InSpec Delta - Laying the Ground for a Clean Release Branch

InSpec Delta

Preparing the Profile Before Running Delta

Before running Delta, it's beneficial to format the profile to match the format Delta will use. This minimizes changes to only those necessary based on the guidance update. Follow these steps:

1. Run Cookstyle: Install the Cookstyle gem and use it to lint the controls into Cookstyle format. Verify the gem installation with gem list cookstyle. Create a .rubocop.yml file with the provided example settings or modify these settings via the command line. Run cookstyle -a ./controls and any tests you have for your profile.

AllCops:
  Exclude:
    - "libraries/**/*"

Layout/LineLength:
  Max: 1000
  AllowURI: true
  IgnoreCopDirectives: true

Naming/FileName:
  Enabled: false

Metrics/BlockLength:
  Max: 400

Lint/ConstantDefinitionInBlock:
  Enabled: false

# Required for Profiles as it can introduce profile errors
Style/NumericPredicate:
  Enabled: false

Style/WordArray:
  Description: "Use %w or %W for an array of words. (https://rubystyle.guide#percent-w)"
  Enabled: false

Style/RedundantPercentQ:
  Enabled: true

Style/NestedParenthesizedCalls:
  Enabled: false

Style/TrailingCommaInHashLiteral:
  Description: "https://docs.rubocop.org/rubocop/cops_style.html#styletrailingcommainhashliteral"
  Enabled: true
  EnforcedStyleForMultiline: no_comma

Style/TrailingCommaInArrayLiteral:
  Enabled: true
  EnforcedStyleForMultiline: no_comma

Style/BlockDelimiters:
  Enabled: false

Lint/AmbiguousBlockAssociation:
  Enabled: false

2. Run the SAF CLI Command: Use saf generate update_controls4delta to check and update the control IDs with the provided XCCDF guidance. This process checks if the new guidance changes the control numbers and updates them if necessary. This minimizes the Delta output content and improves the visualization of the modifications provided by the Delta process.