1.2.7

Parser changes

Updates the client import parser with logic specific to test system cpe:/a:nuwcdivnpt:stig-manager:[version].

• Creates Assets using asset properties/metadata from <TestResult><target-facts>
• Creates Reviews which include <check-content><sm: [property]> data

Full Changelog: 1.2.6...1.2.7

1.2.6

What's Changed

• Addresses bug that failed to parse CKL with no root-level XML comment.

Full Changelog: 1.2.5...1.2.6

1.2.5

What's Changed

• Addresses bug that prevented startup when running in events mode.

Full Changelog: 1.2.4...1.2.5

1.2.4

What's Changed

• Updated Watcher with new parser code from stig-manager, limiting comment text fields to 32k

Full Changelog: 1.2.3...1.2.4

1.2.3

What's Changed

• fix: eval-stig module name element by @csmig in #25
• feat: --ignore-glob option (deprecate --ignore-dir) by @csmig in #26

Full Changelog: 1.2.2...1.2.3

1.2.2

• Minimum STIG Manager API version is updated from 1.1.0 => 1.2.7

• Adds support for the resultEngine property of Review

• The serializers now attempt to fetch configuration options from Collection.metadata.importOptions. If this metadata property is absent, a default configuration object which mimics previous serialization behavior is used. Support for configuring custom options will be considered in future PRs. See the STIG Manager API definition for property descriptions.

 const defaultImportOptions = {
  autoStatus: 'saved',
  unreviewed: 'commented',
  unreviewedCommented: 'informational',
  emptyDetail: 'replace',
  emptyComment: 'ignore',
  allowCustom: false
}

• The serializers now reference Collection field and status settings when calculating whether an autoStatus setting can be honored.

• Watcher now requests scope stig-manager:user:read from the OIDC Provider. If Watcher's token does not include this scope, Watcher is unable to honor the Collection property metadata.importOptions.autoStatus = 'accepted' (See below).

• The serializers will optionally reference Collection Grant settings in order to calculate whether an autoStatus = "accepted" setting can be honored. Watcher now attempts to call API endpoint /user to learn the Watcher userId. If Watcher is denied access to this endpoint (most likely because Watcher's token is missing scope stig-manager:user:read) it will not attempt to set accepted status on any Reviews.

• To avoid Collection settings and metadata from becoming excessively stale, Watcher now makes calls to /collection/{collectionId} and /user at ten minute intervals. Support for configuring this interval will be considered in future PRs, as will alternative approaches to polling.

1.2.1

• XCCDF parsing enhancements (#15)
• Log original error message when an API method throws (#16)
• Downgrade prompt-sync to avoid 3 moderate vulnerabilities reported by npm install

1.2.0

Adds support for STIG Manager 1.1.0. Breaks support for STIG Manager < 1.1.0.

1.1.2

• Fixed scan mode ignoring XML files
• SCC parser had syntax error

1.1.1

• Updated the CKL parser to map Not_Reviewed where <FINDING_DETAILS> is not empty as result informational. All other Not_Reviewed reviews will continue to be ignored.
• Added option --strict-revision-check whose default is false. This is a behavior change from previous Watcher releases. For CKL, unless this option is set the parser will attempt to POST reviews from checklists of uninstalled STIG revisions. The API will accept reviews for Rules that are associated with an installed STIG revision, and reject reviews for Rules not associated with an installed STIG revision.