Build CAPCO-shape banner + portion marks. Validate shape, not content. Operators supply real values at runtime.
Real, reproducible output from the tool — runs offline:
$ classmark-emit --version
classmark 0.1.0$ classmark-emit --help
usage: classmark [-h] [--format {console,json,markdown,sarif,oscal}]
[--out OUT] [--fail-on {very_high,high,moderate,low,none}]
[--classification CLASSIFICATION] [-v]
[target]
classmark — Cognis Digital · Military/IC ecosystem
positional arguments:
target Path/target
options:
-h, --help show this help message and exit
--format {console,json,markdown,sarif,oscal}
--out OUT Write output to file
--fail-on {very_high,high,moderate,low,none}
--classification CLASSIFICATION
Operator-supplied banner. PLACEHOLDER. Tool does not
interpret.
-v, --version show program's version number and exitBlocks above are real
classmarkoutput — reproduce them from a clone.
Sample result format (illustrative values — run on your own data for real findings):
{
"finding": {
"id": "1234567890",
"created_at": "2023-02-22T14:30:00Z",
"name": "Suspicious Network Traffic",
"description": "Possible malicious activity detected on network interface 192.168.1.100",
"severity": "high",
"confidence": 0.8,
"labels": ["network", "malware"],
"references": [
{"id": "1234567890-1", "type": "cve", "href": "https://cve.mitre.org/CVE-2022-1234"},
{"id": "1234567890-2", "type": "mitre", "href": "https://attack.mitre.org/techniques/T1059"}
]
}
}
- Install the shared library once for the ecosystem, then this tool's
classmarkcommand:pip install cognis-mil # shared library (once) pip install -e . # this tool
- Run a scan — the positional
targetis a path (defaults to.):classmark ./docs
- Set the classification banner (operator-supplied PLACEHOLDER; the tool does not interpret it) and pick an output format (
console,json,markdown,sarif,oscal):classmark ./docs --classification "UNCLASSIFIED//FOR PUBLIC RELEASE" --format markdown - Write the report to a file for review or evidence:
classmark ./docs --format sarif --out classmark.sarif
- Gate CI / RMF pipelines with
--fail-on(very_high|high|moderate|low|none), which exits1when a finding meets that severity:- run: pip install cognis-mil && pip install -e . - run: classmark . --fail-on high --format sarif --out classmark.sarif
Forks / wraps (original). See UPSTREAM.md for the
licensing posture, supported commits, and how to upgrade.
- ClassificationBanner builder (level/SCI/SAP/dissem/CUI)
- Portion-mark shape validator
- Banner-line scanner for
.txt/.md/.html/.docx/.json - Operator-supplied content only — no real markings shipped
# Shared library (only once for the whole ecosystem):
pip install -e ../../shared
# This tool:
pip install -e .classmark demos/Outputs are available in five formats — all respect an operator-supplied
classification banner (passed via --classification):
classmark <target> --format=console # default
classmark <target> --format=json
classmark <target> --format=sarif # for code-scanning pipelines
classmark <target> --format=markdown # for PRs / briefings
classmark <target> --format=oscal # OSCAL Assessment Results skeletonAll output is wrapped with an operator-supplied classification banner.
Default: UNCLASSIFIED//FOR PUBLIC RELEASE.
⚠️ This tool does not generate or validate the content of higher classifications. Operators on cleared systems supply real markings at runtime. See../shared/cognis_mil/classmark.py.
Every finding can carry references to:
- NIST 800-53 Rev 5 controls (e.g.
AC-2(1)) - DISA STIG rule IDs (e.g.
V-242414) - MITRE ATT&CK technique IDs (e.g.
T1078) - CCI (Control Correlation Identifier)
These are emitted in JSON, SARIF, and the OSCAL skeleton.
- name: classmark scan
run: |
pip install cognis-classmark
classmark . --format=oscal --out=assessment-results.json --fail-on=high
- name: Upload to eMASS/Xacta
run: cognis-rmf-package import assessment-results.json12 repos. All MIT/COCL (Cognis Open Collaboration License)/GPL-3 (per upstream). Cognis additions are COCL (Cognis Open Collaboration License) unless stated otherwise.
See the master index.
classmark composes with the 300+ tool Cognis suite — JSON in/out and a shared
OpenAI-compatible /v1 backbone. See INTEROP.md for the
suite map, composition patterns, and reference stacks.
Forward classmark's findings to STIX/MISP/Sigma/Splunk/Elastic/Slack/webhooks via
cognis-connect. See INTEGRATIONS.md.