the sag-reader application can also be used to produce output in a JSON format that may be used in downstream processing, such as automated risk analysis, datalake inclusion for population analysis, or simple inclusion in a database for electronic recall and display. For example:
sag-reader spreadsheet.xls json
JSON output is hierarchical by CONTROL or TASK, then the designator broken up by its components. Leaf values in the resultant tree are the values entered on the spreadsheet.
Descriptions are not included in the JSON output or the human-readable output by default. They may be turned on for the human-readable output, for example:
sag-reader --include-descriptions spreadsheet.xls
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file sag_reader-1.0.3.tar.gz.
File metadata
- Download URL: sag_reader-1.0.3.tar.gz
- Upload date:
- Size: 186.1 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.0.1 CPython/3.12.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
6f7b188e39744113a4fd990b19e101d6d3720952a431b2dfb7b77703d8a6af44
|
|
| MD5 |
f5df627faef3737d667fa57c341878c0
|
|
| BLAKE2b-256 |
6a256dd1d82e123f20e4d77047e4a3c3aea31358fb96a74bc5a7fd198a86fe22
|
File details
Details for the file sag_reader-1.0.3-py3-none-any.whl.
File metadata
- Download URL: sag_reader-1.0.3-py3-none-any.whl
- Upload date:
- Size: 5.2 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.0.1 CPython/3.12.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
890b1414422f4c8b32c5b75705b5b85fa4b2fd243387eb2bc55422c5694a7e94
|
|
| MD5 |
7a5510e4116aba6620709c887d9e3774
|
|
| BLAKE2b-256 |
3b9e307b626811e966ea55f95c07da0492c8a5edbfcd987653355160e4875824
|
