Add convert CCI list workflow

.github/workflows/backend-tests.yml

@@ -23,7 +23,7 @@ jobs:
       - name: Setup Node.js
         uses: actions/setup-node@v4
         with:
-          node-version: "18"
+          node-version: "22"
           check-latest: true
           cache: 'yarn'
 

.github/workflows/build-prod.yml

@@ -24,7 +24,7 @@ jobs:
       - name: Setup Node.js
         uses: actions/setup-node@v4
         with:
-          node-version: "18"
+          node-version: "22"
           check-latest: true
           cache: 'yarn'
 

.github/workflows/convert-cci-list.yml

@@ -0,0 +1,60 @@
+name: Convert CCI List XML to JSON
+
+on:
+  push:
+    branches: ['master']
+
+  # Run this workflow on the 1st day at 00:00 every month
+  schedule:
+    - cron: '0 0 1 * *'
+
+env:
+  # This URL is super brittle with how links constantly get changed.
+  CCI_LIST_ZIP_URL: https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_CCI_List.zip
+
+jobs:
+  convert-cci-list:
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Checkout the code
+        uses: actions/checkout@v4
+      - run: git fetch --prune --unshallow
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '18'
+          check-latest: true
+          cache: 'yarn'
+
+      - name: Install project dependencies
+        run: yarn install --frozen-lockfile
+
+      - name: Download CCI List
+        run: |
+          curl -o U_CCI_List.zip $CCI_LIST_ZIP_URL && unzip U_CCI_List.zip
+
+      - name: Get publish date of CCI List
+        id: publish-date
+        uses: mavrosxristoforos/get-xml-info@2.0
+        with:
+          xml-file: 'U_CCI_List.xml'
+          xpath: '/*[local-name()="cci_list"]/*[local-name()="metadata"]/*[local-name()="publishdate"]'
+          namespaces: '{"ns": "http://iase.disa.mil/cci"}'
+
+      - name: Set directory environment variables for next step
+        run: |
+          echo "ROOT_DIRECTORY=$(pwd)" >> $GITHUB_ENV
+          echo "OUTPUT_DIRECTORY=$(pwd)/libs/hdf-converters/src/mappings" >> $GITHUB_ENV
+
+      - name: Convert CCI List XML to CCI->NIST, CCI->Definitions, and NIST->CCI JSON files
+        run: yarn workspace @mitre/hdf-converters cciListXml2json -i $ROOT_DIRECTORY/U_CCI_List.xml -n $OUTPUT_DIRECTORY/U_CCI_List.nist.json -d $OUTPUT_DIRECTORY/U_CCI_List.defs.json -c $OUTPUT_DIRECTORY/U_CCI_List.cci.json
+
+      - name: Commit changes to produced JSON files
+        run: |
+          git config --local user.email "saf@groups.mitre.org"
+          git config --local user.name "MITRE SAF Automation"
+          git add $OUTPUT_DIRECTORY/U_CCI_List.nist.json $OUTPUT_DIRECTORY/U_CCI_List.defs.json $OUTPUT_DIRECTORY/U_CCI_List.cci.json
+          git commit -sm "Update CCI List to the current NIST and definition mappings as of $DATETIME"
+          git push
+        env:
+          DATETIME: ${{steps.publish-date.outputs.info}}

.github/workflows/e2e-ui-tests.yml

@@ -39,7 +39,7 @@ jobs:
       - name: Setup Node.js
         uses: actions/setup-node@v4
         with:
-          node-version: "18"
+          node-version: "22"
           check-latest: true
           cache: 'yarn'
 

.github/workflows/frontend-tests.yml

@@ -23,7 +23,7 @@ jobs:
       - name: Setup Node.js
         uses: actions/setup-node@v4
         with:
-          node-version: "18"
+          node-version: "22"
           check-latest: true
           cache: 'yarn'
 

.github/workflows/gh-pages.yml

@@ -14,7 +14,7 @@ jobs:
       - name: setup node
         uses: actions/setup-node@v4
         with:
-          node-version: "18"
+          node-version: "22"
           check-latest: true
           cache: 'yarn'
 

.github/workflows/hdfconverter-tests.yml

@@ -29,7 +29,7 @@ jobs:
       - name: Setup Node.js
         uses: actions/setup-node@v4
         with:
-          node-version: "18"
+          node-version: "22"
           check-latest: true
           cache: 'yarn'
 

.github/workflows/inspecjs-tests.yml

@@ -19,7 +19,7 @@ jobs:
       - name: Setup Node.js
         uses: actions/setup-node@v4
         with:
-          node-version: "18"
+          node-version: "22"
           check-latest: true
           cache: 'yarn'
 

.github/workflows/linter.yml

@@ -23,7 +23,7 @@ jobs:
       - name: Setup Node.js
         uses: actions/setup-node@v4
         with:
-          node-version: "18"
+          node-version: "22"
           check-latest: true
           cache: 'yarn'
 

.github/workflows/push-to-npm.yml

@@ -13,7 +13,7 @@ jobs:
       - name: setup node
         uses: actions/setup-node@v4
         with:
-          node-version: "18"
+          node-version: "22"
           check-latest: true
           registry-url: 'https://registry.npmjs.org'
           cache: 'yarn'
@@ -46,7 +46,7 @@ jobs:
       - uses: actions/setup-node@v4
         if: always()
         with:
-          node-version: "18"
+          node-version: "22"
           check-latest: true
           registry-url: 'https://npm.pkg.github.com'
           cache: 'yarn'

.nvmrc

@@ -1 +1 @@
-18
+22

CHANGELOG

@@ -1,3 +1,96 @@
+v2.11.1
+- Update to node22 - requires nodejs 22 at minimum now @Amndeep7 (#6440)
+
+## Dependency Updates
+
+- Bump eslint-plugin-vue from 9.31.0 to 9.32.0 @dependabot (#6439)
+- Bump @aws-sdk/client-s3 from 3.701.0 to 3.703.0 @dependabot (#6438)
+- Bump @types/node from 22.10.0 to 22.10.1 @dependabot (#6433)
+- Bump @nestjs/common from 10.4.11 to 10.4.12 @dependabot (#6437)
+- Bump @nestjs/platform-express from 10.4.11 to 10.4.12 @dependabot (#6434)
+- Bump @nestjs/core from 10.4.11 to 10.4.12 @dependabot (#6435)
+- Bump @nestjs/testing from 10.4.11 to 10.4.12 @dependabot (#6436)
+- Bump @nestjs/testing from 10.4.9 to 10.4.11 @dependabot (#6429)
+- Bump @aws-sdk/client-config-service from 3.699.0 to 3.702.0 @dependabot (#6430)
+- Bump @nestjs/common from 10.4.9 to 10.4.11 @dependabot (#6431)
+- Bump @nestjs/platform-express from 10.4.9 to 10.4.11 @dependabot (#6432)
+- Bump @nestjs/core from 10.4.9 to 10.4.11 @dependabot (#6428)
+- Bump @aws-sdk/client-s3 from 3.700.0 to 3.701.0 @dependabot (#6424)
+- Bump prettier from 3.3.3 to 3.4.1 @dependabot (#6425)
+- Bump @types/node from 22.9.4 to 22.10.0 @dependabot (#6427)
+- Bump @types/express-session from 1.18.0 to 1.18.1 @dependabot (#6426)
+- Bump @nestjs/core from 10.4.8 to 10.4.9 @dependabot (#6420)
+- Bump oauth2-mock-server from 7.1.2 to 7.2.0 @dependabot (#6418)
+- Bump @nestjs/common from 10.4.8 to 10.4.9 @dependabot (#6419)
+- Bump @nestjs/testing from 10.4.8 to 10.4.9 @dependabot (#6416)
+- Bump @nestjs/platform-express from 10.4.8 to 10.4.9 @dependabot (#6422)
+- Bump @aws-sdk/client-s3 from 3.698.0 to 3.700.0 @dependabot (#6421)
+- Bump @types/node from 22.9.2 to 22.9.4 @dependabot (#6423)
+- Bump axios from 1.7.7 to 1.7.8 @dependabot (#6415)
+- Bump @types/node from 22.9.1 to 22.9.2 @dependabot (#6411)
+- Bump @aws-sdk/client-config-service from 3.696.0 to 3.699.0 @dependabot (#6410)
+- Bump @aws-sdk/client-s3 from 3.697.0 to 3.698.0 @dependabot (#6405)
+- Bump csv-stringify from 6.5.1 to 6.5.2 @dependabot (#6407)
+- Bump dotenv-cli from 7.4.3 to 7.4.4 @dependabot (#6406)
+- Bump @aws-sdk/client-s3 from 3.696.0 to 3.697.0 @dependabot (#6404)
+- Bump @nestjs/cli from 10.4.7 to 10.4.8 @dependabot (#6403)
+- Bump cypress from 13.15.2 to 13.16.0 @dependabot (#6400)
+- Bump @aws-sdk/client-s3 from 3.691.0 to 3.696.0 @dependabot (#6397)
+- Bump @types/node from 22.9.0 to 22.9.1 @dependabot (#6399)
+- Bump @aws-sdk/client-config-service from 3.693.0 to 3.696.0 @dependabot (#6398)
+- Bump @nestjs/testing from 10.4.7 to 10.4.8 @dependabot (#6394)
+- Bump yaml from 2.6.0 to 2.6.1 @dependabot (#6396)
+- Bump dotenv-cli from 7.4.2 to 7.4.3 @dependabot (#6395)
+- Bump @nestjs/common from 10.4.7 to 10.4.8 @dependabot (#6390)
+- Bump @nestjs/platform-express from 10.4.7 to 10.4.8 @dependabot (#6389)
+- Bump @aws-sdk/client-config-service from 3.692.0 to 3.693.0 @dependabot (#6391)
+- Bump @nestjs/core from 10.4.7 to 10.4.8 @dependabot (#6388)
+- Bump @aws-sdk/client-config-service from 3.687.0 to 3.692.0 @dependabot (#6387)
+- Bump @aws-sdk/client-sts from 3.691.0 to 3.692.0 @dependabot (#6385)
+- Bump tailwindcss from 3.4.14 to 3.4.15 @dependabot (#6384)
+- Bump @smithy/node-http-handler from 3.2.5 to 3.3.1 @dependabot (#6383)
+- Bump winston from 3.16.0 to 3.17.0 @dependabot (#6376)
+- Bump @aws-sdk/client-s3 from 3.689.0 to 3.691.0 @dependabot (#6380)
+- Bump eslint-plugin-vue from 9.30.0 to 9.31.0 @dependabot (#6377)
+- Bump @aws-sdk/client-s3 from 3.688.0 to 3.689.0 @dependabot (#6379)
+- Bump uuid from 11.0.2 to 11.0.3 @dependabot (#6378)
+- Bump @aws-sdk/client-s3 from 3.685.0 to 3.688.0 @dependabot (#6375)
+- Bump @aws-sdk/client-config-service from 3.682.0 to 3.687.0 @dependabot (#6372)
+- Bump @types/vuelidate from 0.7.21 to 0.7.22 @dependabot (#6369)
+- Bump @nestjs/testing from 10.4.6 to 10.4.7 @dependabot (#6365)
+- Bump @nestjs/common from 10.4.6 to 10.4.7 @dependabot (#6367)
+- Bump @nestjs/platform-express from 10.4.6 to 10.4.7 @dependabot (#6366)
+- Bump @nestjs/core from 10.4.6 to 10.4.7 @dependabot (#6364)
+- Bump cypress from 13.15.1 to 13.15.2 @dependabot (#6363)
+- Bump @nestjs/cli from 10.4.5 to 10.4.7 @dependabot (#6361)
+- Bump @types/node from 22.8.6 to 22.9.0 @dependabot (#6360)
+- Bump winston from 3.15.0 to 3.16.0 @dependabot (#6357)
+- Bump @aws-sdk/client-s3 from 3.682.0 to 3.685.0 @dependabot (#6358)
+- Bump typedoc from 0.26.10 to 0.26.11 @dependabot (#6356)
+- Bump lerna from 8.1.8 to 8.1.9 @dependabot (#6353)
+- Bump mock-fs from 5.4.0 to 5.4.1 @dependabot (#6354)
+- Bump @types/node from 22.8.4 to 22.8.6 @dependabot (#6355)
+- Bump core-js from 3.38.1 to 3.39.0 @dependabot (#6350)
+- Bump sass-loader from 16.0.2 to 16.0.3 @dependabot (#6351)
+- Bump @casl/ability from 6.7.1 to 6.7.2 @dependabot (#6349)
+- Bump @aws-sdk/client-config-service from 3.679.0 to 3.682.0 @dependabot (#6346)
+- Bump eslint-plugin-vue from 9.29.1 to 9.30.0 @dependabot (#6338)
+- Bump @types/node from 22.8.1 to 22.8.4 @dependabot (#6345)
+- Bump @types/lodash from 4.17.12 to 4.17.13 @dependabot (#6343)
+- Bump uuid from 10.0.0 to 11.0.2 @dependabot (#6341)
+- Bump @aws-sdk/client-s3 from 3.679.0 to 3.682.0 @dependabot (#6344)
+- Bump tsx from 4.19.1 to 4.19.2 @dependabot (#6337)
+- Bump @nestjs/schematics from 10.2.2 to 10.2.3 @dependabot (#6339)
+- Bump @types/node from 22.7.9 to 22.8.1 @dependabot (#6333)
+- Bump elliptic from 6.5.7 to 6.6.0 @dependabot (#6335)
+- Bump rexml from 3.3.6 to 3.3.9 in /libs/inspecjs @dependabot (#6334)
+- Bump sequelize from 6.37.4 to 6.37.5 @dependabot (#6332)
+- Bump @aws-sdk/client-config-service from 3.678.0 to 3.679.0 @dependabot (#6328)
+- Bump @aws-sdk/client-s3 from 3.678.0 to 3.679.0 @dependabot (#6329)
+- Bump pg from 8.13.0 to 8.13.1 @dependabot (#6327)
+- Bump cypress from 13.15.0 to 13.15.1 @dependabot (#6326)
+- Bump @types/prismjs from 1.26.4 to 1.26.5 @dependabot (#6320)
+
 v2.10.20
 
 - Dependency track mapper @Amndeep7 (#6307)

Dockerfile

@@ -1,4 +1,4 @@
-ARG BASE_CONTAINER=registry.access.redhat.com/ubi8/nodejs-18-minimal:1
+ARG BASE_CONTAINER=registry.access.redhat.com/ubi9/nodejs-22-minimal:1
 
 FROM $BASE_CONTAINER AS builder
 

Dockerfile.lite

@@ -1,4 +1,4 @@
-ARG BUILD_CONTAINER=registry.access.redhat.com/ubi8/nodejs-18-minimal:1
+ARG BUILD_CONTAINER=registry.access.redhat.com/ubi9/nodejs-22-minimal:1
 ARG BASE_CONTAINER=nginx:alpine
 
 FROM $BUILD_CONTAINER AS builder

VERSION

@@ -1 +1 @@
-v2.10.20
+v2.11.1

apps/backend/package.json

@@ -1,6 +1,6 @@
 {
   "name": "heimdall-server",
-  "version": "2.10.20",
+  "version": "2.11.0",
   "description": "",
   "license": "Apache-2.0",
   "author": "",

apps/backend/src/config/config.service.spec.ts

@@ -122,7 +122,7 @@ describe('Config Service', () => {
         })
       });
       expect(() => new ConfigService()).toThrowError(
-        "EACCES: permission denied, open '.env'"
+        "EACCES, permission denied '.env'"
       );
     });
 

apps/frontend/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@mitre/heimdall-lite",
-  "version": "2.10.20",
-  "description": "Heimdall-Lite 2 is a JavaScript based security results viewer and review tool supporting multiple security results formats, such as: InSpec, SonarQube, OWASP-Zap and Fortify which you can load locally or from S3 and other data sources.",
+  "version": "2.11.1",
+  "description": "Heimdall-Lite 2 is a JavaScript based security results viewer and review tool supporting multiple security results formats, such as: InSpec, SonarQube, OWASP-Zap, and Fortify which you can load locally or from S3 and other data sources.",
   "repository": {
     "type": "git",
     "url": "https://github.com/mitre/heimdall2"
@@ -76,7 +76,7 @@
     "file-saver": "^2.0.2",
     "highlight.js": "^11.0.0",
     "html-loader": "^5.0.0",
-    "inspecjs": "^2.10.16",
+    "inspecjs": "^2.11.0",
     "lodash": "4.17.21",
     "lru-cache": "^10.1.0",
     "luxon": "^3.0.1",
@@ -85,7 +85,7 @@
     "prismjs": "^1.29.0",
     "rimraf": "^5.0.0",
     "roboto-fontface": "*",
-    "sanitize-html": "~2.13.0",
+    "sanitize-html": "~2.14.0",
     "sass": "~1.32.6",
     "sass-loader": "^16.0.0",
     "search-query-parser": "^1.5.5",
@@ -133,7 +133,7 @@
     "prismjs": "1.29.0"
   },
   "engines": {
-    "node": "^18.19.0"
+    "node": ">=22"
   },
   "branch": "/blob/master/",
   "changelog": "/releases",

apps/frontend/src/components/cards/controltable/ControlRowHeader.vue

@@ -142,9 +142,12 @@
 <script lang="ts">
 import ResponsiveRowSwitch from '@/components/cards/controltable/ResponsiveRowSwitch.vue';
 import HtmlSanitizeMixin from '@/mixins/HtmlSanitizeMixin';
-import {CCI_DESCRIPTIONS} from '@/utilities/cci_util';
 import {getControlRunTime} from '@/utilities/delta_util';
 import {nistCanonConfig, NIST_DESCRIPTIONS} from '@/utilities/nist_util';
+import {
+  CCI_TO_DEFINITION,
+  CCI_TO_NIST
+} from '@mitre/hdf-converters/src/mappings/CciNistMappingData';
 import {ContextualizedControl, is_control, parse_nist} from 'inspecjs';
 import * as _ from 'lodash';
 import Component, {mixins} from 'vue-class-component';
@@ -224,8 +227,11 @@ export default class ControlRowHeader extends mixins(HtmlSanitizeMixin) {
       if (found) {
         return found;
       }
-    } else if (CCI_DESCRIPTIONS[tag.toUpperCase()]) {
-      return CCI_DESCRIPTIONS[tag.toUpperCase()].def;
+    } else if (
+      CCI_TO_NIST[tag.toUpperCase()] &&
+      CCI_TO_DEFINITION[tag.toUpperCase()]
+    ) {
+      return CCI_TO_DEFINITION[tag.toUpperCase()];
     }
     return 'Unrecognized Tag';
   }