Rapid ATO is system designed to simplify the process of creating a System Security Plan. The system uses OSCAL formatted Component Definitions to help you create an OSCAL formatted SSP.
-
Docker & Docker Compose
-
Python3
-
Django
pip3 install Django -
Django Virtual Environment /path-to-api/
The easiest way to get up and running is to copy the docker-compose.yml.example file in the project root up a
directory; cp docker-compose.yml.example ../docker-compose.yml. Then run docker-compose up to start the
containers. The docker-compose file expects there to be two directories; atoasap_api
and atoasap_ui The atoasap_ui is a React frontend that is configured
to run with the Rapid ATO API.
Once your containers start, you will need to enter the API container and run the following commands:
When developing locally, it's useful to have an admin user. To add a super-user to your local database, enter the API container and run:
python3 manage.py createsuperuserAnd enter a username and password when prompted. This will allow access to access the admin site, http://localhost:8080/admin/ where the database can be interacted with directly.
When there are changes to the database models, migrations will need to be executed:
python3 manage.py migrateFor more information about database migrations, see this.
Import Control Catalogs
Rapid ATO comes with a couple control catalogs that can be imported and used with the system. Import them with the following command:
python3 manage.py load_catalog --load-standard-catalogsImport Components
python3 manage.py load_componentsRun unit tests:
# To run all the tests
python3 manage.py test
# Or, to run a specific test(s), add the name of the directory path or the specific test within the directory path and
# file.
# Examples:
python3 manage.py test directory
python3 manage.py test directory.filename
python3 manage.py test directory.filename.TestClassNameTo run the server (outside the docker container), first set the following environment variables:
- POSTGRES_DB_HOST=localhost
- POSTGRES_DB_NAME
- POSTGRES_PASSWORD
- POSTGRES_USER
Where POSTGRES_DB_NAME, POSTGRES_PASSWORD, and POSTGRES_USER will need to correspond to the database name and
postgres super-user created during database setup.
Then run the server:
python3 manage.py runserverGo to http://localhost:8000/doc/ to see the SwaggerUI Go to http://localhost:8000/doc.json or http://localhost:8000/doc.yaml to see the unformatted spec
Go to http://localhost:8080/ to see the index page of the REST framework UI. Any request defined in for the API can be executed in a browser and viewed via this UI, but actions/data may be restricted until a user logs in with appropriate permissions.
A pre-commit configuration is included in the repo to assist in the development workflow. It's not required for development, but can be useful.
To use pre-commit, ensure that you have installed pre-commit on your machine and that
you have instantiated pre-commit in the rapid ato API repository by running pre-commit install in the root of your
local copy of the repo.
Once you have pre-commit installed, pre-commit hooks will run each time that you do a git commit. pre-commit
will try to resolve many issues, but you will be required to resolve those that it cannot before pushing your code.