A tool to add different requirement catalogues to ReqDB. The content creator supports following catalogues:
- OWASP ASVS (Version 4 and 5)
- OWASP SAMM
- BSI C5
- NIST CSF
- CSA CCM
- CIS Controls (You need to manually download the Excel at the official website)
Use pip to install the client:
pip install reqdbcontentcreator- Clone the repository:
git clone https://github.com/dcfSec/ReqDBContentCreator.git - Go to the repository:
cd ReqDBContentCreator - Run the ReqDBContentCreator:
python -m reqdbcontentcreator
usage: reqdbcontentcreator [-h] [-c CONFIG] [--create-config] [-t TARGET] [--tenant-id TENANT_ID] [--client-id CLIENT_ID] [--insecure] [-f FILE] [-d] {asvs,samm,bsic5,nistcsf,csaccm,ciscontrols,bsigrundschutz}
Creates requirements in ReqDB from public standards
positional arguments:
{asvs4,asvs5,samm,bsic5,nistcsf,csaccm,ciscontrols,bsigrundschutz}
Source standard to upload to ReqDB
options:
-h, --help show this help message and exit
-c CONFIG, --config CONFIG
Path to the config file
--create-config Creates a config file with the given config parameters and exits. Saves the config into the given config file
-t TARGET, --target TARGET
The target ReqDB server
--tenant-id TENANT_ID
The tenant ID for the Entra ID oauth provider. Defaults to the env var 'REQDB_CLIENT_TENANT_ID'
--client-id CLIENT_ID
The client ID for the Entra ID oauth provider. Defaults to the env var 'REQDB_CLIENT_CLIENT_ID'
--insecure Allows the connection to ReqDB over TLS. Use this only in local test environments. This will leak your access token
-f FILE, --file FILE Input file used as a source for the standard. This is only needed for the CIS Controls as they are behind a login wall. Will be ignored by the other sources
-d, --debug Turns on debug log output
We use SemVer for versioning. For the versions available, see the tags on this repository.
- dcfSec - Initial work
See also the list of contributors who participated in this project.
This project is licensed under the Apache 2.0 License - see the LICENSE file for details