This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

CLI Commands

1 - lula

Lula CLI command reference for lula.

lula

Risk Management as Code

Synopsis

Real Time Risk Transparency through automated validation

Options

  -h, --help               help for lula
  -l, --log-level string   Log level when running Lula. Valid options are: warn, info, debug, trace (default "info")

SEE ALSO

  • lula completion - Generate the autocompletion script for the specified shell
  • lula console - Console terminal user interface for OSCAL models
  • lula dev - Collection of dev commands to make dev life easier
  • lula evaluate - evaluate two results of a Security Assessment Results
  • lula generate - Generate a specified compliance artifact template
  • lula tools - Collection of additional commands to make OSCAL easier
  • lula validate - validate an OSCAL component definition
  • lula version - Shows the current version of the Lula binary

2 - lula completion

Lula CLI command reference for lula completion.

lula completion

Generate the autocompletion script for the specified shell

Synopsis

Generate the autocompletion script for lula for the specified shell. See each sub-command’s help for details on how to use the generated script.

Options

  -h, --help   help for completion

Options inherited from parent commands

  -l, --log-level string   Log level when running Lula. Valid options are: warn, info, debug, trace (default "info")

SEE ALSO

3 - lula completion bash

Lula CLI command reference for lula completion bash.

lula completion bash

Generate the autocompletion script for bash

Synopsis

Generate the autocompletion script for the bash shell.

This script depends on the ‘bash-completion’ package. If it is not installed already, you can install it via your OS’s package manager.

To load completions in your current shell session:

source <(lula completion bash)

To load completions for every new session, execute once:

Linux:

lula completion bash > /etc/bash_completion.d/lula

macOS:

lula completion bash > $(brew --prefix)/etc/bash_completion.d/lula

You will need to start a new shell for this setup to take effect.

lula completion bash

Options

  -h, --help              help for bash
      --no-descriptions   disable completion descriptions

Options inherited from parent commands

  -l, --log-level string   Log level when running Lula. Valid options are: warn, info, debug, trace (default "info")

SEE ALSO

  • lula completion - Generate the autocompletion script for the specified shell

4 - lula completion fish

Lula CLI command reference for lula completion fish.

lula completion fish

Generate the autocompletion script for fish

Synopsis

Generate the autocompletion script for the fish shell.

To load completions in your current shell session:

lula completion fish | source

To load completions for every new session, execute once:

lula completion fish > ~/.config/fish/completions/lula.fish

You will need to start a new shell for this setup to take effect.

lula completion fish [flags]

Options

  -h, --help              help for fish
      --no-descriptions   disable completion descriptions

Options inherited from parent commands

  -l, --log-level string   Log level when running Lula. Valid options are: warn, info, debug, trace (default "info")

SEE ALSO

  • lula completion - Generate the autocompletion script for the specified shell

5 - lula completion powershell

Lula CLI command reference for lula completion powershell.

lula completion powershell

Generate the autocompletion script for powershell

Synopsis

Generate the autocompletion script for powershell.

To load completions in your current shell session:

lula completion powershell | Out-String | Invoke-Expression

To load completions for every new session, add the output of the above command to your powershell profile.

lula completion powershell [flags]

Options

  -h, --help              help for powershell
      --no-descriptions   disable completion descriptions

Options inherited from parent commands

  -l, --log-level string   Log level when running Lula. Valid options are: warn, info, debug, trace (default "info")

SEE ALSO

  • lula completion - Generate the autocompletion script for the specified shell

6 - lula completion zsh

Lula CLI command reference for lula completion zsh.

lula completion zsh

Generate the autocompletion script for zsh

Synopsis

Generate the autocompletion script for the zsh shell.

If shell completion is not already enabled in your environment you will need to enable it. You can execute the following once:

echo "autoload -U compinit; compinit" >> ~/.zshrc

To load completions in your current shell session:

source <(lula completion zsh)

To load completions for every new session, execute once:

Linux:

lula completion zsh > "${fpath[1]}/_lula"

macOS:

lula completion zsh > $(brew --prefix)/share/zsh/site-functions/_lula

You will need to start a new shell for this setup to take effect.

lula completion zsh [flags]

Options

  -h, --help              help for zsh
      --no-descriptions   disable completion descriptions

Options inherited from parent commands

  -l, --log-level string   Log level when running Lula. Valid options are: warn, info, debug, trace (default "info")

SEE ALSO

  • lula completion - Generate the autocompletion script for the specified shell

7 - lula console

Lula CLI command reference for lula console.

lula console

Console terminal user interface for OSCAL models

Synopsis

The Lula Console is a text-based terminal user interface that allows users to interact with the OSCAL documents in a more intuitive and visual way.

lula console [flags]

Examples


To view an OSCAL model in the Console:
	lula console -f /path/to/oscal-component.yaml

Options

  -h, --help                help for console
  -f, --input-file string   the path to the target OSCAL model

Options inherited from parent commands

  -l, --log-level string   Log level when running Lula. Valid options are: warn, info, debug, trace (default "info")

SEE ALSO

  • lula - Risk Management as Code

8 - lula dev

Lula CLI command reference for lula dev.

lula dev

Collection of dev commands to make dev life easier

Options

  -h, --help   help for dev

Options inherited from parent commands

  -l, --log-level string   Log level when running Lula. Valid options are: warn, info, debug, trace (default "info")

SEE ALSO

9 - lula dev get-resources

Lula CLI command reference for lula dev get-resources.

lula dev get-resources

Get Resources from a Lula Validation Manifest

Synopsis

Get the JSON resources specified in a Lula Validation Manifest

lula dev get-resources [flags]

Examples


To get resources from lula validation manifest:
	lula dev get-resources -f /path/to/validation.yaml
To get resources from lula validation manifest and write to file:
	lula dev get-resources -f /path/to/validation.yaml -o /path/to/output.json
To get resources from lula validation and automatically confirm execution
	lula dev get-resources -f /path/to/validation.yaml --confirm-execution
To run validations using stdin:
	cat /path/to/validation.yaml | lula dev get-resources
To hang indefinitely for stdin:
	lula get-resources -t -1
To hang for timeout of 5 seconds:
	lula get-resources -t 5

Options

      --confirm-execution    confirm execution scripts run as part of getting resources
  -h, --help                 help for get-resources
  -f, --input-file string    the path to a validation manifest file (default "0")
  -o, --output-file string   the path to write the resources json
  -t, --timeout int          the timeout for stdin (in seconds, -1 for no timeout) (default 1)

Options inherited from parent commands

  -l, --log-level string   Log level when running Lula. Valid options are: warn, info, debug, trace (default "info")

SEE ALSO

  • lula dev - Collection of dev commands to make dev life easier

10 - lula dev lint

Lula CLI command reference for lula dev lint.

lula dev lint

Lint validation files against schema

Synopsis

Validate validation files are properly configured against the schema, file paths can be local or URLs (https://)

lula dev lint [flags]

Examples


To lint existing validation files:
	lula dev lint -f <path1>,<path2>,<path3> [-r <result-file>]

Options

  -h, --help                  help for lint
  -f, --input-files strings   the paths to validation files (comma-separated)
  -r, --result-file string    the path to write the validation result

Options inherited from parent commands

  -l, --log-level string   Log level when running Lula. Valid options are: warn, info, debug, trace (default "info")

SEE ALSO

  • lula dev - Collection of dev commands to make dev life easier

11 - lula dev validate

Lula CLI command reference for lula dev validate.

lula dev validate

Run an individual Lula validation.

Synopsis

Run an individual Lula validation for quick testing and debugging of a Lula Validation. This command is intended for development purposes only.

lula dev validate [flags]

Examples


To run validation from a lula validation manifest:
	lula dev validate -f /path/to/validation.yaml
To run validation using a custom resources file:
	lula dev validate -f /path/to/validation.yaml -r /path/to/resources.json
To run validation and automatically confirm execution
	lula dev validate -f /path/to/validation.yaml --confirm-execution
To run validation from stdin:
	cat /path/to/validation.yaml | lula dev validate
To hang indefinitely for stdin:
	lula dev validate -t -1
To hang for timeout of 5 seconds:
	lula dev validate -t 5

Options

      --confirm-execution       confirm execution scripts run as part of the validation
  -e, --expected-result         the expected result of the validation (-e=false for failing result) (default true)
  -h, --help                    help for validate
  -f, --input-file string       the path to a validation manifest file (default "0")
  -o, --output-file string      the path to write the validation with results
  -r, --resources-file string   the path to an optional resources file
  -t, --timeout int             the timeout for stdin (in seconds, -1 for no timeout) (default 1)

Options inherited from parent commands

  -l, --log-level string   Log level when running Lula. Valid options are: warn, info, debug, trace (default "info")

SEE ALSO

  • lula dev - Collection of dev commands to make dev life easier

12 - lula evaluate

Lula CLI command reference for lula evaluate.

lula evaluate

evaluate two results of a Security Assessment Results

Synopsis

Lula evaluation of Security Assessment Results

lula evaluate [flags]

Examples


To evaluate the latest results in two assessment results files:
	lula evaluate -f assessment-results-threshold.yaml -f assessment-results-new.yaml

To evaluate two results (threshold and latest) in a single OSCAL file:
	lula evaluate -f assessment-results.yaml

To target a specific framework for validation:
	lula evaluate -f assessment-results.yaml --target critical

Options

  -h, --help                 help for evaluate
  -f, --input-file strings   Path to the file to be evaluated
  -s, --summary              Print a summary of the evaluation
  -t, --target string        the specific control implementations or framework to validate against

Options inherited from parent commands

  -l, --log-level string   Log level when running Lula. Valid options are: warn, info, debug, trace (default "info")

SEE ALSO

  • lula - Risk Management as Code

13 - lula generate

Lula CLI command reference for lula generate.

lula generate

Generate a specified compliance artifact template

Options

  -h, --help                 help for generate
  -f, --input-file string    Path to a manifest file
  -o, --output-file string   Path and Name to an output file

Options inherited from parent commands

  -l, --log-level string   Log level when running Lula. Valid options are: warn, info, debug, trace (default "info")

SEE ALSO

14 - lula generate component

Lula CLI command reference for lula generate component.

lula generate component

Generate a component definition OSCAL template

lula generate component [flags]

Examples


To generate a new component-definition template:
lula generate component -c <catalog source url> -r control-a,control-b,control-c
- IE lula generate component -c https://raw.githubusercontent.com/usnistgov/oscal-content/master/nist.gov/SP800-53/rev5/json/NIST_SP-800-53_rev5_catalog.json -r ac-1,ac-2,au-5

To Generate and merge with an existing Component Definition:
lula generate component -c <catalog source url> -r control-a,control-b,control-c -o existing-component.yaml

To Generate a component definition with a specific "named" component:
lula generate component -c <catalog source url> -r control-a --component "Software X"

To Generate a component definition with remarks populated from specific control "parts":
lula generate component -c <catalog source url> -r control-a --remarks guidance,assessment-objective

Options

  -c, --catalog-source string   Catalog source location (local or remote)
      --component string        Component Title
      --framework string        Control-Implementation collection that these controls belong to
  -h, --help                    help for component
  -p, --profile string          Profile source location (local or remote)
      --remarks strings         Target for remarks population (default = statement)
  -r, --requirements strings    List of requirements to capture

Options inherited from parent commands

  -f, --input-file string    Path to a manifest file
  -l, --log-level string     Log level when running Lula. Valid options are: warn, info, debug, trace (default "info")
  -o, --output-file string   Path and Name to an output file

SEE ALSO

  • lula generate - Generate a specified compliance artifact template

15 - lula tools

Lula CLI command reference for lula tools.

lula tools

Collection of additional commands to make OSCAL easier

Options

  -h, --help   help for tools

Options inherited from parent commands

  -l, --log-level string   Log level when running Lula. Valid options are: warn, info, debug, trace (default "info")

SEE ALSO

16 - lula tools compose

Lula CLI command reference for lula tools compose.

lula tools compose

compose an OSCAL component definition

Synopsis

Lula Composition of an OSCAL component definition. Used to compose remote validations within a component definition in order to resolve any references for portability.

lula tools compose [flags]

Examples


To compose an OSCAL Model:
	lula tools compose -f ./oscal-component.yaml

To indicate a specific output file:
	lula tools compose -f ./oscal-component.yaml -o composed-oscal-component.yaml

Options

  -h, --help                    help for compose
  -f, --input-file string       the path to the target OSCAL component definition
  -o, --output-file -composed   the path to the output file. If not specified, the output file will be the original filename with -composed appended

Options inherited from parent commands

  -l, --log-level string   Log level when running Lula. Valid options are: warn, info, debug, trace (default "info")

SEE ALSO

  • lula tools - Collection of additional commands to make OSCAL easier

17 - lula tools lint

Lula CLI command reference for lula tools lint.

lula tools lint

Validate OSCAL against schema

Synopsis

Validate OSCAL documents are properly configured against the OSCAL schema

lula tools lint [flags]

Examples


To lint existing OSCAL files:
	lula tools lint -f <path1>,<path2>,<path3> [-r <result-file>]

Options

  -h, --help                  help for lint
  -f, --input-files strings   the paths to oscal json schema files (comma-separated)
  -r, --result-file string    the path to write the validation result

Options inherited from parent commands

  -l, --log-level string   Log level when running Lula. Valid options are: warn, info, debug, trace (default "info")

SEE ALSO

  • lula tools - Collection of additional commands to make OSCAL easier

18 - lula tools template

Lula CLI command reference for lula tools template.

lula tools template

Template an artifact

Synopsis

Resolving templated artifacts with configuration data

lula tools template [flags]

Examples


To template an OSCAL Model:
	lula tools template -f ./oscal-component.yaml

To indicate a specific output file:
	lula tools template -f ./oscal-component.yaml -o templated-oscal-component.yaml

Data for the templating should be stored under the 'variables' configuration item in a lula-config.yaml file

Options

  -h, --help                 help for template
  -f, --input-file string    the path to the target artifact
  -o, --output-file string   the path to the output file. If not specified, the output file will be directed to stdout

Options inherited from parent commands

  -l, --log-level string   Log level when running Lula. Valid options are: warn, info, debug, trace (default "info")

SEE ALSO

  • lula tools - Collection of additional commands to make OSCAL easier

19 - lula tools upgrade

Lula CLI command reference for lula tools upgrade.

lula tools upgrade

Upgrade OSCAL document to a new version if possible.

Synopsis

Validate an OSCAL document against the OSCAL schema version provided. If the document is valid, upgrade it to the provided OSCAL version. Otherwise, return or write as ValidationError. Yaml formatting handled by gopkg/yaml.v3 and while objects will maintain deep equality, visual representation may be different than the input file.

lula tools upgrade [flags]

Examples


To Upgrade an existing OSCAL file:
	lula tools upgrade -f <path to oscal> -v <version>

Options

  -h, --help                       help for upgrade
  -f, --input-file string          the path to a oscal json schema file
  -o, --output-file string         the path to write the linted oscal json schema file (default is the input file)
  -r, --validation-result string   the path to write the validation result file
  -v, --version string             the version of the oscal schema to validate against (default is the latest supported version) (default "1.1.2")

Options inherited from parent commands

  -l, --log-level string   Log level when running Lula. Valid options are: warn, info, debug, trace (default "info")

SEE ALSO

  • lula tools - Collection of additional commands to make OSCAL easier

20 - lula tools uuidgen

Lula CLI command reference for lula tools uuidgen.

lula tools uuidgen

Generate a UUID

Synopsis

Generate a UUID at random or deterministically with a provided string

lula tools uuidgen [flags]

Examples


To create a new random UUID:
	lula tools uuidgen

To create a deterministic UUID given some source:
	lula tools uuidgen <source>

Options

  -h, --help   help for uuidgen

Options inherited from parent commands

  -l, --log-level string   Log level when running Lula. Valid options are: warn, info, debug, trace (default "info")

SEE ALSO

  • lula tools - Collection of additional commands to make OSCAL easier

21 - lula validate

Lula CLI command reference for lula validate.

lula validate

validate an OSCAL component definition

Synopsis

Lula Validation of an OSCAL component definition

lula validate [flags]

Examples


To validate on a cluster:
	lula validate -f ./oscal-component.yaml
To indicate a specific Assessment Results file to create or append to:
	lula validate -f ./oscal-component.yaml -o assessment-results.yaml
To target a specific control-implementation source / standard/ framework
	lula validate -f ./oscal-component.yaml -t critical
To run validations and automatically confirm execution
	lula dev validate -f ./oscal-component.yaml --confirm-execution
To run validations non-interactively (no execution)
	lula dev validate -f ./oscal-component.yaml --non-interactive

Options

      --confirm-execution    confirm execution scripts run as part of the validation
  -h, --help                 help for validate
  -f, --input-file string    the path to the target OSCAL component definition
      --non-interactive      run the command non-interactively
  -o, --output-file string   the path to write assessment results. Creates a new file or appends to existing files
  -t, --target string        the specific control implementations or framework to validate against

Options inherited from parent commands

  -l, --log-level string   Log level when running Lula. Valid options are: warn, info, debug, trace (default "info")

SEE ALSO

  • lula - Risk Management as Code

22 - lula version

Lula CLI command reference for lula version.

lula version

Shows the current version of the Lula binary

Synopsis

Shows the current version of the Lula binary

lula version [flags]

Examples


Get the current Lula version:
	lula version

Options

  -h, --help   help for version

Options inherited from parent commands

  -l, --log-level string   Log level when running Lula. Valid options are: warn, info, debug, trace (default "info")

SEE ALSO

  • lula - Risk Management as Code