fix: resolve conflicts in merge

Signed-off-by: Chris Butler <chris.butler@redhat.com>

.github/workflows/python-test.yml

@@ -151,7 +151,7 @@ jobs:
 
     - name: Upload artifact
       if: steps.core-version.outputs.core == 'true'
-      uses: actions/upload-artifact@v2
+      uses: actions/upload-artifact@v4
       with:
         name: coverage
         path: coverage.xml
@@ -184,7 +184,7 @@ jobs:
       run: |
         make develop
     - name: Get coverage
-      uses: actions/download-artifact@v2
+      uses: actions/download-artifact@v4
       with:
         name: coverage
     - name: SonarCloud Scan

CHANGELOG.md

@@ -2,6 +2,204 @@
 
 
 
+## v3.4.0 (2024-08-23)
+
+### Chore
+
+* chore: Merge back version tags and changelog into develop. ([`724ac16`](https://github.com/oscal-compass/compliance-trestle/commit/724ac169389e4d80cca4c336e17fbd5bed4cedff))
+
+### Documentation
+
+* docs: update maintainers list to reflect active maintainers (#1638)
+
+Signed-off-by: Jennifer Power <barnabei.jennifer@gmail.com>
+Co-authored-by: mrgadgil <49280244+mrgadgil@users.noreply.github.com> ([`f8daaae`](https://github.com/oscal-compass/compliance-trestle/commit/f8daaae2e57c9a582b9a94bd5128ed55a890a3bf))
+
+* docs: updates CODE_OF_CONDUCT urls in README and website (#1635)
+
+Signed-off-by: Jennifer Power <barnabei.jennifer@gmail.com> ([`08f387a`](https://github.com/oscal-compass/compliance-trestle/commit/08f387a074734a5ddd079d5f613220aa6b44242c))
+
+* docs: adds ROADMAP.md with high level roadmap description (#1626)
+
+* docs: adds ROADMAP.md with high level roadmap description
+
+Signed-off-by: Jennifer Power <barnabei.jennifer@gmail.com>
+
+* chore: refines working in ROADMAP.md for clarity
+
+Signed-off-by: Jennifer Power <barnabei.jennifer@gmail.com>
+
+* docs: updates ROADMAP.md with timeline information
+
+Signed-off-by: Jennifer Power <barnabei.jennifer@gmail.com>
+
+* docs: rewords section on iterations
+
+Adds more clarity around what takes place in
+the 12-week period. No changes to the overall plan.
+
+Signed-off-by: Jennifer Power <barnabei.jennifer@gmail.com>
+
+---------
+
+Signed-off-by: Jennifer Power <barnabei.jennifer@gmail.com> ([`ed10dad`](https://github.com/oscal-compass/compliance-trestle/commit/ed10dadee72ac2bedf07c71095e598dc6f95b5bf))
+
+### Feature
+
+* feat: add parameter aggregation support for SSP (#1668)
+
+Signed-off-by: Alejandro Jose Leiva Palomo <alejandro.leiva.palomo@ibm.com> ([`b2611d1`](https://github.com/oscal-compass/compliance-trestle/commit/b2611d1382c6ff1e9e1864e7fa1726dd7ad07eb5))
+
+* feat: adds dependabot configuration for continous updates (#1647)
+
+Signed-off-by: Jennifer Power <barnabei.jennifer@gmail.com> ([`4862c4a`](https://github.com/oscal-compass/compliance-trestle/commit/4862c4ac0ec9ce06988f1b6d75ad5986acbd3b78))
+
+* feat: adds implementation parts to This System component in markdown (#1536)
+
+* feat: adds implementation part prompts for This System
+
+Changes in assembly are due to changes in the markdown breaking the unit tests
+because the This System component is associated with each statement
+
+Signed-off-by: Jennifer Power <barnabei.jennifer@gmail.com>
+
+* fix: removes this system comp prose and status duplication
+
+The process_main_component was overwriting the first prose
+response to all the parts
+
+Signed-off-by: Jennifer Power <barnabei.jennifer@gmail.com>
+
+* chore: removes TODO comment for bug review
+
+Signed-off-by: Jennifer Power <barnabei.jennifer@gmail.com>
+
+* chore: updates workding in comments in control_writer.py
+
+Signed-off-by: Jennifer Power <barnabei.jennifer@gmail.com>
+
+* chore: moves part_a_text_edited into applicable unit tests
+
+Signed-off-by: Jennifer Power <barnabei.jennifer@gmail.com>
+
+* refactor: add include-all-parts to make part responses optional
+
+To ensure the default markdown is not overly verbose, writing all
+implementation parts and the inclusion of This System is optional.
+
+Signed-off-by: Jennifer Power <barnabei.jennifer@gmail.com>
+
+* docs: updates documentation with include-all-parts description
+
+Signed-off-by: Jennifer Power <barnabei.jennifer@gmail.com>
+
+* chore: updates comments and docstring in control_writer.py updates
+
+The goal is to increase the usefulness of the comments
+
+Signed-off-by: Jennifer Power <barnabei.jennifer@gmail.com>
+
+* fix: updates docstring in control_writer.py to improve clarity
+
+Signed-off-by: Jennifer Power <barnabei.jennifer@gmail.com>
+
+---------
+
+Signed-off-by: Jennifer Power <barnabei.jennifer@gmail.com> ([`54706af`](https://github.com/oscal-compass/compliance-trestle/commit/54706af0f9d428d10451823aa7d8d0f92a86e3eb))
+
+### Fix
+
+* fix: cis benchmarks to catalog task, which mistakenly does not see all columns (#1657)
+
+* fix: allow sheet specification
+
+Signed-off-by: Lou DeGenaro <lou.degenaro@gmail.com>
+
+* fix: number of columns is too small by 1
+
+Signed-off-by: Lou DeGenaro <lou.degenaro@gmail.com>
+
+* Fix: examine all columns
+
+Signed-off-by: Lou DeGenaro <lou.degenaro@gmail.com>
+
+---------
+
+Signed-off-by: Lou DeGenaro <lou.degenaro@gmail.com> ([`6c2d3f3`](https://github.com/oscal-compass/compliance-trestle/commit/6c2d3f3bd8d6eeaf04e0a931ce39b8b52646e95a))
+
+* fix: skips sonar scans for dependabot updates (#1656)
+
+* fix: skips sonar scans for dependabot updates
+
+Dependabot updates only include third party dependency updates
+
+Signed-off-by: Jennifer Power <barnabei.jennifer@gmail.com>
+
+* fix: updates workflow if statement formatting
+
+Signed-off-by: Jennifer Power <barnabei.jennifer@gmail.com>
+
+---------
+
+Signed-off-by: Jennifer Power <barnabei.jennifer@gmail.com> ([`050c425`](https://github.com/oscal-compass/compliance-trestle/commit/050c425771ccb52bd263b011e37e128a1eb8205f))
+
+* fix: updates invalid dependabot configuation (#1650)
+
+Signed-off-by: Jennifer Power <barnabei.jennifer@gmail.com> ([`e27f0cd`](https://github.com/oscal-compass/compliance-trestle/commit/e27f0cda76a89c7fe60e425916e8b85c3cb1fc30))
+
+* fix: correct logo redirection for PyPi page (#1644)
+
+* fix: correct logo redirection for PyPi page
+
+Signed-off-by: Alejandro Jose Leiva Palomo <alejandro.leiva.palomo@ibm.com>
+
+* fix: change develop to main branch in the logo link
+
+Signed-off-by: Alejandro Jose Leiva Palomo <alejandro.leiva.palomo@ibm.com>
+
+---------
+
+Signed-off-by: Alejandro Jose Leiva Palomo <alejandro.leiva.palomo@ibm.com> ([`2c4899a`](https://github.com/oscal-compass/compliance-trestle/commit/2c4899a809cb28855943f4f3e89f3e9d771aaf1e))
+
+* fix: default value for optional string params should be None (#1621)
+
+* fix: default value for optional string params should be None
+
+Signed-off-by: George Vauter <gvauter@redhat.com>
+
+* pin setuptools to min version suppported by setuptools_scm
+
+Signed-off-by: George Vauter <gvauter@redhat.com>
+
+* fix: add include_all_parts to undo accidental deletion
+
+Signed-off-by: George Vauter <gvauter@redhat.com>
+
+---------
+
+Signed-off-by: George Vauter <gvauter@redhat.com> ([`f81f567`](https://github.com/oscal-compass/compliance-trestle/commit/f81f5674ee2996532524eb014daadbbdbd33e6bb))
+
+* fix: allow forks to correctly run the pipelines (#1633)
+
+A small set of cleanups to the pipelines.
+
+---------
+
+Signed-off-by: Jennifer Power <barnabei.jennifer@gmail.com>
+Signed-off-by: Chris Butler <chris.butler@redhat.com>
+Co-authored-by: Jennifer Power <barnabei.jennifer@gmail.com> ([`af4e5a2`](https://github.com/oscal-compass/compliance-trestle/commit/af4e5a286279a0aebf70b1cb87fa97651711ada2))
+
+### Unknown
+
+* Merge pull request #1670 from oscal-compass/develop
+
+chore: Trestle release ([`2420d97`](https://github.com/oscal-compass/compliance-trestle/commit/2420d9740fbaa78f8a8a4b92c54747984db70717))
+
+* fix - make status and mitre column optional (#1649)
+
+Signed-off-by: Lou DeGenaro <lou.degenaro@gmail.com> ([`47e6936`](https://github.com/oscal-compass/compliance-trestle/commit/47e6936e47d1fa0840aef5c26f36140438f03c98))
+
+
 ## v3.3.0 (2024-07-15)
 
 ### Chore

CONTRIBUTING.md

@@ -32,6 +32,16 @@ review to indicate acceptance. A change requires LGTMs from one of the maintaine
 
 For a list of the maintainers, see the [maintainers](https://oscal-compass.github.io/compliance-trestle/maintainers/) page.
 
+### Trestle updating and release logistics
+
+Contributors should make a working copy (branch or fork) from the develop branch of `trestle`.
+Contributors should update the working copy with changes, then create a pull request to merge into the develop branch.
+Upon approval from reviewer(s), the working copy is squashed and merged into the develop branch.
+Upon a cadence established by the maintainers, the develop branch is merged into the main branch and a new release is uniquely numbered and pushed to [pypi](https://pypi.org/project/compliance-trestle/).
+
+`trestle` employs `semantic release` to automatically control release numbering.
+Code deliveries should be tagged with prefix `fix:` for changes that are bug fixes or `feat:` for changes that are new features.  See [allowed_tags](https://python-semantic-release.readthedocs.io/en/latest/commit-parsing.html#:~:text=The%20default%20configuration%20options%20for%20semantic_release.commit_parser.AngularCommitParser%20are%3A) for a list of supported tags.
+
 ### Trestle merging and release workflow
 
 `trestle` is operating on a simple, yet opinionated, method for continuous integration. It's designed to give developers a coherent understanding of the objectives of other past developers.
@@ -86,7 +96,7 @@ Software License 2.0. Using the SPDX format is the simplest approach.
 e.g.
 
 ```text
-# Copyright (c) 2020 IBM Corp. All rights reserved.
+# Copyright (c) 2024 The OSCAL Compass Authors. All rights reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -181,6 +191,8 @@ Both of these repositories are submodules in the trestle project. In order to de
 
 ### Code style and formating
 
+Python code should generally follow [PEP 8](https://peps.python.org/pep-0008/).
+
 `trestle` uses [yapf](https://github.com/google/yapf) for code formatting and [flake8](https://flake8.pycqa.org/en/latest/) for code styling.  It also uses [pre-commit](https://pre-commit.com/) hooks that are integrated into the development process and the CI. When you run `make develop` you are ensuring that the pre-commit hooks are installed and updated to their latest versions for this repository. This ensures that all delivered code has been properly formatted
 and passes the linter rules.  See the [pre-commit configuration file](https://github.com/oscal-compass/compliance-trestle/blob/develop/.pre-commit-config.yaml) for details on
 `yapf` and `flake8` configurations.
@@ -248,4 +260,4 @@ ______________________________________________________________________
 
 ##### Overview of process to take OSCAL models and upgrade trestle Python code
 
-<img src="images/trestle-OSCAL-upgrade.png" style="width:600px;height:500px;border: 1px solid #000;padding:10px;">
+![](images/trestle-OSCAL-upgrade.png)

Makefile

@@ -86,7 +86,7 @@ docs-automation::
 	python ./scripts/website_automation.py
 
 docs-validate:: docs-automation
-	mkdocs build -c -s
+	mkdocs build -v -c -s
 	rm -rf site
 
 docs-serve: docs-automation
@@ -117,4 +117,4 @@ pylint-test:
 	pylint tests --rcfile=.pylintrc_tests
 
 check-for-changes:
-	python scripts/have_files_changed.py -u
+	python scripts/have_files_changed.py -u

README.md

@@ -6,7 +6,7 @@
 ![[Code Coverage](https://sonarcloud.io/dashboard?id=compliance-trestle)](https://sonarcloud.io/api/project_badges/measure?project=compliance-trestle&metric=coverage)
 ![[Quality gate](https://sonarcloud.io/dashboard?id=compliance-trestle)](https://sonarcloud.io/api/project_badges/measure?project=compliance-trestle&metric=alert_status)
 ![[Pypi](https://pypi.org/project/compliance-trestle/)](https://img.shields.io/pypi/dm/compliance-trestle)
-![GitHub Actions status](https://img.shields.io/github/workflow/status/oscal-compass/compliance-trestle/Trestle%20PR%20pipeline?event=push)
+![GitHub Actions status](https://github.com/oscal-compass/compliance-trestle/actions/workflows/python-test.yml/badge.svg?branch=develop)
 
 Trestle is an ensemble of tools that enable the creation, validation, and governance of documentation artifacts for compliance needs. It leverages NIST's [OSCAL](https://pages.nist.gov/OSCAL/) as a standard data format for interchange between tools and people, and provides an opinionated approach to OSCAL adoption.
 
@@ -112,7 +112,7 @@ If you would like to see the detailed LICENSE click [here](LICENSE).
 Consult [contributors](https://github.com/oscal-compass/compliance-trestle/graphs/contributors) for a list of authors and [maintainers](MAINTAINERS.md) for the core team.
 
 ```text
-# Copyright (c) 2020 IBM Corp. All rights reserved.
+# Copyright (c) 2024 The OSCAL Compass Authors. All rights reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -125,5 +125,17 @@ Consult [contributors](https://github.com/oscal-compass/compliance-trestle/graph
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
-
 ```
+
+______________________________________________________________________
+
+We are a Cloud Native Computing Foundation sandbox project.
+
+<picture>
+  <source media="(prefers-color-scheme: dark)" srcset="https://www.cncf.io/wp-content/uploads/2022/07/cncf-white-logo.svg">
+  <img src="https://www.cncf.io/wp-content/uploads/2022/07/cncf-color-bg.svg" width=300 />
+</picture>
+
+The Linux Foundation® (TLF) has registered trademarks and uses trademarks. For a list of TLF trademarks, see [Trademark Usage](https://www.linuxfoundation.org/legal/trademark-usage)".
+
+*Trestle was originally created by IBM.*

docs/cli.md

@@ -113,11 +113,11 @@ Users can query the contents of files using `trestle describe`, and probe the co
 
 OSCAL models are rich and contain multiple nested data structures. Given this, a mechanism is required to address _elements_ /_attributes_ within an oscal object.
 
-This accessing method is called 'element path' and is similar to _jsonPath_. Commands provide element path by a `-e` argument where available, e.g. trestle split -f catalog.json -e 'catalog.metadata.\*'. This path is used whenever specifying an attribute or model, rather than exposing trestle's underlying object model name. Users can refer to [NIST's json outline](https://pages.nist.gov/OSCAL/reference/latest/complete/json-outline/) to understand object names in trestle.
+This accessing method is called 'element path' and is similar to _jsonPath_. Commands provide element path by a `-e` argument where available, e.g. trestle split -f catalog.json -e 'catalog.metadata.\*'. This path is used whenever specifying an attribute or model, rather than exposing trestle's underlying object model name. Users can refer to [NIST's json outline](https://pages.nist.gov/OSCAL-Reference/models/latest/complete/json-outline/) to understand object names in trestle.
 
 ### Rules for element path
 
-1. Element path is an expression of the attribute names, [in json form](https://pages.nist.gov/OSCAL/reference/latest/complete/json-outline/) , concatenated by a period (`.`).
+1. Element path is an expression of the attribute names, [in json form](https://pages.nist.gov/OSCAL-Reference/models/latest/complete/json-outline/) , concatenated by a period (`.`).
    1. E.g. The metadata in a catalog is referred to as `catalog.metadata`
 1. Element paths are relative to the file.
    1. e.g. For `metadata.json` roles would be referred to as `metadata.roles`, from the catalog file that would be `catalog.metadata.roles`

docs/contributing/trestle_oscal_object_model.md

@@ -9,7 +9,7 @@ This functionality, which is built on [pydantic](https://pydantic-docs.helpmanua
 
 ## Mapping and variance with OSCAL names.
 
-The underlying object model that trestle relies on is the json schema published by NIST [here](https://github.com/usnistgov/OSCAL/tree/main/json/schema). In understanding these models the [model reference page](https://pages.nist.gov/OSCAL/reference/1.0.0/) is an indispensable source.
+The underlying object model that trestle relies on is the json schema published by NIST [here](https://github.com/usnistgov/OSCAL/releases/latest). In understanding these models the [model reference page](https://pages.nist.gov/OSCAL-Reference/models/) is an indispensable source.
 
 When generating the python data class based models we have tried to be as faithful as we can to the naming convention provided by OSCAL. This is the hierarchy of rules that we have used: