github.com/gemaraproj/gemara@v1.3.0

evaluationlog.cue raw

 1// SPDX-License-Identifier: Apache-2.0
 2
 3// Schema lifecycle: experimental | stable | deprecated
 4@status("stable")
 5package gemara
 6
 7@go(gemara)
 8
 9// EvaluationLog contains the results of evaluating a set of Layer 2 controls.
10#EvaluationLog: {
11	#Log
12	metadata: type: "EvaluationLog"
13	// result is the aggregate outcome across all evaluations in this log
14	result: #Result
15	evaluations: [#ControlEvaluation, ...#ControlEvaluation] @go(Evaluations,type=[]*ControlEvaluation)
16}
17
18// ControlEvaluation contains the results of evaluating a single Layer 5 control.
19#ControlEvaluation: {
20	name:    string
21	result:  #Result
22	message: string
23	control: #EntryMapping
24	"assessment-logs": [#AssessmentLog, ...#AssessmentLog] @go(AssessmentLogs,type=[]*AssessmentLog)
25	// Enforce that control reference and the assessments' references match
26	// This formulation uses the control's reference if the assessment doesn't include a reference
27	"assessment-logs": [...{
28		requirement: "reference-id": (control."reference-id")
29	}]
30}
31
32// AssessmentLog contains the results of executing a single assessment procedure for a control requirement.
33#AssessmentLog: {
34	// Requirement should map to the assessment requirement for this assessment.
35	requirement: #EntryMapping
36	// Plan maps to the policy assessment plan being executed.
37	plan?: #EntryMapping @go(Plan,optional=nillable)
38	// Description provides a summary of the assessment procedure.
39	description: string
40	// Result is the overall outcome of the assessment procedure, matching the result of the last step that was run.
41	result: #Result
42	// Message provides additional context about the assessment result.
43	message: string
44	// Applicability is elevated from the Layer 2 Assessment Requirement to aid in execution and reporting.
45	applicability: [string, ...string] @go(Applicability,type=[]string)
46	// Steps are sequential actions taken as part of the assessment, which may halt the assessment if a failure occurs.
47	steps: [#AssessmentStep, ...#AssessmentStep]
48	// Steps-executed is the number of steps that were executed as part of the assessment.
49	"steps-executed"?: int @go(StepsExecuted)
50	// Start is the timestamp when the assessment began.
51	start: #Datetime
52	// End is the timestamp when the assessment concluded.
53	end?: #Datetime
54	// Recommendation provides guidance on how to address a failed assessment.
55	recommendation?: string
56	// ConfidenceLevel indicates the evaluator's confidence level in this specific assessment result.
57	"confidence-level"?: #ConfidenceLevel @go(ConfidenceLevel)
58	// Evidence records the raw data cited to support this assessment's opinion.
59	evidence?: [#Evidence, ...#Evidence] @go(Evidence)
60}
61
62#AssessmentStep: string @go(-)
63
64#Result: "Not Run" | "Passed" | "Failed" | "Needs Review" | "Not Applicable" | "Unknown" @go(-)