1 - lula

Lula CLI command reference for lula.

lula

Risk Management as Code

Synopsis

Real Time Risk Transparency through automated validation

Options

  -h, --help               help for lula
  -l, --log-level string   Log level when running Lula. Valid options are: warn, info, debug, trace (default "info")

SEE ALSO

  • lula completion - Generate the autocompletion script for the specified shell
  • lula console - Console terminal user interface for OSCAL models
  • lula dev - Collection of dev commands to make dev life easier
  • lula evaluate - evaluate two results of a Security Assessment Results
  • lula generate - Generate a specified compliance artifact template
  • lula report - Build a compliance report
  • lula tools - Collection of additional commands to make OSCAL easier
  • lula validate - validate an OSCAL component definition
  • lula version - Shows the current version of the Lula binary

2 - lula completion

Lula CLI command reference for lula completion.

lula completion

Generate the autocompletion script for the specified shell

Synopsis

Generate the autocompletion script for lula for the specified shell. See each sub-command’s help for details on how to use the generated script.

Options

  -h, --help   help for completion

Options inherited from parent commands

  -l, --log-level string   Log level when running Lula. Valid options are: warn, info, debug, trace (default "info")

SEE ALSO

3 - lula completion bash

Lula CLI command reference for lula completion bash.

lula completion bash

Generate the autocompletion script for bash

Synopsis

Generate the autocompletion script for the bash shell.

This script depends on the ‘bash-completion’ package. If it is not installed already, you can install it via your OS’s package manager.

To load completions in your current shell session:

source <(lula completion bash)

To load completions for every new session, execute once:

Linux:

lula completion bash > /etc/bash_completion.d/lula

macOS:

lula completion bash > $(brew --prefix)/etc/bash_completion.d/lula

You will need to start a new shell for this setup to take effect.

lula completion bash

Options

  -h, --help              help for bash
      --no-descriptions   disable completion descriptions

Options inherited from parent commands

  -l, --log-level string   Log level when running Lula. Valid options are: warn, info, debug, trace (default "info")

SEE ALSO

  • lula completion - Generate the autocompletion script for the specified shell

4 - lula completion fish

Lula CLI command reference for lula completion fish.

lula completion fish

Generate the autocompletion script for fish

Synopsis

Generate the autocompletion script for the fish shell.

To load completions in your current shell session:

lula completion fish | source

To load completions for every new session, execute once:

lula completion fish > ~/.config/fish/completions/lula.fish

You will need to start a new shell for this setup to take effect.

lula completion fish [flags]

Options

  -h, --help              help for fish
      --no-descriptions   disable completion descriptions

Options inherited from parent commands

  -l, --log-level string   Log level when running Lula. Valid options are: warn, info, debug, trace (default "info")

SEE ALSO

  • lula completion - Generate the autocompletion script for the specified shell

5 - lula completion powershell

Lula CLI command reference for lula completion powershell.

lula completion powershell

Generate the autocompletion script for powershell

Synopsis

Generate the autocompletion script for powershell.

To load completions in your current shell session:

lula completion powershell | Out-String | Invoke-Expression

To load completions for every new session, add the output of the above command to your powershell profile.

lula completion powershell [flags]

Options

  -h, --help              help for powershell
      --no-descriptions   disable completion descriptions

Options inherited from parent commands

  -l, --log-level string   Log level when running Lula. Valid options are: warn, info, debug, trace (default "info")

SEE ALSO

  • lula completion - Generate the autocompletion script for the specified shell

6 - lula completion zsh

Lula CLI command reference for lula completion zsh.

lula completion zsh

Generate the autocompletion script for zsh

Synopsis

Generate the autocompletion script for the zsh shell.

If shell completion is not already enabled in your environment you will need to enable it. You can execute the following once:

echo "autoload -U compinit; compinit" >> ~/.zshrc

To load completions in your current shell session:

source <(lula completion zsh)

To load completions for every new session, execute once:

Linux:

lula completion zsh > "${fpath[1]}/_lula"

macOS:

lula completion zsh > $(brew --prefix)/share/zsh/site-functions/_lula

You will need to start a new shell for this setup to take effect.

lula completion zsh [flags]

Options

  -h, --help              help for zsh
      --no-descriptions   disable completion descriptions

Options inherited from parent commands

  -l, --log-level string   Log level when running Lula. Valid options are: warn, info, debug, trace (default "info")

SEE ALSO

  • lula completion - Generate the autocompletion script for the specified shell

7 - lula console

Lula CLI command reference for lula console.

lula console

Console terminal user interface for OSCAL models

Synopsis

The Lula Console is a text-based terminal user interface that allows users to interact with the OSCAL documents in a more intuitive and visual way.

lula console [flags]

Examples


To view an OSCAL model in the Console:
	lula console -f /path/to/oscal-component.yaml

To view multiple OSCAL models in the Console:
	lula console -f /path/to/oscal-component.yaml,/path/to/oscal-assessment-results.yaml

To specify an output file to save any changes made to the component definition:
	lula console -f /path/to/oscal-component.yaml -c /path/to/output.yaml

To specify an output file to save component definition assessment results:
	lula console -f /path/to/oscal-component.yaml -a /path/to/output.yaml

Options

  -a, --assessment-output string   the path to the assessment results output file
  -c, --component-output string    the path to the component definition output file
  -h, --help                       help for console
  -f, --input-files strings        the path to the target OSCAL models, comma separated

Options inherited from parent commands

  -l, --log-level string   Log level when running Lula. Valid options are: warn, info, debug, trace (default "info")

SEE ALSO

  • lula - Risk Management as Code

8 - lula dev

Lula CLI command reference for lula dev.

lula dev

Collection of dev commands to make dev life easier

Options

  -h, --help          help for dev
  -s, --set strings   set a value in the template data

Options inherited from parent commands

  -l, --log-level string   Log level when running Lula. Valid options are: warn, info, debug, trace (default "info")

SEE ALSO

9 - lula dev get-resources

Lula CLI command reference for lula dev get-resources.

lula dev get-resources

Get Resources from a Lula Validation Manifest

Synopsis

Get the JSON resources specified in a Lula Validation Manifest

lula dev get-resources [flags]

Examples


To get resources from lula validation manifest:
	lula dev get-resources -f /path/to/validation.yaml
To get resources from lula validation manifest and write to file:
	lula dev get-resources -f /path/to/validation.yaml -o /path/to/output.json
To get resources from lula validation and automatically confirm execution
	lula dev get-resources -f /path/to/validation.yaml --confirm-execution
To run validations using stdin:
	cat /path/to/validation.yaml | lula dev get-resources
To hang indefinitely for stdin:
	lula get-resources -t -1
To hang for timeout of 5 seconds:
	lula get-resources -t 5

Options

      --confirm-execution    confirm execution scripts run as part of getting resources
  -h, --help                 help for get-resources
  -f, --input-file string    the path to a validation manifest file (default "0")
  -o, --output-file string   the path to write the resources json
  -t, --timeout int          the timeout for stdin (in seconds, -1 for no timeout) (default 1)

Options inherited from parent commands

  -l, --log-level string   Log level when running Lula. Valid options are: warn, info, debug, trace (default "info")
  -s, --set strings        set a value in the template data

SEE ALSO

  • lula dev - Collection of dev commands to make dev life easier

10 - lula dev lint

Lula CLI command reference for lula dev lint.

lula dev lint

Lint validation files against schema

Synopsis

Validate validation files are properly configured against the schema, file paths can be local or URLs (https://)

lula dev lint [flags]

Examples


To lint existing validation files:
	lula dev lint -f <path1>,<path2>,<path3> [-r <result-file>]

Options

  -h, --help                  help for lint
  -f, --input-files strings   the paths to validation files (comma-separated)
  -r, --result-file string    the path to write the validation result

Options inherited from parent commands

  -l, --log-level string   Log level when running Lula. Valid options are: warn, info, debug, trace (default "info")
  -s, --set strings        set a value in the template data

SEE ALSO

  • lula dev - Collection of dev commands to make dev life easier

11 - lula dev validate

Lula CLI command reference for lula dev validate.

lula dev validate

Run an individual Lula validation.

Synopsis

Run an individual Lula validation for quick testing and debugging of a Lula Validation. This command is intended for development purposes only.

lula dev validate [flags]

Examples


To run validation from a lula validation manifest:
	lula dev validate -f /path/to/validation.yaml
To run validation using a custom resources file:
	lula dev validate -f /path/to/validation.yaml -r /path/to/resources.json
To run validation and automatically confirm execution
	lula dev validate -f /path/to/validation.yaml --confirm-execution
To run validation from stdin:
	cat /path/to/validation.yaml | lula dev validate
To hang indefinitely for stdin:
	lula dev validate -t -1
To hang for timeout of 5 seconds:
	lula dev validate -t 5

Options

      --confirm-execution       confirm execution scripts run as part of the validation
  -e, --expected-result         the expected result of the validation (-e=false for failing result) (default true)
  -h, --help                    help for validate
  -f, --input-file string       the path to a validation manifest file (default "0")
  -o, --output-file string      the path to write the validation with results
      --print-test-resources    whether to print resources used for tests; prints <test-name>.json to the validation directory
  -r, --resources-file string   the path to an optional resources file
      --run-tests               run tests specified in the validation
  -t, --timeout int             the timeout for stdin (in seconds, -1 for no timeout) (default 1)

Options inherited from parent commands

  -l, --log-level string   Log level when running Lula. Valid options are: warn, info, debug, trace (default "info")
  -s, --set strings        set a value in the template data

SEE ALSO

  • lula dev - Collection of dev commands to make dev life easier

12 - lula evaluate

Lula CLI command reference for lula evaluate.

lula evaluate

evaluate two results of a Security Assessment Results

Synopsis

Lula evaluation of Security Assessment Results

lula evaluate [flags]

Examples


To evaluate the latest results in two assessment results files:
	lula evaluate -f assessment-results-threshold.yaml -f assessment-results-new.yaml

To evaluate two results (threshold and latest) in a single OSCAL file:
	lula evaluate -f assessment-results.yaml

To target a specific framework for validation:
	lula evaluate -f assessment-results.yaml --target critical

Options

  -h, --help                 help for evaluate
  -f, --input-file strings   Path to the file to be evaluated
  -s, --summary              Print a summary of the evaluation
  -t, --target string        the specific control implementations or framework to validate against

Options inherited from parent commands

  -l, --log-level string   Log level when running Lula. Valid options are: warn, info, debug, trace (default "info")

SEE ALSO

  • lula - Risk Management as Code

13 - lula generate

Lula CLI command reference for lula generate.

lula generate

Generate a specified compliance artifact template

Options

  -h, --help                 help for generate
  -f, --input-file string    Path to a manifest file
  -o, --output-file string   Path and Name to an output file

Options inherited from parent commands

  -l, --log-level string   Log level when running Lula. Valid options are: warn, info, debug, trace (default "info")

SEE ALSO

14 - lula generate component

Lula CLI command reference for lula generate component.

lula generate component

Generate a component definition OSCAL template

lula generate component [flags]

Examples


To generate a new component-definition template:
lula generate component -c <catalog source url> -r control-a,control-b,control-c
- IE lula generate component -c https://raw.githubusercontent.com/usnistgov/oscal-content/master/nist.gov/SP800-53/rev5/json/NIST_SP-800-53_rev5_catalog.json -r ac-1,ac-2,au-5

To Generate and merge with an existing Component Definition:
lula generate component -c <catalog source url> -r control-a,control-b,control-c -o existing-component.yaml

To Generate a component definition with a specific "named" component:
lula generate component -c <catalog source url> -r control-a --component "Software X"

To Generate a component definition with remarks populated from specific control "parts":
lula generate component -c <catalog source url> -r control-a --remarks guidance,assessment-objective

Options

  -c, --catalog-source string   Catalog source location (local or remote)
      --component string        Component Title
      --framework string        Control-Implementation collection that these controls belong to
  -h, --help                    help for component
  -p, --profile string          Profile source location (local or remote)
      --remarks strings         Target for remarks population (default = statement)
  -r, --requirements strings    List of requirements to capture

Options inherited from parent commands

  -f, --input-file string    Path to a manifest file
  -l, --log-level string     Log level when running Lula. Valid options are: warn, info, debug, trace (default "info")
  -o, --output-file string   Path and Name to an output file

SEE ALSO

  • lula generate - Generate a specified compliance artifact template

15 - lula generate profile

Lula CLI command reference for lula generate profile.

lula generate profile

Generate a profile OSCAL artifact

Synopsis

Generation of a Profile OSCAL artifact with controls included or excluded from a source catalog/profile.

lula generate profile [flags]

Examples


To generate a profile with included controls:
	lula generate profile -s <catalog/profile source> -i ac-1,ac-2,ac-3

To specify the name and filetype of the generated artifact:
	lula generate profile -s <catalog/profile source> -i ac-1,ac-2,ac-3 -o my_profile.yaml

To generate a profile that includes all controls except a list specified controls:
	lula generate profile -s <catalog/profile source> -e ac-1,ac-2,ac-3

Options

  -a, --all                  Include all controls from the source catalog/profile
  -e, --exclude strings      comma delimited list of controls to exclude from the source catalog/profile
  -h, --help                 help for profile
  -i, --include strings      comma delimited list of controls to include from the source catalog/profile
  -o, --output-file string   the path to the output file. If not specified, the output file will be directed to stdout
  -s, --source string        the path to the source catalog/profile

Options inherited from parent commands

  -f, --input-file string   Path to a manifest file
  -l, --log-level string    Log level when running Lula. Valid options are: warn, info, debug, trace (default "info")

SEE ALSO

  • lula generate - Generate a specified compliance artifact template

16 - lula generate system-security-plan

Lula CLI command reference for lula generate system-security-plan.

lula generate system-security-plan

Generate a system security plan OSCAL artifact

Synopsis

Generation of a System Security Plan OSCAL artifact from a source profile along with an optional list of component definitions.

lula generate system-security-plan [flags]

Examples


To generate a system security plan from profile and component definition:
	lula generate system-security-plan -p <path/to/profile> -c <path/to/component-definition>

To specify the name and filetype of the generated artifact:
	lula generate system-security-plan -p <path/to/profile> -c <path/to/component-definition> -o my_ssp.yaml

Options

  -c, --components strings                      comma delimited list the paths to the component definitions to include for the SSP
  -h, --help                                    help for system-security-plan
  -o, --output-file system-security-plan.yaml   the path to the output file. If not specified, the output file will default to system-security-plan.yaml
  -p, --profile string                          the path to the imported profile
      --remarks strings                         Target for remarks population (default [statement])

Options inherited from parent commands

  -f, --input-file string   Path to a manifest file
  -l, --log-level string    Log level when running Lula. Valid options are: warn, info, debug, trace (default "info")

SEE ALSO

  • lula generate - Generate a specified compliance artifact template

17 - lula report

Lula CLI command reference for lula report.

lula report

Build a compliance report

lula report [flags]

Examples


To create a new report:
lula report -f oscal-component-definition.yaml

To create a new report in json format:
lula report -f oscal-component-definition.yaml --file-format json

To create a new report in yaml format:
lula report -f oscal-component-definition.yaml --file-format yaml

Options

      --file-format string   File format of the report (default "table")
  -h, --help                 help for report
  -f, --input-file string    Path to an OSCAL file

Options inherited from parent commands

  -l, --log-level string   Log level when running Lula. Valid options are: warn, info, debug, trace (default "info")

SEE ALSO

  • lula - Risk Management as Code

18 - lula tools

Lula CLI command reference for lula tools.

lula tools

Collection of additional commands to make OSCAL easier

Options

  -h, --help   help for tools

Options inherited from parent commands

  -l, --log-level string   Log level when running Lula. Valid options are: warn, info, debug, trace (default "info")

SEE ALSO

19 - lula tools compose

Lula CLI command reference for lula tools compose.

lula tools compose

compose an OSCAL component definition

Synopsis

Lula Composition of an OSCAL component definition. Used to compose remote validations within a component definition in order to resolve any references for portability.

Supports templating of the composed component definition with the following configuration options:

  • To compose with templating applied, specify ‘–render, -r’ with values of ‘all’, ’non-sensitive’, ‘constants’, or ‘masked’ (choice will depend on the use case for the composed content)
  • To render Lula Validations include ‘–render-validations’
  • To perform any manual overrides to the template data, specify ‘–set, -s’ with the format ‘.const.key=value’ or ‘.var.key=value’
lula tools compose [flags]

Examples


To compose an OSCAL Model:
	lula tools compose -f ./oscal-component.yaml

To indicate a specific output file:
	lula tools compose -f ./oscal-component.yaml -o composed-oscal-component.yaml

Options

  -h, --help                    help for compose
  -f, --input-file string       the path to the target OSCAL component definition
  -o, --output-file -composed   the path to the output file. If not specified, the output file will be the original filename with -composed appended
  -r, --render string           values to render the template with, options are: masked, constants, non-sensitive, all
      --render-validations      extend render to remote Lula Validations
  -s, --set strings             set value overrides for templated data

Options inherited from parent commands

  -l, --log-level string   Log level when running Lula. Valid options are: warn, info, debug, trace (default "info")

SEE ALSO

  • lula tools - Collection of additional commands to make OSCAL easier

20 - lula tools lint

Lula CLI command reference for lula tools lint.

lula tools lint

Validate OSCAL against schema

Synopsis

Validate OSCAL documents are properly configured against the OSCAL schema

lula tools lint [flags]

Examples


To lint existing OSCAL files:
	lula tools lint -f <path1>,<path2>,<path3> [-r <result-file>]


Options

  -h, --help                  help for lint
  -f, --input-files strings   the paths to oscal json schema files (comma-separated)
  -r, --result-file string    the path to write the validation result

Options inherited from parent commands

  -l, --log-level string   Log level when running Lula. Valid options are: warn, info, debug, trace (default "info")

SEE ALSO

  • lula tools - Collection of additional commands to make OSCAL easier

21 - lula tools print

Lula CLI command reference for lula tools print.

lula tools print

Print Resources or Lula Validation from an Assessment Observation

Synopsis

Prints out data about an OSCAL Observation from the OSCAL Assessment Results model. Given “–resources”, the command will print the JSON resources input that were provided to a Lula Validation, as identified by a given observation and assessment results file. Given “–validation”, the command will print the Lula Validation that generated a given observation, as identified by a given observation, assessment results file, and component definition file.

lula tools print [flags]

Examples


To print resources from lula validation manifest:
	lula tools print --resources --assessment /path/to/assessment.yaml --observation-uuid <observation-uuid>

To print resources from lula validation manifest to output file:
	lula tools print --resources --assessment /path/to/assessment.yaml --observation-uuid <observation-uuid> --output-file /path/to/output.json

To print the lula validation that generated a given observation:
	lula tools print --validation --component /path/to/component.yaml --assessment /path/to/assessment.yaml --observation-uuid <observation-uuid>

Options

  -a, --assessment string         the path to an assessment-results file
  -c, --component string          the path to a validation manifest file
  -h, --help                      help for print
  -u, --observation-uuid string   the observation uuid
  -o, --output-file string        the path to write the resources json
  -r, --resources                 true if the user is printing resources
  -v, --validation                true if the user is printing validation

Options inherited from parent commands

  -l, --log-level string   Log level when running Lula. Valid options are: warn, info, debug, trace (default "info")

SEE ALSO

  • lula tools - Collection of additional commands to make OSCAL easier

22 - lula tools template

Lula CLI command reference for lula tools template.

lula tools template

Template an artifact

Synopsis

Resolving templated artifacts with configuration data

lula tools template [flags]

Examples


To template an OSCAL Model, defaults to masking sensitive variables:
	lula tools template -f ./oscal-component.yaml

To indicate a specific output file:
	lula tools template -f ./oscal-component.yaml -o templated-oscal-component.yaml

To perform overrides on the template data:
	lula tools template -f ./oscal-component.yaml --set .var.key1=value1 --set .const.key2=value2

To perform the full template operation, including sensitive data:
	lula tools template -f ./oscal-component.yaml --render all

Data for templating should be stored under 'constants' or 'variables' configuration items in a lula-config.yaml file
See documentation for more detail on configuration schema

Options

  -h, --help                 help for template
  -f, --input-file string    the path to the target artifact
  -o, --output-file string   the path to the output file. If not specified, the output file will be directed to stdout
  -r, --render string        values to render the template with, options are: masked, constants, non-sensitive, all (default "masked")
  -s, --set strings          set a value in the template data

Options inherited from parent commands

  -l, --log-level string   Log level when running Lula. Valid options are: warn, info, debug, trace (default "info")

SEE ALSO

  • lula tools - Collection of additional commands to make OSCAL easier

23 - lula tools upgrade

Lula CLI command reference for lula tools upgrade.

lula tools upgrade

Upgrade OSCAL document to a new version if possible.

Synopsis

Validate an OSCAL document against the OSCAL schema version provided. If the document is valid, upgrade it to the provided OSCAL version. Otherwise, return or write as ValidationError. Yaml formatting handled by gopkg/yaml.v3 and while objects will maintain deep equality, visual representation may be different than the input file.

lula tools upgrade [flags]

Examples


To Upgrade an existing OSCAL file:
	lula tools upgrade -f <path to oscal> -v <version>

Options

  -h, --help                       help for upgrade
  -f, --input-file string          the path to a oscal json schema file
  -o, --output-file string         the path to write the linted oscal json schema file (default is the input file)
  -r, --validation-result string   the path to write the validation result file
  -v, --version string             the version of the oscal schema to validate against (default is the latest supported version) (default "1.1.3")

Options inherited from parent commands

  -l, --log-level string   Log level when running Lula. Valid options are: warn, info, debug, trace (default "info")

SEE ALSO

  • lula tools - Collection of additional commands to make OSCAL easier

24 - lula tools uuidgen

Lula CLI command reference for lula tools uuidgen.

lula tools uuidgen

Generate a UUID

Synopsis

Generate a UUID at random or deterministically with a provided string

lula tools uuidgen [flags]

Examples


To create a new random UUID:
	lula tools uuidgen

To create a deterministic UUID given some source:
	lula tools uuidgen <source>

Options

  -h, --help   help for uuidgen

Options inherited from parent commands

  -l, --log-level string   Log level when running Lula. Valid options are: warn, info, debug, trace (default "info")

SEE ALSO

  • lula tools - Collection of additional commands to make OSCAL easier

25 - lula validate

Lula CLI command reference for lula validate.

lula validate

validate an OSCAL component definition

Synopsis

Lula Validation of an OSCAL component definition

lula validate [flags]

Examples


To validate on a cluster:
	lula validate -f ./oscal-component.yaml
To indicate a specific Assessment Results file to create or append to:
	lula validate -f ./oscal-component.yaml -o assessment-results.yaml
To target a specific control-implementation source / standard/ framework
	lula validate -f ./oscal-component.yaml -t critical
To run validations and automatically confirm execution
	lula dev validate -f ./oscal-component.yaml --confirm-execution
To run validations non-interactively (no execution)
	lula dev validate -f ./oscal-component.yaml --non-interactive
To run validations and their tests, generating a test-results file
	lula dev validate -f ./oscal-component.yaml --run-tests

Options

      --confirm-execution    confirm execution scripts run as part of the validation
  -h, --help                 help for validate
  -f, --input-file string    the path to the target OSCAL component definition
      --non-interactive      run the command non-interactively
  -o, --output-file string   the path to write assessment results. Creates a new file or appends to existing files
      --run-tests            run tests specified in the validation, writes to test-results-<timestamp>.yaml in output directory
      --save-resources       saves the resources to 'resources' directory at assessment-results level
  -s, --set strings          set a value in the template data
  -t, --target string        the specific control implementations or framework to validate against

Options inherited from parent commands

  -l, --log-level string   Log level when running Lula. Valid options are: warn, info, debug, trace (default "info")

SEE ALSO

  • lula - Risk Management as Code

26 - lula version

Lula CLI command reference for lula version.

lula version

Shows the current version of the Lula binary

Synopsis

Shows the current version of the Lula binary

lula version [flags]

Examples


Get the current Lula version:
	lula version

Options

  -h, --help   help for version

Options inherited from parent commands

  -l, --log-level string   Log level when running Lula. Valid options are: warn, info, debug, trace (default "info")

SEE ALSO

  • lula - Risk Management as Code