Roadmap

2025 Annual

As of 2025, Lula has been placed into maintenance support. The project will not be receiving further active feature development, but will be monitored for issues, critical bug fixes and vulnerabilities.

2024 Annual

Q1 - Foundations & Discovery:

• Release: an initial version of Lula released to enable teams to begin development of validations. Establish process for future releases.
• CI/CD: Establish supported workflows for CI/CD. Structure (Lint) → Assess (validate) → Compare (evaluate)
• Validation Discovery: Create component definition artifacts for use on a variety of apps

Q2 Artifacts & Provenance:

• Artifact Generation: Enable shifting context between OSCAL model artifacts where available to accelerate production of authorization artifacts. Provide reproducible process for component-definition and assessment-results.
• Provenance: Continue to iterate on improving the provenance of artifacts that Lula can process/produce.
• Document: Build and improve documentation to support tool-use with other conceptual patterns required for secure systems.

Q3 Configuration & Coverage:

• Configuration & Templating: Enhance artifacts with optionality to template variables into OSCAL & Validations dynamically. Allowing the use of build-time and run-time templating.
• OSCAL Model Coverage: Increase support of processable OSCAL models to include profile and system-security-plan
• Quality of Life: User Experience improvements to operating with OSCAL and Lula validations

Q4 Data Collection:

• OSCAL Model Coverage: Increase support of processable OSCAL models to include assessment-plan and plan-of-actions-and-milestones (POAM).
• API Domain: Mature the API Domain into a more extensible option for validations.
• Data Collection: Increase domain data collection methods by 1 to enable greater compliance mapping capabilities