Merge branch 'main' into patch-35

.config/.markdownlint.yaml

@@ -84,7 +84,7 @@ MD022:
 MD023: true
 
 # MD024/no-duplicate-heading : Multiple headings with the same content : https://github.com/DavidAnson/markdownlint/blob/v0.34.0/doc/md024.md
-MD024: 
+MD024:
   siblings_only: true
 
 # MD025/single-title/single-h1 : Multiple top-level headings in the same document : https://github.com/DavidAnson/markdownlint/blob/v0.34.0/doc/md025.md
@@ -246,4 +246,4 @@ MD055:
   style: "consistent"
 
 # MD056/table-column-count : Table column count : https://github.com/DavidAnson/markdownlint/blob/v0.34.0/doc/md056.md
-MD056: true
+MD056: true

.config/.yamllint

@@ -0,0 +1,15 @@
+extends: relaxed
+
+ignore:
+  - .config
+  - .gitvote.yml
+
+rules:
+  indentation:
+    level: error
+    spaces: 2 # Enforce 2 spaces for indentation
+  line-length:
+    level: error
+    max: 120 # Allow up to 120 characters per line
+  new-lines:
+    type: unix

.github/CODEOWNERS

@@ -24,7 +24,7 @@
 ########
 #
 # Community Guidelines only need review from the Community Structure WG
-/docs/governance/community-guidelines @finos/ccc-wg-community-structure
+/docs/community-guidelines @finos/ccc-wg-community-structure
 #
 ########
 

.github/workflows/format-check.yml

@@ -10,14 +10,14 @@ jobs:
     steps:
       - name: Checkout repository
         uses: actions/checkout@v3
-      
+
       - name: Set up Node.js
         uses: actions/setup-node@v3
         with:
-          node-version: '16'
-  
+          node-version: "16"
+
       - name: Install Prettier
         run: npm install --save-dev prettier
-  
+
       - name: Check formatting with Prettier
-        run: npx prettier --check "**/*.md" --config ./.config/.prettierrc
+        run: npx prettier --check "**/*.md" --config ./.config/.prettierrc

.github/workflows/links.yml

@@ -13,6 +13,7 @@ jobs:
         id: lychee
         uses: lycheeverse/lychee-action@v1
         with:
-            args: --base . --verbose --no-progress './**/*.md'
-            output: lychee/results.md
-            token: ${{ secrets.GITHUB_TOKEN }}
+          args: --base . --verbose --no-progress './**/*.md'
+          output: lychee/results.md
+          token: ${{ secrets.GITHUB_TOKEN }}
+          fail: true

.github/workflows/linting-check.yml

@@ -20,4 +20,25 @@ jobs:
         run: npm install -g markdownlint-cli
 
       - name: Run markdownlint
-        run: markdownlint '**/*.md' --config ./.config/.markdownlint.yaml
+        run: markdownlint '**/*.md' --config ./.config/.markdownlint.yaml
+
+  yaml-lint:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      - name: Set up Python
+        uses: actions/setup-python@v4
+        with:
+          python-version: "3.x" # Use any compatible Python 3 version
+
+      - name: Install yamllint
+        run: |
+          python -m pip install --upgrade pip
+          pip install yamllint
+
+      - name: Run yamllint
+        run: |
+          yamllint -c ./.config/.yamllint .

.github/workflows/pull_request.yaml

@@ -10,17 +10,18 @@ jobs:
     permissions:
       pull-requests: write
       contents: read
-      
+
   run-linting-check:
-      uses: ./.github/workflows/linting-check.yml
-      permissions:
-        pull-requests: write
+    uses: ./.github/workflows/linting-check.yml
+    permissions:
+      pull-requests: write
 
   link-checker:
-        uses: ./.github/workflows/links.yml
-        permissions:
-          pull-requests: write
-          contents: read
+    uses: ./.github/workflows/links.yml
+    permissions:
+      pull-requests: write
+      contents: read
+
   yaml-checker:
     uses: ./.github/workflows/yaml-check.yml
     permissions:
@@ -32,4 +33,3 @@ jobs:
     permissions:
       pull-requests: write
       contents: read
-

.github/workflows/release.yml

@@ -4,10 +4,10 @@ on:
   workflow_dispatch:
     inputs:
       build_target:
-        description: 'Build Target (e.g storage/object)'
+        description: "Build Target (e.g storage/object)"
         required: true
       tag:
-        description: 'Tag for this release'
+        description: "Tag for this release"
         required: true
 
 # TODO: Add in pre-release tag to distinguish whether or not we want to have an official release
@@ -27,13 +27,13 @@ jobs:
 
       - name: Install dependencies
         run: go mod download
-  
+
       - name: Get Build Target
         id: process_target
         run: |
           # Read the input for a single build target
           build_target="${{ github.event.inputs.build_target }}"
-          
+
           # Print and save the build target
           echo "Build target: $build_target"
           echo "target=$build_target" >> $GITHUB_OUTPUT
@@ -46,12 +46,12 @@ jobs:
           go run . "yaml" --build-target $build_target
           go run . "md" --build-target $build_target
           go run . "release-notes" --build-target $build_target
-          
+
           # Create PDF files from MD files
           echo "Converting MD file to PDF"
           for md_file in ./artifacts/*.md; do
             filename=$(basename "$md_file" .md)
-            
+
             # Check if the filename contains "release-notes"
             if [[ $filename != *"release_notes"* ]]; then
                 echo "Converting $md_file to $filename.pdf"
@@ -61,7 +61,6 @@ jobs:
             fi
           done
 
-      
       - name: Upload Artifacts
         uses: actions/[email protected]
         with:
@@ -104,4 +103,4 @@ jobs:
               -H "Content-Type: application/octet-stream" \
               --data-binary @"$file" \
               "${{ steps.create_release.outputs.upload_url }}=$filename&label=$filename"
-          done
+          done

.github/workflows/sonatype_scan.yaml

@@ -1,9 +1,8 @@
-
 name: Sonatype SCA Scanning
 on:
   workflow_dispatch:
-  pull_request:
-    paths: 
+  pull_request_target:
+    paths:
       - "**.go"
       - "**/go.mod"
       - "**/go.sum"
@@ -44,4 +43,3 @@ jobs:
           sbom-standard: spdx
           sbom-version: 2.3
           artifact-name: ${{ env.SonatypeAppId }}-sonatype-bom
-

.github/workflows/stale.yml

@@ -7,27 +7,29 @@ name: Mark stale issues and pull requests
 
 on:
   schedule:
-  - cron: '18 22 * * *'
+    - cron: "18 22 * * *"
 
 jobs:
   stale:
-
     runs-on: ubuntu-latest
     permissions:
       issues: write
       pull-requests: write
 
     steps:
-    - uses: actions/stale@v5
-      with:
-        repo-token: ${{ secrets.GITHUB_TOKEN }}
-        stale-issue-label: stale
-        stale-pr-label: stale
-        labels-to-remove-when-unstale: stale
-        days-before-stale: 30
-        days-before-close: 7
-        exempt-issue-labels: longstanding issue
-        stale-issue-message: This issue will be closed as stale in 7 days. Please update this issue if it is still needed.
-        stale-pr-message: This issue will be closed as stale in 7 days. If this issue is blocked, please tag or assign the appropriate party to move this forward.
-        close-issue-message: Closed as stale. An update may reopen this issue.
-        close-pr-message: Closed as stale. An update may reopen this PR.
+      - uses: actions/stale@v5
+        with:
+          repo-token: ${{ secrets.GITHUB_TOKEN }}
+          stale-issue-label: stale
+          stale-pr-label: stale
+          labels-to-remove-when-unstale: stale
+          days-before-stale: 30
+          days-before-close: 7
+          exempt-issue-labels: longstanding issue
+          stale-issue-message: |
+            This issue will be closed as stale in 7 days. Please update this issue if it is still needed.
+          stale-pr-message: |
+            This issue will be closed as stale in 7 days. If this issue is blocked,
+            please tag or assign the appropriate party to move this forward.
+          close-issue-message: Closed as stale. An update may reopen this issue.
+          close-pr-message: Closed as stale. An update may reopen this PR.

.github/workflows/stale_meeting.yml

@@ -1,8 +1,8 @@
 name: Auto Close Stale Meeting Issues
 
 on:
-    schedule:
-    - cron: '18 22 * * *'
+  schedule:
+    - cron: "18 22 * * *"
 
 jobs:
   close-stale-meeting:

.github/workflows/todo-check.yml

@@ -1,7 +1,7 @@
 name: TODO Checker
 
 on:
-    workflow_call:
+  workflow_call:
 
 jobs:
   find-todos:
@@ -11,8 +11,7 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@v4
 
-      - name: Check for TODOs in services directory         
+      - name: Check for TODOs in services directory
         uses: damienjburks/[email protected]
-        with: 
+        with:
           path: "./services"
-

.github/workflows/yaml-check.yml

@@ -1,7 +1,7 @@
 name: YAML Check
 
 on:
-    workflow_call:
+  workflow_call:
 
 jobs:
   yaml-check:
@@ -14,10 +14,10 @@ jobs:
       - name: Validate YAML Schema
         uses: InoUno/yaml-ls-check@develop
         with:
-            schemaMapping: |
-              {
-                "schemas/controls-schema.json": [ "services/**/controls.yml", "services/**/controls.yaml" ],
-                "schemas/features-schema.json": [ "services/**/features.yml", "services/**/features.yaml" ],
-                "schemas/metadata-schema.json": [ "services/**/metadata.yml", "services/**/metadata.yaml" ],
-                "schemas/threats-schema.json": [ "services/**/threats.yml", "services/**/threats.yaml" ]
-              }
+          schemaMapping: |
+            {
+              "schemas/controls-schema.json": [ "services/**/controls.yml", "services/**/controls.yaml" ],
+              "schemas/features-schema.json": [ "services/**/features.yml", "services/**/features.yaml" ],
+              "schemas/metadata-schema.json": [ "services/**/metadata.yml", "services/**/metadata.yaml" ],
+              "schemas/threats-schema.json": [ "services/**/threats.yml", "services/**/threats.yaml" ]
+            }

.gitvote.yml

@@ -12,4 +12,4 @@ profiles:
     periodic_status_check: null
 
     # Close vote on passing
-    close_on_passing: true
+    close_on_passing: true

.vscode/common-controls.code-snippets

@@ -1,63 +1,63 @@
 {
     "Prevent unencrypted requests": {
       "scope": "yaml",
-      "prefix": "CT1, CT Prevent unencrypted requests",
+      "prefix": "CC1, CC Prevent unencrypted requests",
       "body": [
         "- CCC.C01 # Prevent unencrypted requests control"
       ],
       "description": "Common Control Prevent unencrypted requests"
     },
     "Ensure data encryption at rest": {
       "scope": "yaml",
-      "prefix": "CT2, CT Ensure data encryption at rest",
+      "prefix": "CC2, CC Ensure data encryption at rest",
       "body": [
         "- CCC.C02 # Ensure data encryption at rest for all stored data"
       ],
       "description": "Common Control Ensure data encryption at rest"
     },
     "Implement multi-factor authentication": {
       "scope": "yaml",
-      "prefix": "CT3, CT Implement MFA for access",
+      "prefix": "CC3, CC Implement MFA for access",
       "body": [
         "- CCC.C03 # Implement multi-factor authentication (MFA) for access"
       ],
       "description": "Common Control Implement multi-factor authentication (MFA) for access"
     },
     "Log all access and changes": {
       "scope": "yaml",
-      "prefix": "CT4, CT Log all access and changes",
+      "prefix": "CC4, CC Log all access and changes",
       "body": [
         "- CCC.C04 # Log all access and changes"
       ],
       "description": "Common Control Log all access and changes"
     },
     "Prevent access from untrusted entities": {
       "scope": "yaml",
-      "prefix": "CT5, CT Prevent access from untrusted entities",
+      "prefix": "CC5, CC Prevent access from untrusted entities",
       "body": [
         "- CCC.C05 # Prevent access from untrusted entities"
       ],
       "description": "Common Control Prevent access from untrusted entities control"
     },
     "Prevent deployment in restricted regions": {
       "scope": "yaml",
-      "prefix": "CT6, CT Prevent deployment in restricted regions",
+      "prefix": "CC6, CC Prevent deployment in restricted regions",
       "body": [
         "- CCC.C06 # Prevent deployment in restricted regions"
       ],
       "description": "Common Control Prevent deployment in restricted regions"
     },
     "Alert on non-human enumeration": {
       "scope": "yaml",
-      "prefix": "CT7, CT Alert on non-human enumeration",
+      "prefix": "CC7, CC Alert on non-human enumeration",
       "body": [
         "- CCC.C07 # Alert on non-human enumeration"
       ],
       "description": "Common Control Alert on non-human enumeration"
     },
     "Enable multi-zone or multi-region data replication": {
       "scope": "yaml",
-      "prefix": "CT8, CT Enable multi-zone or multi-region data replication",
+      "prefix": "CC8, CC Enable multi-zone or multi-region data replication",
       "body": [
         "- CCC.C08 # Enable multi-zone or multi-region data replication"
       ],