Skip to content

feat(poam): BCH-1186 — promote risk to POAM item #362

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
gusfcarvalho merged 8 commits into from
Mar 27, 2026
Merged

feat(poam): BCH-1186 — promote risk to POAM item #362

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
86bbe65
feat(poam): BCH-1186 — promote risk to POAM item
AKAbdulHanif Mar 24, 2026
1099a49
fix(poam): BCH-1186 CI fixes — regenerate swagger docs and fix test o…
AKAbdulHanif Mar 24, 2026
dd67d96
fix(poam): BCH-1186 address review comments — investigating status + …
AKAbdulHanif Mar 25, 2026
e54081c
fix(poam): replace poc_name/poc_email with primaryOwnerUserId on Poam…
AKAbdulHanif Mar 25, 2026
c61da23
fix(poam): BCH-1186 CI fixes — swag fmt formatting and test owner inh…
AKAbdulHanif Mar 25, 2026
acc2fb6
fix(poam): BCH-1186 address PR #362 review comments
AKAbdulHanif Mar 26, 2026
ece9201
fix(poam): normalise swag fmt whitespace in validateStatusTransition map
AKAbdulHanif Mar 26, 2026
6c5947b
Merge branch 'main' into feat/poam-promote-to-poam
gusfcarvalho Mar 27, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
179 changes: 179 additions & 0 deletions docs/docs.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18666,6 +18666,82 @@ const docTemplate = `{
]
}
},
"/oscal/system-security-plans/{sspId}/risks/{id}/promote-to-poam": {
"post": {
"description": "Promotes an investigating risk to a POAM item, scoped to a specific SSP. The risk must belong to the given SSP and be in investigating status. On success, the risk transitions to mitigating-planned.",
"consumes": [
"application/json"
],
"produces": [
"application/json"
],
"tags": [
"Risks"
],
"summary": "Promote risk to POAM item (SSP-scoped)",
"parameters": [
{
"type": "string",
"description": "SSP ID",
"name": "sspId",
"in": "path",
"required": true
},
{
"type": "string",
"description": "Risk ID",
"name": "id",
"in": "path",
"required": true
},
{
"description": "Promotion payload",
"name": "body",
"in": "body",
"schema": {
"$ref": "#/definitions/handler.promoteToPoamRequest"
}
}
],
"responses": {
"201": {
"description": "Created",
"schema": {
"$ref": "#/definitions/handler.GenericDataResponse-handler_poamItemResponse"
}
},
"400": {
"description": "Bad Request",
"schema": {
"$ref": "#/definitions/api.Error"
}
},
"404": {
"description": "Not Found",
"schema": {
"$ref": "#/definitions/api.Error"
}
},
"422": {
"description": "Unprocessable Entity",
"schema": {
"$ref": "#/definitions/api.Error"
}
},
"500": {
"description": "Internal Server Error",
"schema": {
"$ref": "#/definitions/api.Error"
}
}
},
"security": [
{
"OAuth2Password": []
}
]
}
},
"/oscal/system-security-plans/{sspId}/risks/{id}/remediation-template": {
"get": {
"description": "Gets the remediation template linked to a risk scoped to an SSP.",
Expand Down Expand Up @@ -21594,6 +21670,75 @@ const docTemplate = `{
]
}
},
"/risks/{id}/promote-to-poam": {
"post": {
"description": "Promotes an investigating risk to a POAM item and transitions the risk to mitigating-planned. The risk must be in investigating status (risk-accepted risks cannot be promoted — they have been formally accepted as tolerable). The POAM item is pre-populated from the risk's data and any RemediationTemplate tasks. The entire operation is transactional.",
"consumes": [
"application/json"
],
"produces": [
"application/json"
],
"tags": [
"Risks"
],
"summary": "Promote risk to POAM item",
"parameters": [
{
"type": "string",
"description": "Risk ID",
"name": "id",
"in": "path",
"required": true
},
{
"description": "Promotion payload",
"name": "body",
"in": "body",
"schema": {
"$ref": "#/definitions/handler.promoteToPoamRequest"
}
}
],
"responses": {
"201": {
"description": "Created",
"schema": {
"$ref": "#/definitions/handler.GenericDataResponse-handler_poamItemResponse"
}
},
"400": {
"description": "Bad Request",
"schema": {
"$ref": "#/definitions/api.Error"
}
},
"404": {
"description": "Not Found",
"schema": {
"$ref": "#/definitions/api.Error"
}
},
"422": {
"description": "Unprocessable Entity",
"schema": {
"$ref": "#/definitions/api.Error"
}
},
"500": {
"description": "Internal Server Error",
"schema": {
"$ref": "#/definitions/api.Error"
}
}
},
"security": [
{
"OAuth2Password": []
}
]
}
},
"/risks/{id}/remediation-template": {
"get": {
"description": "Gets the remediation template linked to a risk.",
Expand Down Expand Up @@ -28177,6 +28322,9 @@ const docTemplate = `{
"primaryOwnerUserId": {
"type": "string"
},
"resourceRequired": {
"type": "string"
},
"riskIds": {
"type": "array",
"items": {
Expand Down Expand Up @@ -28388,6 +28536,9 @@ const docTemplate = `{
"primaryOwnerUserId": {
"type": "string"
},
"resourceRequired": {
"type": "string"
},
"riskLinks": {
"type": "array",
"items": {
Expand All @@ -28411,6 +28562,34 @@ const docTemplate = `{
}
}
},
"handler.promoteToPoamRequest": {
"type": "object",
"properties": {
"deadline": {
"description": "Deadline maps to PoamItem.PlannedCompletionDate.",
"type": "string"
},
"milestones": {
"description": "Milestones are additional milestones to append after any copied from the\nrisk's RemediationTemplate.",
"type": "array",
"items": {
"$ref": "#/definitions/handler.createMilestoneRequest"
}
},
"primaryOwnerUserId": {
"description": "PrimaryOwnerUserID optionally overrides the POAM item owner.\nIf omitted, the risk's own PrimaryOwnerUserID is inherited automatically.",
"type": "string"
},
"resourceRequired": {
"description": "ResourceRequired is a free-text planning field describing effort or budget needed.",
"type": "string"
},
"title": {
"description": "Title overrides the risk's title as the POAM item title.\nIf omitted, the risk's own title is used.",
"type": "string"
}
}
},
"handler.publicUserResponse": {
"type": "object",
"properties": {
Expand Down
Loading
Loading