<a href="https://colab.research.google.com/github/mech0s/nodehenge/blob/main/doc2rdf.ipynb" target="_parent"><img src="https://colab.research.google.com/assets/colab-badge.svg" alt="Open In Colab"/></a>

In [2]:
revision = 7
print ("Revision", revision)

Revision 7


##  Install steps
Remember to re-run for each fresh google colab session

In [3]:
%pip install rdfpandas
%pip install openpyxl

Note: you may need to restart the kernel to use updated packages.
Note: you may need to restart the kernel to use updated packages.


##   Imports

In [4]:
import numpy as np
import pandas as pd
import os

### Optional    google  colab   enhancements

In [5]:
#optional
if 'COLAB_JUPYTER_TOKEN' in os.environ:
  from google.colab import data_table
  data_table.enable_dataframe_formatter()

## Source Data Read/Setup

### Read dodcio DevSecOpsActivitesToolsGuidebookTables.xlsx

In [6]:
sourceURI = "https://dodcio.defense.gov/Portals/0/Documents/Library/DevSecOpsActivitesToolsGuidebookTables.xlsx"
xls = pd.ExcelFile(sourceURI)

In [7]:
# check cheet names
xls.sheet_names

['Cover',
 'Overview',
 'Continuous Activities',
 'Plan',
 'Develop',
 'Build',
 'Test',
 'Release',
 'Deliver',
 'Deploy',
 'Operate',
 'Monitor',
 'Feedback',
 'Tools']

### Setup fixed data

In [8]:
phaseNames = [ 'Plan',
 'Develop',
 'Build',
 'Test',
 'Release',
 'Deliver',
 'Deploy',
 'Operate',
 'Monitor',
 'Feedback']

##  Build phaseActivityDataFrame

One named worksheet per phase: Pull these into a list of DataFrames, adjusting column names to create valid identifiers. Turn NaN entries into blank strings.

In [156]:
phaseDataList = []
phaseOrder = 0
for phName in phaseNames:
  df = pd.read_excel(xls,phName)
  df = df.rename(columns={"Activities":"Activity",
                     "Security / Testing / CM": "SecurityTestingCM",
                     "Tool Dependencies": "ToolDependency",
                     "Tool Dependency": "ToolDependency"
                     })
  # add Phase and order columns - alternative avoid tricky MultiIndex when concatening below
  df["Phase"] = phName
  df["PhaseOrder"] = phaseOrder
  df["OrderInPhase"] = df.index
  phaseOrder+=1
  #
  phaseDataList.append(df.replace(np.nan, ""))

phaseDataList : list of dataframes :- concatenate into one dataframe

In [158]:
phaseActivityDataFrame = pd.concat(phaseDataList)
# MultiIndex example: phaseActivityDataFrame = pd.concat(phaseDataList,keys=phaseNames, names=["Phase","IDinPhase"])

In [159]:
phaseActivityDataFrame

Unnamed: 0,Activity,Baseline,SSDF,Description,Inputs,Outputs,ToolDependency,SecurityTestingCM,Phase,PhaseOrder,OrderInPhase
0,Change management planning,REQUIRED,"PO.1.1, PS.1.1, PS.3.1, PW.6.1",Plan the change control process,Organizational policy;\nSoftware development b...,Change control procedures;\nReview procedures;...,Team collaboration system;\nIssue tracking system,,Plan,0,0
1,Configuration identification,REQUIRED,"PO.2.1, PS.1.1, PW.2.1, PW.4.1, PW.4.2, PW.6.2",Discover or manual input configuration items i...,IT infrastructure asset;\nSoftware system comp...,Configuration items,CMDB;\nSource code repository;\nArtifact repos...,Configuration Management,Plan,0,1
2,Configuration management (CM) planning,REQUIRED,"PO.3.1, PO.3.3, PO.4.1, PO.4.2, PW.2.1",Plan the configuration control process;\nIdent...,"Software development, security and operations ...",CM processes and plan;\nCM tool selection;\nRe...,Team collaboration system;\nIssue tracking system,Configuration Management,Plan,0,2
3,Database design,PREFERRED,"PO.1.2, PO.3.1, PO.5.2, PW.1.1, PW.5.1",Data modeling; \nDatabase selection;\nDatabase...,System requirement;\nSystem design,- Database design document\n-,Data modeling tool;\nTeams collaboration system,,Plan,0,3
4,Design review,PREFERRED,"PO.1.2, PW.1.2, PW.2.1, PW.8.2, RV.2.2",Review and approve plans and documents,Plans and design documents;,Review comments;\nAction items,Team collaboration system,Configuration Management,Plan,0,4
...,...,...,...,...,...,...,...,...,...,...,...
12,Test Audit,REQUIRED,"PO 2.1, \nPS 2.1, \nPW 1.2, \nPW 2.1",Test audit keeps who performs what test at wha...,Test activity and test results,Test audit log,Test management tool,Testing,Monitor,8,12
13,Test configuration audit,PREFERRED,PO 3.3,Track test and security scan results,Test results;,Test configuration audit,Track test and security scan results,Testing,Monitor,8,13
14,User Evaluation / Feedback,REQUIRED,PO.4.2,Collect and analyze user evaluations and/or fe...,Surveys;\nBug reports;\nTrouble tickets,,,Testing,Monitor,8,14
0,Revise Product Backlog,REQUIRED,"PO.1.1, PO.1.2; PO.1.3, PO.3.1, PO.4.1, RV.2.2...","Update the product backlog with new features, ...",Requirements;\nImprovements;\nBugs;\nVulnerabi...,Updates to the Product Backlog,Requirements Management Tool,,Feedback,9,0


In [170]:
### Dataframe slicing examples
phaseActivityDataFrame.iloc[3:39]

Unnamed: 0,Activity,Baseline,SSDF,Description,Inputs,Outputs,ToolDependency,SecurityTestingCM,Phase,PhaseOrder,OrderInPhase
3,Database design,PREFERRED,"PO.1.2, PO.3.1, PO.5.2, PW.1.1, PW.5.1",Data modeling; \nDatabase selection;\nDatabase...,System requirement;\nSystem design,- Database design document\n-,Data modeling tool;\nTeams collaboration system,,Plan,0,3
4,Design review,PREFERRED,"PO.1.2, PW.1.2, PW.2.1, PW.8.2, RV.2.2",Review and approve plans and documents,Plans and design documents;,Review comments;\nAction items,Team collaboration system,Configuration Management,Plan,0,4
5,DevSecOps process design,REQUIRED,PO.1.1,Design the DevSecOps process workflows that ar...,Change management process;\nSystem design;\nRe...,DevSecOps process flow chart;\nDevSecOps ecosy...,Team collaboration system,,Plan,0,5
6,Documentation version control,REQUIRED,"PO.1.1, PO.1.2, PO.1.3, PS.1.1",Track design changes,Plans and design documents;,Version controlled documents,Team collaboration system,Configuration Management,Plan,0,6
7,IaC deployment,REQUIRED,"PO.3.2, PO.3.3",Deploy infrastructure and set up environment u...,Artifacts (Infrastructure as Code)\nInfrastruc...,The environment ready,Configuration automation tool;\nIaC,,Plan,0,7
8,Mission-Based Cyber Risk Assessments,REQUIRED,"PW.7.2, RV.1.1, RV.1.2, RV.2.1, RV.3.1, RV.3.2...",An assessment of risks based upon the stated m...,NIST 800-53 RMF Control Implementations\nFIPS ...,Risk assessment,Risk assessment tool,Security,Plan,0,8
9,Project/Release planning,REQUIRED,"PS.3.1, PS.3.2",Project task management\nRelease planning,Project charter\nProject constraints,Project Plan\nTask plan & schedule\nRelease pl...,Team collaboration system;\nProject management...,,Plan,0,9
10,Project team onboarding planning,REQUIRED,"PO.2.1, PO.2.2, PO.2.3","Plan the project team onboarding process, inte...",Organization policy,Onboarding plan,Team collaboration system,,Plan,0,10
11,Risk management,REQUIRED,"PO.1.2, PO.3.1, PO.4.1, PW.1.1, PW.1.2, PW.2.1...",Risk assessment,System architecture;\nSupply chain information...,Risk management plan,Team collaboration system;,,Plan,0,11
12,Software requirement analysis,REQUIRED,"PO.1.1, PO.1.2, PO.1.3",Gather the requirements from all stakeholders,Stakeholder inputs or feedback;\nOperation mon...,Requirements Documents:\n- Feature requirement...,Requirements tool;\nTeam collaboration system;...,,Plan,0,12


In [174]:
### Dataframe ordering and filtering examples
phaseActivityDataFrame.sort_values(["PhaseOrder","OrderInPhase"])[phaseActivityDataFrame["Phase"]>="Plan"]

Unnamed: 0,Activity,Baseline,SSDF,Description,Inputs,Outputs,ToolDependency,SecurityTestingCM,Phase,PhaseOrder,OrderInPhase
0,Change management planning,REQUIRED,"PO.1.1, PS.1.1, PS.3.1, PW.6.1",Plan the change control process,Organizational policy;\nSoftware development b...,Change control procedures;\nReview procedures;...,Team collaboration system;\nIssue tracking system,,Plan,0,0
1,Configuration identification,REQUIRED,"PO.2.1, PS.1.1, PW.2.1, PW.4.1, PW.4.2, PW.6.2",Discover or manual input configuration items i...,IT infrastructure asset;\nSoftware system comp...,Configuration items,CMDB;\nSource code repository;\nArtifact repos...,Configuration Management,Plan,0,1
2,Configuration management (CM) planning,REQUIRED,"PO.3.1, PO.3.3, PO.4.1, PO.4.2, PW.2.1",Plan the configuration control process;\nIdent...,"Software development, security and operations ...",CM processes and plan;\nCM tool selection;\nRe...,Team collaboration system;\nIssue tracking system,Configuration Management,Plan,0,2
3,Database design,PREFERRED,"PO.1.2, PO.3.1, PO.5.2, PW.1.1, PW.5.1",Data modeling; \nDatabase selection;\nDatabase...,System requirement;\nSystem design,- Database design document\n-,Data modeling tool;\nTeams collaboration system,,Plan,0,3
4,Design review,PREFERRED,"PO.1.2, PW.1.2, PW.2.1, PW.8.2, RV.2.2",Review and approve plans and documents,Plans and design documents;,Review comments;\nAction items,Team collaboration system,Configuration Management,Plan,0,4
5,DevSecOps process design,REQUIRED,PO.1.1,Design the DevSecOps process workflows that ar...,Change management process;\nSystem design;\nRe...,DevSecOps process flow chart;\nDevSecOps ecosy...,Team collaboration system,,Plan,0,5
6,Documentation version control,REQUIRED,"PO.1.1, PO.1.2, PO.1.3, PS.1.1",Track design changes,Plans and design documents;,Version controlled documents,Team collaboration system,Configuration Management,Plan,0,6
7,IaC deployment,REQUIRED,"PO.3.2, PO.3.3",Deploy infrastructure and set up environment u...,Artifacts (Infrastructure as Code)\nInfrastruc...,The environment ready,Configuration automation tool;\nIaC,,Plan,0,7
8,Mission-Based Cyber Risk Assessments,REQUIRED,"PW.7.2, RV.1.1, RV.1.2, RV.2.1, RV.3.1, RV.3.2...",An assessment of risks based upon the stated m...,NIST 800-53 RMF Control Implementations\nFIPS ...,Risk assessment,Risk assessment tool,Security,Plan,0,8
9,Project/Release planning,REQUIRED,"PS.3.1, PS.3.2",Project task management\nRelease planning,Project charter\nProject constraints,Project Plan\nTask plan & schedule\nRelease pl...,Team collaboration system;\nProject management...,,Plan,0,9


In [176]:
### Dataframe selection examples
phaseActivityDataFrame[["Phase","Baseline"]]

Unnamed: 0,Phase,Baseline
0,Plan,REQUIRED
1,Plan,REQUIRED
2,Plan,REQUIRED
3,Plan,PREFERRED
4,Plan,PREFERRED
...,...,...
12,Monitor,REQUIRED
13,Monitor,PREFERRED
14,Monitor,REQUIRED
0,Feedback,REQUIRED


## TODO : Other sheets / regions