Compliance Framework Core

Compliance Framework Core represents the nucleus of the application, serving as the primary facilitator of core functionality and interaction within the system. It is the main driver, accommodating two critical APIs. The first API is designed to deliver comprehensive reports back to the dashboard web application, providing an insightful overview of assessments and aiding in the decision-making process. The second API is tasked with configuring the assessment runtimes, ensuring an optimal operating environment.

A key facet of Compliance Framework Core lies in its utilization of the OSCAL model. As a part of its integral operation, Compliance Framework Core translates between the Compliance Framework runtime and the OSCAL model structures.

Key Components

📄️ Configuration Service

The Configuration Service is responsible for managing configuration updates to the database. This includes CRUD (Create, Read, Update, Delete) operations for Components, Controls, Assessments, and Attestations, as well as some involvement with AttestationJobSpecs (though it might not be responsible for creating the AttestationJobSpecs themselves).

📄️ Runtime Orchestrator

The Runtime Orchestrator orchestrates the creation, deletion, and monitoring of assessment runtimes. It communicates with the event bus to create credentials and provide IDs for any runtime that wants to connect. A cleanup mechanism is also included, utilizing a "healthz" style of uptime monitoring to ensure that the assessment runtimes remain active.