OpenRMF Professional public repo to show how to handle files and API interactions via GitHub Actions.
You can use GitHub Actions to process new/changed files in a GitHub repository and automatically push to OpenRMF Professional for tracking your cyber compliance. If you use GitHub for storing scan results for your ATO or accreditation package such asCKL, SCAP XML, you can easily enable automated ingest into OpenRMF Professional. Do the same for compliance statements, hardware, software, PPSM, mitigation statements and other lists to use for OpenRMF Professional with this simple workflow.
Used a GH action from the marketplace to list changed files easily.
DO NOT USE SPACES IN FILENAMES
https://github.com/marketplace/actions/changed-files
For us, we posted them to OpenRMF Professional via a simple curl command using the server, system package, application key and api token for our calls.
An example URL for the checklist/SCAP upload is below with relevant information:
https://{root-url}/api/external/systempackage/{systemKey}/scapchecklist/?applicationKey={applicationKey}
formdata:
checklistFile *.xml/*.ckl/*.nessus/*.csv
Authorization Token is the Bearer, space, then the API Token
You can get a list of all files, all files in a directory, all files by directory, etc. and process as required.
We used simple named files but you can do this any way you wish.