Skip to content

cognis-digital/classmark

Repository files navigation

classmark — CAPCO classification-banner library (PLACEHOLDERS ONLY)

CI Classification

Build CAPCO-shape banner + portion marks. Validate shape, not content. Operators supply real values at runtime.

🔎 Example output

Real, reproducible output from the tool — runs offline:

$ classmark-emit --version
classmark 0.1.0
$ classmark-emit --help
usage: classmark [-h] [--format {console,json,markdown,sarif,oscal}]
                 [--out OUT] [--fail-on {very_high,high,moderate,low,none}]
                 [--classification CLASSIFICATION] [-v]
                 [target]

classmark — Cognis Digital · Military/IC ecosystem

positional arguments:
  target                Path/target

options:
  -h, --help            show this help message and exit
  --format {console,json,markdown,sarif,oscal}
  --out OUT             Write output to file
  --fail-on {very_high,high,moderate,low,none}
  --classification CLASSIFICATION
                        Operator-supplied banner. PLACEHOLDER. Tool does not
                        interpret.
  -v, --version         show program's version number and exit

Blocks above are real classmark output — reproduce them from a clone.

Sample result format (illustrative values — run on your own data for real findings):

{
"finding": {
"id": "1234567890",
"created_at": "2023-02-22T14:30:00Z",
"name": "Suspicious Network Traffic",
"description": "Possible malicious activity detected on network interface 192.168.1.100",
"severity": "high",
"confidence": 0.8,
"labels": ["network", "malware"],
"references": [
    {"id": "1234567890-1", "type": "cve", "href": "https://cve.mitre.org/CVE-2022-1234"},
    {"id": "1234567890-2", "type": "mitre", "href": "https://attack.mitre.org/techniques/T1059"}
]
}
}

Usage — step by step

  1. Install the shared library once for the ecosystem, then this tool's classmark command:
    pip install cognis-mil      # shared library (once)
    pip install -e .            # this tool
  2. Run a scan — the positional target is a path (defaults to .):
    classmark ./docs
  3. Set the classification banner (operator-supplied PLACEHOLDER; the tool does not interpret it) and pick an output format (console, json, markdown, sarif, oscal):
    classmark ./docs --classification "UNCLASSIFIED//FOR PUBLIC RELEASE" --format markdown
  4. Write the report to a file for review or evidence:
    classmark ./docs --format sarif --out classmark.sarif
  5. Gate CI / RMF pipelines with --fail-on (very_high|high|moderate|low|none), which exits 1 when a finding meets that severity:
    - run: pip install cognis-mil && pip install -e .
    - run: classmark . --fail-on high --format sarif --out classmark.sarif

Upstream

Forks / wraps (original). See UPSTREAM.md for the licensing posture, supported commits, and how to upgrade.

What this adds for military / IC use

  • ClassificationBanner builder (level/SCI/SAP/dissem/CUI)
  • Portion-mark shape validator
  • Banner-line scanner for .txt/.md/.html/.docx/.json
  • Operator-supplied content only — no real markings shipped

Install

# Shared library (only once for the whole ecosystem):
pip install -e ../../shared

# This tool:
pip install -e .

Demo

classmark demos/

Outputs are available in five formats — all respect an operator-supplied classification banner (passed via --classification):

classmark <target> --format=console     # default
classmark <target> --format=json
classmark <target> --format=sarif       # for code-scanning pipelines
classmark <target> --format=markdown    # for PRs / briefings
classmark <target> --format=oscal       # OSCAL Assessment Results skeleton

Classification banner

All output is wrapped with an operator-supplied classification banner. Default: UNCLASSIFIED//FOR PUBLIC RELEASE.

⚠️ This tool does not generate or validate the content of higher classifications. Operators on cleared systems supply real markings at runtime. See ../shared/cognis_mil/classmark.py.

Compliance crosswalks (built in)

Every finding can carry references to:

  • NIST 800-53 Rev 5 controls (e.g. AC-2(1))
  • DISA STIG rule IDs (e.g. V-242414)
  • MITRE ATT&CK technique IDs (e.g. T1078)
  • CCI (Control Correlation Identifier)

These are emitted in JSON, SARIF, and the OSCAL skeleton.

CI / RMF integration

- name: classmark scan
  run: |
    pip install cognis-classmark
    classmark . --format=oscal --out=assessment-results.json --fail-on=high
- name: Upload to eMASS/Xacta
  run: cognis-rmf-package import assessment-results.json

Part of the Cognis Digital military / IC ecosystem

12 repos. All MIT/COCL (Cognis Open Collaboration License)/GPL-3 (per upstream). Cognis additions are COCL (Cognis Open Collaboration License) unless stated otherwise.

See the master index.

Interoperability

classmark composes with the 300+ tool Cognis suite — JSON in/out and a shared OpenAI-compatible /v1 backbone. See INTEROP.md for the suite map, composition patterns, and reference stacks.

Integrations

Forward classmark's findings to STIX/MISP/Sigma/Splunk/Elastic/Slack/webhooks via cognis-connect. See INTEGRATIONS.md.

About

CAPCO-shape classification banner + portion marking library — placeholders only

Topics

Resources

License

Code of conduct

Stars

0 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors