From b793d2c743cfce062f93de293fc2eaa90b0116f9 Mon Sep 17 00:00:00 2001 From: Hannah Braswell Date: Mon, 18 May 2026 20:52:06 -0400 Subject: [PATCH 1/4] chore: updates bad testdata with v1 schema Signed-off-by: Hannah Braswell --- test/test-data/bad-audit-log.yaml | 2 +- test/test-data/bad-capability-invalid-group.yaml | 2 +- test/test-data/bad-control-invalid-group.yaml | 2 +- test/test-data/bad-enforcement-clear-failed.yaml | 2 +- test/test-data/bad-enforcement-log.yaml | 2 +- test/test-data/bad-enforcement-missing-log.yaml | 2 +- test/test-data/bad-lifecycle.yaml | 2 +- test/test-data/bad-mapping-document.yaml | 2 ++ test/test-data/bad-mapping-no-target.yaml | 2 +- test/test-data/bad-no-groups.yaml | 2 +- test/test-data/bad-principle-invalid-group.yaml | 2 +- test/test-data/bad-threat-invalid-group.yaml | 2 +- 12 files changed, 13 insertions(+), 11 deletions(-) diff --git a/test/test-data/bad-audit-log.yaml b/test/test-data/bad-audit-log.yaml index fd5a386a..528aff48 100644 --- a/test/test-data/bad-audit-log.yaml +++ b/test/test-data/bad-audit-log.yaml @@ -1,7 +1,7 @@ metadata: id: audit-log-bad type: AuditLog - gemara-version: "0.20.0" + gemara-version: "1.0.0" version: "1.0.0" description: "Invalid audit log: missing summary, criteria, and results" author: diff --git a/test/test-data/bad-capability-invalid-group.yaml b/test/test-data/bad-capability-invalid-group.yaml index e77c26a6..1c70f5ef 100644 --- a/test/test-data/bad-capability-invalid-group.yaml +++ b/test/test-data/bad-capability-invalid-group.yaml @@ -1,7 +1,7 @@ metadata: id: EXAMPLE-CAPABILITY-CATALOG type: CapabilityCatalog - gemara-version: "0.20.0" + gemara-version: "1.0.0" version: "1.0.0" description: Example Capability Catalog author: diff --git a/test/test-data/bad-control-invalid-group.yaml b/test/test-data/bad-control-invalid-group.yaml index e6103fc9..1be0a0bd 100644 --- a/test/test-data/bad-control-invalid-group.yaml +++ b/test/test-data/bad-control-invalid-group.yaml @@ -1,7 +1,7 @@ metadata: id: TEST-INVALID-GROUP type: ControlCatalog - gemara-version: "0.20.0" + gemara-version: "1.0.0" version: "1.0.0" description: Control catalog with a control referencing an invalid group. author: diff --git a/test/test-data/bad-enforcement-clear-failed.yaml b/test/test-data/bad-enforcement-clear-failed.yaml index b4711b18..cdac2780 100644 --- a/test/test-data/bad-enforcement-clear-failed.yaml +++ b/test/test-data/bad-enforcement-clear-failed.yaml @@ -1,7 +1,7 @@ metadata: id: "enforcement-log-bad-clear" type: EnforcementLog - gemara-version: "0.20.0" + gemara-version: "1.0.0" version: "1.0.0" description: "Invalid enforcement log: Clear disposition with Failed assessment result" author: diff --git a/test/test-data/bad-enforcement-log.yaml b/test/test-data/bad-enforcement-log.yaml index ba001329..9d29723b 100644 --- a/test/test-data/bad-enforcement-log.yaml +++ b/test/test-data/bad-enforcement-log.yaml @@ -1,7 +1,7 @@ metadata: id: "enforcement-log-bad-001" type: EnforcementLog - gemara-version: "0.20.0" + gemara-version: "1.0.0" version: "1.0.0" description: "Invalid enforcement log: action justification missing required log reference" author: diff --git a/test/test-data/bad-enforcement-missing-log.yaml b/test/test-data/bad-enforcement-missing-log.yaml index 301e857f..bfb0333b 100644 --- a/test/test-data/bad-enforcement-missing-log.yaml +++ b/test/test-data/bad-enforcement-missing-log.yaml @@ -1,7 +1,7 @@ metadata: id: "enforcement-log-bad-002" type: EnforcementLog - gemara-version: "0.20.0" + gemara-version: "1.0.0" version: "1.0.0" description: "Invalid enforcement log: action justification missing required log reference" author: diff --git a/test/test-data/bad-lifecycle.yaml b/test/test-data/bad-lifecycle.yaml index 8c817fc6..b7eb2c41 100644 --- a/test/test-data/bad-lifecycle.yaml +++ b/test/test-data/bad-lifecycle.yaml @@ -1,7 +1,7 @@ metadata: id: TEST-BAD-LIFECYCLE type: GuidanceCatalog - gemara-version: "0.20.0" + gemara-version: "1.0.0" version: "1.0.0" description: Retired guideline with recommendations should fail validation. author: diff --git a/test/test-data/bad-mapping-document.yaml b/test/test-data/bad-mapping-document.yaml index 49f16c8f..d711906e 100644 --- a/test/test-data/bad-mapping-document.yaml +++ b/test/test-data/bad-mapping-document.yaml @@ -1,6 +1,8 @@ title: Invalid Mapping Document Without Mapping References metadata: id: INVALID-MAP-001 + type: MappingDocument + gemara-version: "1.0.0" version: "1.0.0" description: This mapping document is missing mapping-references author: diff --git a/test/test-data/bad-mapping-no-target.yaml b/test/test-data/bad-mapping-no-target.yaml index 1dcd2f03..4b331f26 100644 --- a/test/test-data/bad-mapping-no-target.yaml +++ b/test/test-data/bad-mapping-no-target.yaml @@ -3,7 +3,7 @@ metadata: id: TEST-MAP-001 version: "1.0.0" type: MappingDocument - gemara-version: "0.20.0" + gemara-version: "1.0.0" description: Test author: id: test diff --git a/test/test-data/bad-no-groups.yaml b/test/test-data/bad-no-groups.yaml index 906c6648..23d15681 100644 --- a/test/test-data/bad-no-groups.yaml +++ b/test/test-data/bad-no-groups.yaml @@ -1,7 +1,7 @@ metadata: id: TEST-NO-FAMILIES type: ControlCatalog - gemara-version: "0.20.0" + gemara-version: "1.0.0" version: "1.0.0" description: Control catalog with controls but no groups declared. author: diff --git a/test/test-data/bad-principle-invalid-group.yaml b/test/test-data/bad-principle-invalid-group.yaml index 542e00ce..36122cfa 100644 --- a/test/test-data/bad-principle-invalid-group.yaml +++ b/test/test-data/bad-principle-invalid-group.yaml @@ -2,7 +2,7 @@ title: AI Governance Framework Principles metadata: id: AIR-PRIN type: PrincipleCatalog - gemara-version: "0.20.0" + gemara-version: "1.0.0" description: Core principles underpinning the FINOS AI Governance Framework. version: 0.1.0 author: diff --git a/test/test-data/bad-threat-invalid-group.yaml b/test/test-data/bad-threat-invalid-group.yaml index 807793c4..2e6cc03b 100644 --- a/test/test-data/bad-threat-invalid-group.yaml +++ b/test/test-data/bad-threat-invalid-group.yaml @@ -1,7 +1,7 @@ metadata: id: EXAMPLE-THREAT-CATALOG type: ThreatCatalog - gemara-version: "0.20.0" + gemara-version: "1.0.0" version: "1.0.0" description: Example Threat Catalog author: From df8487aa92dba7f18746f2f48846dd3b0bee51ed Mon Sep 17 00:00:00 2001 From: Hannah Braswell Date: Mon, 18 May 2026 20:52:50 -0400 Subject: [PATCH 2/4] chore: updates nested testdata to v1 Signed-off-by: Hannah Braswell --- test/test-data/nested-empty.yaml | 2 +- test/test-data/nested-good-ccc.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/test/test-data/nested-empty.yaml b/test/test-data/nested-empty.yaml index fc251581..a0f3ba4b 100644 --- a/test/test-data/nested-empty.yaml +++ b/test/test-data/nested-empty.yaml @@ -1,7 +1,7 @@ metadata: id: "empty-test-catalog" type: ControlCatalog - gemara-version: "0.20.0" + gemara-version: "1.0.0" description: "Minimal test catalog for edge case testing" author: id: test-author diff --git a/test/test-data/nested-good-ccc.yaml b/test/test-data/nested-good-ccc.yaml index c2fafbca..b434a95e 100644 --- a/test/test-data/nested-good-ccc.yaml +++ b/test/test-data/nested-good-ccc.yaml @@ -1,7 +1,7 @@ metadata: id: FINOS-CCC type: ControlCatalog - gemara-version: "0.20.0" + gemara-version: "1.0.0" description: | FINOS CCC is an open standard project that describes consistent controls for compliant public cloud deployments in the financial services sector. From 1136c11f003546f2dbb5a17c3089528518eed374 Mon Sep 17 00:00:00 2001 From: Hannah Braswell Date: Mon, 18 May 2026 20:53:53 -0400 Subject: [PATCH 3/4] chore: migrate testdata to v1 Signed-off-by: Hannah Braswell --- test/test-data/good-aigf-nist-mapping.yaml | 2 +- test/test-data/good-aigf-principles.yaml | 2 +- test/test-data/good-aigf-vectors.yaml | 2 +- test/test-data/good-aigf.yaml | 2 +- test/test-data/good-audit-log.yaml | 2 +- test/test-data/good-capability-catalog.yaml | 2 +- test/test-data/good-ccc.json | 2 ++ test/test-data/good-ccc.yaml | 2 +- test/test-data/good-enforcement-log.yaml | 2 +- test/test-data/good-lifecycle.yaml | 2 +- test/test-data/good-mapping-document.yaml | 2 +- test/test-data/good-osps.yml | 2 +- test/test-data/good-policy.yaml | 2 +- test/test-data/good-risk-catalog.yaml | 2 +- test/test-data/good-security-policy.yml | 2 +- test/test-data/good-threat-catalog.yaml | 2 +- test/test-data/good-vector-owasp-mapping.yaml | 2 +- test/test-data/pvtr-baseline-scan.yaml | 2 +- 18 files changed, 19 insertions(+), 17 deletions(-) diff --git a/test/test-data/good-aigf-nist-mapping.yaml b/test/test-data/good-aigf-nist-mapping.yaml index 4477f195..f44394f3 100644 --- a/test/test-data/good-aigf-nist-mapping.yaml +++ b/test/test-data/good-aigf-nist-mapping.yaml @@ -4,7 +4,7 @@ metadata: id: AIR-NIST-MAP-001 version: "0.1.0" type: MappingDocument - gemara-version: "0.20.0" + gemara-version: "1.0.0" description: > Maps FINOS AI Governance Framework mitigations (guidelines) to NIST SP 800-53 Revision 5 security and privacy controls. diff --git a/test/test-data/good-aigf-principles.yaml b/test/test-data/good-aigf-principles.yaml index 1d791aaf..83a0cfb1 100644 --- a/test/test-data/good-aigf-principles.yaml +++ b/test/test-data/good-aigf-principles.yaml @@ -3,7 +3,7 @@ title: AI Governance Framework Principles metadata: id: AIR-PRIN type: PrincipleCatalog - gemara-version: "0.20.0" + gemara-version: "1.0.0" description: > Core principles underpinning the FINOS AI Governance Framework. Each principle represents a foundational value that one or more diff --git a/test/test-data/good-aigf-vectors.yaml b/test/test-data/good-aigf-vectors.yaml index 85ae0602..c7abb4ef 100644 --- a/test/test-data/good-aigf-vectors.yaml +++ b/test/test-data/good-aigf-vectors.yaml @@ -3,7 +3,7 @@ title: AI Governance Framework Risk Vectors metadata: id: AIR-VEC type: VectorCatalog - gemara-version: "0.20.0" + gemara-version: "1.0.0" version: 0.1.0 description: > AIGF risks expressed as Gemara vectors. Each vector describes a diff --git a/test/test-data/good-aigf.yaml b/test/test-data/good-aigf.yaml index d266db82..7f852cf1 100644 --- a/test/test-data/good-aigf.yaml +++ b/test/test-data/good-aigf.yaml @@ -1,7 +1,7 @@ metadata: id: FINOS-AIR type: GuidanceCatalog - gemara-version: "0.20.0" + gemara-version: "1.0.0" description: > A comprehensive collection of risks and mitigations that support on-boarding, development of, and running Generative AI solutions. diff --git a/test/test-data/good-audit-log.yaml b/test/test-data/good-audit-log.yaml index b2ac6fda..83e894e7 100644 --- a/test/test-data/good-audit-log.yaml +++ b/test/test-data/good-audit-log.yaml @@ -1,7 +1,7 @@ metadata: id: audit-log-001 type: AuditLog - gemara-version: "0.20.0" + gemara-version: "1.0.0" version: "1.0.0" description: "Q1 2026 Gemara Audit" author: diff --git a/test/test-data/good-capability-catalog.yaml b/test/test-data/good-capability-catalog.yaml index f60aeda5..800f5cc2 100644 --- a/test/test-data/good-capability-catalog.yaml +++ b/test/test-data/good-capability-catalog.yaml @@ -1,7 +1,7 @@ metadata: id: EXAMPLE-CAPABILITY-CATALOG type: CapabilityCatalog - gemara-version: "0.20.0" + gemara-version: "1.0.0" version: "1.0.0" description: Example Capability Catalog author: diff --git a/test/test-data/good-ccc.json b/test/test-data/good-ccc.json index c522c82f..e3519623 100644 --- a/test/test-data/good-ccc.json +++ b/test/test-data/good-ccc.json @@ -2,6 +2,8 @@ "title": "FINOS Cloud Control Catalog", "metadata": { "id": "FINOS-CCC", + "type": "ControlCatalog", + "gemara-version": "1.0.0", "description": "FINOS CCC is an open standard project that describes consistent controls for\ncompliant public cloud deployments in the financial services sector.\n", "author": { "id": "finos", diff --git a/test/test-data/good-ccc.yaml b/test/test-data/good-ccc.yaml index 05b7fa8c..218f0e94 100644 --- a/test/test-data/good-ccc.yaml +++ b/test/test-data/good-ccc.yaml @@ -1,7 +1,7 @@ metadata: id: FINOS-CCC type: ControlCatalog - gemara-version: "0.20.0" + gemara-version: "1.0.0" version: "2024.1" description: | FINOS CCC is an open standard project that describes consistent controls for diff --git a/test/test-data/good-enforcement-log.yaml b/test/test-data/good-enforcement-log.yaml index cbb3b2b8..1f6ee780 100644 --- a/test/test-data/good-enforcement-log.yaml +++ b/test/test-data/good-enforcement-log.yaml @@ -1,7 +1,7 @@ metadata: id: "enforcement-log-001" type: EnforcementLog - gemara-version: "0.20.0" + gemara-version: "1.0.0" version: "1.0.0" description: "Enforcement actions taken against pvtr evaluation findings for the Gemara repository" author: diff --git a/test/test-data/good-lifecycle.yaml b/test/test-data/good-lifecycle.yaml index 6d6dba96..b25001f3 100644 --- a/test/test-data/good-lifecycle.yaml +++ b/test/test-data/good-lifecycle.yaml @@ -1,7 +1,7 @@ metadata: id: TEST-LIFECYCLE type: ControlCatalog - gemara-version: "0.20.0" + gemara-version: "1.0.0" version: "1.0.0" description: Validates lifecycle states on controls and assessment requirements. author: diff --git a/test/test-data/good-mapping-document.yaml b/test/test-data/good-mapping-document.yaml index e78b8ad5..d6676148 100644 --- a/test/test-data/good-mapping-document.yaml +++ b/test/test-data/good-mapping-document.yaml @@ -3,7 +3,7 @@ metadata: id: OSPS-CRA-MAP-001 version: "1.0.0" type: MappingDocument - gemara-version: "0.20.0" + gemara-version: "1.0.0" description: > Maps OSPS Baseline controls to essential cybersecurity requirements in Annex I of the EU Cyber Resilience Act (Regulation 2024/2847). diff --git a/test/test-data/good-osps.yml b/test/test-data/good-osps.yml index 59f81cfa..2fc0596d 100644 --- a/test/test-data/good-osps.yml +++ b/test/test-data/good-osps.yml @@ -1,7 +1,7 @@ metadata: id: OSPS-B type: ControlCatalog - gemara-version: "0.20.0" + gemara-version: "1.0.0" version: "1.0.0" description: | The Open Source Project Security (OSPS) Baseline is a set of security diff --git a/test/test-data/good-policy.yaml b/test/test-data/good-policy.yaml index 38251e0e..26281442 100644 --- a/test/test-data/good-policy.yaml +++ b/test/test-data/good-policy.yaml @@ -1,7 +1,7 @@ metadata: id: "security-policy-001" type: Policy - gemara-version: "0.20.0" + gemara-version: "1.0.0" description: "Establish comprehensive information security controls and procedures to protect organizational assets" version: "2.1.0" author: diff --git a/test/test-data/good-risk-catalog.yaml b/test/test-data/good-risk-catalog.yaml index 492b3e86..9cf948e5 100644 --- a/test/test-data/good-risk-catalog.yaml +++ b/test/test-data/good-risk-catalog.yaml @@ -1,7 +1,7 @@ metadata: id: EXAMPLE-RISK-CATALOG type: RiskCatalog - gemara-version: "0.20.0" + gemara-version: "1.0.0" version: "1.0.0" description: Example Risk Catalog for cloud-native container environments author: diff --git a/test/test-data/good-security-policy.yml b/test/test-data/good-security-policy.yml index 0f808cd8..ebeff483 100644 --- a/test/test-data/good-security-policy.yml +++ b/test/test-data/good-security-policy.yml @@ -1,7 +1,7 @@ metadata: id: "data-protection-policy-002" type: Policy - gemara-version: "0.20.0" + gemara-version: "1.0.0" description: "Ensure compliance with data protection regulations and safeguard personal information" version: "1.5.0" author: diff --git a/test/test-data/good-threat-catalog.yaml b/test/test-data/good-threat-catalog.yaml index 31aa4579..c218c732 100644 --- a/test/test-data/good-threat-catalog.yaml +++ b/test/test-data/good-threat-catalog.yaml @@ -1,7 +1,7 @@ metadata: id: EXAMPLE-THREAT-CATALOG type: ThreatCatalog - gemara-version: "0.20.0" + gemara-version: "1.0.0" version: "1.0.0" description: Example Threat Catalog author: diff --git a/test/test-data/good-vector-owasp-mapping.yaml b/test/test-data/good-vector-owasp-mapping.yaml index c9dce3e4..11a9e902 100644 --- a/test/test-data/good-vector-owasp-mapping.yaml +++ b/test/test-data/good-vector-owasp-mapping.yaml @@ -4,7 +4,7 @@ metadata: id: AIR-OWASP-MAP-001 version: "0.1.0" type: MappingDocument - gemara-version: "0.20.0" + gemara-version: "1.0.0" description: > Maps AIGF risk vectors to OWASP Top 10 for LLM Applications 2025 entries where a semantic relationship exists. Vectors without a diff --git a/test/test-data/pvtr-baseline-scan.yaml b/test/test-data/pvtr-baseline-scan.yaml index 9c6a5deb..efa62021 100644 --- a/test/test-data/pvtr-baseline-scan.yaml +++ b/test/test-data/pvtr-baseline-scan.yaml @@ -1,7 +1,7 @@ metadata: id: PVTR-BASELINE-SCAN type: EvaluationLog - gemara-version: 0.20.0 + gemara-version: "1.0.0" version: 1.0.0 description: PVTR baseline scan evaluation results author: From 2bb8d73fd713afc2d80726a8ab2d6bd94b606f1f Mon Sep 17 00:00:00 2001 From: Hannah Braswell Date: Tue, 19 May 2026 08:35:18 -0400 Subject: [PATCH 4/4] fix: migrates testdata to v1.1.0 Signed-off-by: Hannah Braswell --- test/test-data/bad-audit-log.yaml | 2 +- test/test-data/bad-capability-invalid-group.yaml | 2 +- test/test-data/bad-control-invalid-group.yaml | 2 +- test/test-data/bad-enforcement-clear-failed.yaml | 2 +- test/test-data/bad-enforcement-log.yaml | 2 +- test/test-data/bad-enforcement-missing-log.yaml | 2 +- test/test-data/bad-lexicon-duplicate-term-id.yaml | 2 +- test/test-data/bad-lifecycle.yaml | 2 +- test/test-data/bad-mapping-document.yaml | 2 +- test/test-data/bad-mapping-no-target.yaml | 2 +- test/test-data/bad-no-groups.yaml | 2 +- test/test-data/bad-principle-invalid-group.yaml | 2 +- test/test-data/bad-threat-invalid-group.yaml | 2 +- test/test-data/good-aigf-nist-mapping.yaml | 2 +- test/test-data/good-aigf-principles.yaml | 2 +- test/test-data/good-aigf-vectors.yaml | 2 +- test/test-data/good-aigf.yaml | 2 +- test/test-data/good-audit-log.yaml | 2 +- test/test-data/good-capability-catalog.yaml | 2 +- test/test-data/good-ccc.yaml | 2 +- test/test-data/good-enforcement-log.yaml | 2 +- test/test-data/good-lexicon.yaml | 2 +- test/test-data/good-lifecycle.yaml | 2 +- test/test-data/good-mapping-document.yaml | 2 +- test/test-data/good-osps.yml | 2 +- test/test-data/good-policy.yaml | 2 +- test/test-data/good-risk-catalog.yaml | 2 +- test/test-data/good-security-policy.yml | 2 +- test/test-data/good-threat-catalog.yaml | 2 +- test/test-data/good-vector-owasp-mapping.yaml | 2 +- test/test-data/nested-empty.yaml | 2 +- test/test-data/nested-good-ccc.yaml | 2 +- test/test-data/pvtr-baseline-scan.yaml | 2 +- 33 files changed, 33 insertions(+), 33 deletions(-) diff --git a/test/test-data/bad-audit-log.yaml b/test/test-data/bad-audit-log.yaml index 528aff48..c67dfac6 100644 --- a/test/test-data/bad-audit-log.yaml +++ b/test/test-data/bad-audit-log.yaml @@ -1,7 +1,7 @@ metadata: id: audit-log-bad type: AuditLog - gemara-version: "1.0.0" + gemara-version: "1.1.0" version: "1.0.0" description: "Invalid audit log: missing summary, criteria, and results" author: diff --git a/test/test-data/bad-capability-invalid-group.yaml b/test/test-data/bad-capability-invalid-group.yaml index 1c70f5ef..f55a7a27 100644 --- a/test/test-data/bad-capability-invalid-group.yaml +++ b/test/test-data/bad-capability-invalid-group.yaml @@ -1,7 +1,7 @@ metadata: id: EXAMPLE-CAPABILITY-CATALOG type: CapabilityCatalog - gemara-version: "1.0.0" + gemara-version: "1.1.0" version: "1.0.0" description: Example Capability Catalog author: diff --git a/test/test-data/bad-control-invalid-group.yaml b/test/test-data/bad-control-invalid-group.yaml index 1be0a0bd..93981ff5 100644 --- a/test/test-data/bad-control-invalid-group.yaml +++ b/test/test-data/bad-control-invalid-group.yaml @@ -1,7 +1,7 @@ metadata: id: TEST-INVALID-GROUP type: ControlCatalog - gemara-version: "1.0.0" + gemara-version: "1.1.0" version: "1.0.0" description: Control catalog with a control referencing an invalid group. author: diff --git a/test/test-data/bad-enforcement-clear-failed.yaml b/test/test-data/bad-enforcement-clear-failed.yaml index cdac2780..cb9eb2d1 100644 --- a/test/test-data/bad-enforcement-clear-failed.yaml +++ b/test/test-data/bad-enforcement-clear-failed.yaml @@ -1,7 +1,7 @@ metadata: id: "enforcement-log-bad-clear" type: EnforcementLog - gemara-version: "1.0.0" + gemara-version: "1.1.0" version: "1.0.0" description: "Invalid enforcement log: Clear disposition with Failed assessment result" author: diff --git a/test/test-data/bad-enforcement-log.yaml b/test/test-data/bad-enforcement-log.yaml index 9d29723b..24b1b27b 100644 --- a/test/test-data/bad-enforcement-log.yaml +++ b/test/test-data/bad-enforcement-log.yaml @@ -1,7 +1,7 @@ metadata: id: "enforcement-log-bad-001" type: EnforcementLog - gemara-version: "1.0.0" + gemara-version: "1.1.0" version: "1.0.0" description: "Invalid enforcement log: action justification missing required log reference" author: diff --git a/test/test-data/bad-enforcement-missing-log.yaml b/test/test-data/bad-enforcement-missing-log.yaml index bfb0333b..815eab13 100644 --- a/test/test-data/bad-enforcement-missing-log.yaml +++ b/test/test-data/bad-enforcement-missing-log.yaml @@ -1,7 +1,7 @@ metadata: id: "enforcement-log-bad-002" type: EnforcementLog - gemara-version: "1.0.0" + gemara-version: "1.1.0" version: "1.0.0" description: "Invalid enforcement log: action justification missing required log reference" author: diff --git a/test/test-data/bad-lexicon-duplicate-term-id.yaml b/test/test-data/bad-lexicon-duplicate-term-id.yaml index 547cc0bd..7409d6a0 100644 --- a/test/test-data/bad-lexicon-duplicate-term-id.yaml +++ b/test/test-data/bad-lexicon-duplicate-term-id.yaml @@ -2,7 +2,7 @@ title: Invalid lexicon with duplicate term ids metadata: id: bad-lexicon-dup type: Lexicon - gemara-version: "1.0.0" + gemara-version: "1.1.0" description: Term ids must be unique within the lexicon. author: id: gemara-example diff --git a/test/test-data/bad-lifecycle.yaml b/test/test-data/bad-lifecycle.yaml index b7eb2c41..4bdfcfe2 100644 --- a/test/test-data/bad-lifecycle.yaml +++ b/test/test-data/bad-lifecycle.yaml @@ -1,7 +1,7 @@ metadata: id: TEST-BAD-LIFECYCLE type: GuidanceCatalog - gemara-version: "1.0.0" + gemara-version: "1.1.0" version: "1.0.0" description: Retired guideline with recommendations should fail validation. author: diff --git a/test/test-data/bad-mapping-document.yaml b/test/test-data/bad-mapping-document.yaml index d711906e..beb3faea 100644 --- a/test/test-data/bad-mapping-document.yaml +++ b/test/test-data/bad-mapping-document.yaml @@ -2,7 +2,7 @@ title: Invalid Mapping Document Without Mapping References metadata: id: INVALID-MAP-001 type: MappingDocument - gemara-version: "1.0.0" + gemara-version: "1.1.0" version: "1.0.0" description: This mapping document is missing mapping-references author: diff --git a/test/test-data/bad-mapping-no-target.yaml b/test/test-data/bad-mapping-no-target.yaml index 4b331f26..f5e99c1f 100644 --- a/test/test-data/bad-mapping-no-target.yaml +++ b/test/test-data/bad-mapping-no-target.yaml @@ -3,7 +3,7 @@ metadata: id: TEST-MAP-001 version: "1.0.0" type: MappingDocument - gemara-version: "1.0.0" + gemara-version: "1.1.0" description: Test author: id: test diff --git a/test/test-data/bad-no-groups.yaml b/test/test-data/bad-no-groups.yaml index 23d15681..1096e1de 100644 --- a/test/test-data/bad-no-groups.yaml +++ b/test/test-data/bad-no-groups.yaml @@ -1,7 +1,7 @@ metadata: id: TEST-NO-FAMILIES type: ControlCatalog - gemara-version: "1.0.0" + gemara-version: "1.1.0" version: "1.0.0" description: Control catalog with controls but no groups declared. author: diff --git a/test/test-data/bad-principle-invalid-group.yaml b/test/test-data/bad-principle-invalid-group.yaml index 36122cfa..97d797dd 100644 --- a/test/test-data/bad-principle-invalid-group.yaml +++ b/test/test-data/bad-principle-invalid-group.yaml @@ -2,7 +2,7 @@ title: AI Governance Framework Principles metadata: id: AIR-PRIN type: PrincipleCatalog - gemara-version: "1.0.0" + gemara-version: "1.1.0" description: Core principles underpinning the FINOS AI Governance Framework. version: 0.1.0 author: diff --git a/test/test-data/bad-threat-invalid-group.yaml b/test/test-data/bad-threat-invalid-group.yaml index 2e6cc03b..c67e833e 100644 --- a/test/test-data/bad-threat-invalid-group.yaml +++ b/test/test-data/bad-threat-invalid-group.yaml @@ -1,7 +1,7 @@ metadata: id: EXAMPLE-THREAT-CATALOG type: ThreatCatalog - gemara-version: "1.0.0" + gemara-version: "1.1.0" version: "1.0.0" description: Example Threat Catalog author: diff --git a/test/test-data/good-aigf-nist-mapping.yaml b/test/test-data/good-aigf-nist-mapping.yaml index f44394f3..2044bcea 100644 --- a/test/test-data/good-aigf-nist-mapping.yaml +++ b/test/test-data/good-aigf-nist-mapping.yaml @@ -4,7 +4,7 @@ metadata: id: AIR-NIST-MAP-001 version: "0.1.0" type: MappingDocument - gemara-version: "1.0.0" + gemara-version: "1.1.0" description: > Maps FINOS AI Governance Framework mitigations (guidelines) to NIST SP 800-53 Revision 5 security and privacy controls. diff --git a/test/test-data/good-aigf-principles.yaml b/test/test-data/good-aigf-principles.yaml index 83a0cfb1..be657326 100644 --- a/test/test-data/good-aigf-principles.yaml +++ b/test/test-data/good-aigf-principles.yaml @@ -3,7 +3,7 @@ title: AI Governance Framework Principles metadata: id: AIR-PRIN type: PrincipleCatalog - gemara-version: "1.0.0" + gemara-version: "1.1.0" description: > Core principles underpinning the FINOS AI Governance Framework. Each principle represents a foundational value that one or more diff --git a/test/test-data/good-aigf-vectors.yaml b/test/test-data/good-aigf-vectors.yaml index c7abb4ef..e62cee86 100644 --- a/test/test-data/good-aigf-vectors.yaml +++ b/test/test-data/good-aigf-vectors.yaml @@ -3,7 +3,7 @@ title: AI Governance Framework Risk Vectors metadata: id: AIR-VEC type: VectorCatalog - gemara-version: "1.0.0" + gemara-version: "1.1.0" version: 0.1.0 description: > AIGF risks expressed as Gemara vectors. Each vector describes a diff --git a/test/test-data/good-aigf.yaml b/test/test-data/good-aigf.yaml index 7f852cf1..9d4ccd81 100644 --- a/test/test-data/good-aigf.yaml +++ b/test/test-data/good-aigf.yaml @@ -1,7 +1,7 @@ metadata: id: FINOS-AIR type: GuidanceCatalog - gemara-version: "1.0.0" + gemara-version: "1.1.0" description: > A comprehensive collection of risks and mitigations that support on-boarding, development of, and running Generative AI solutions. diff --git a/test/test-data/good-audit-log.yaml b/test/test-data/good-audit-log.yaml index 83e894e7..6db03483 100644 --- a/test/test-data/good-audit-log.yaml +++ b/test/test-data/good-audit-log.yaml @@ -1,7 +1,7 @@ metadata: id: audit-log-001 type: AuditLog - gemara-version: "1.0.0" + gemara-version: "1.1.0" version: "1.0.0" description: "Q1 2026 Gemara Audit" author: diff --git a/test/test-data/good-capability-catalog.yaml b/test/test-data/good-capability-catalog.yaml index 800f5cc2..dc139132 100644 --- a/test/test-data/good-capability-catalog.yaml +++ b/test/test-data/good-capability-catalog.yaml @@ -1,7 +1,7 @@ metadata: id: EXAMPLE-CAPABILITY-CATALOG type: CapabilityCatalog - gemara-version: "1.0.0" + gemara-version: "1.1.0" version: "1.0.0" description: Example Capability Catalog author: diff --git a/test/test-data/good-ccc.yaml b/test/test-data/good-ccc.yaml index 218f0e94..720460c3 100644 --- a/test/test-data/good-ccc.yaml +++ b/test/test-data/good-ccc.yaml @@ -1,7 +1,7 @@ metadata: id: FINOS-CCC type: ControlCatalog - gemara-version: "1.0.0" + gemara-version: "1.1.0" version: "2024.1" description: | FINOS CCC is an open standard project that describes consistent controls for diff --git a/test/test-data/good-enforcement-log.yaml b/test/test-data/good-enforcement-log.yaml index 1f6ee780..4c54d5bc 100644 --- a/test/test-data/good-enforcement-log.yaml +++ b/test/test-data/good-enforcement-log.yaml @@ -1,7 +1,7 @@ metadata: id: "enforcement-log-001" type: EnforcementLog - gemara-version: "1.0.0" + gemara-version: "1.1.0" version: "1.0.0" description: "Enforcement actions taken against pvtr evaluation findings for the Gemara repository" author: diff --git a/test/test-data/good-lexicon.yaml b/test/test-data/good-lexicon.yaml index 423a393c..3cd31023 100644 --- a/test/test-data/good-lexicon.yaml +++ b/test/test-data/good-lexicon.yaml @@ -2,7 +2,7 @@ title: Example security lexicon metadata: id: example-lexicon-001 type: Lexicon - gemara-version: "1.0.0" + gemara-version: "1.1.0" version: "1.0.0" description: > Minimal lexicon illustrating the Gemara Lexicon artifact schema. diff --git a/test/test-data/good-lifecycle.yaml b/test/test-data/good-lifecycle.yaml index b25001f3..248340c2 100644 --- a/test/test-data/good-lifecycle.yaml +++ b/test/test-data/good-lifecycle.yaml @@ -1,7 +1,7 @@ metadata: id: TEST-LIFECYCLE type: ControlCatalog - gemara-version: "1.0.0" + gemara-version: "1.1.0" version: "1.0.0" description: Validates lifecycle states on controls and assessment requirements. author: diff --git a/test/test-data/good-mapping-document.yaml b/test/test-data/good-mapping-document.yaml index d6676148..c513ddfc 100644 --- a/test/test-data/good-mapping-document.yaml +++ b/test/test-data/good-mapping-document.yaml @@ -3,7 +3,7 @@ metadata: id: OSPS-CRA-MAP-001 version: "1.0.0" type: MappingDocument - gemara-version: "1.0.0" + gemara-version: "1.1.0" description: > Maps OSPS Baseline controls to essential cybersecurity requirements in Annex I of the EU Cyber Resilience Act (Regulation 2024/2847). diff --git a/test/test-data/good-osps.yml b/test/test-data/good-osps.yml index 2fc0596d..81185597 100644 --- a/test/test-data/good-osps.yml +++ b/test/test-data/good-osps.yml @@ -1,7 +1,7 @@ metadata: id: OSPS-B type: ControlCatalog - gemara-version: "1.0.0" + gemara-version: "1.1.0" version: "1.0.0" description: | The Open Source Project Security (OSPS) Baseline is a set of security diff --git a/test/test-data/good-policy.yaml b/test/test-data/good-policy.yaml index 26281442..28190b6f 100644 --- a/test/test-data/good-policy.yaml +++ b/test/test-data/good-policy.yaml @@ -1,7 +1,7 @@ metadata: id: "security-policy-001" type: Policy - gemara-version: "1.0.0" + gemara-version: "1.1.0" description: "Establish comprehensive information security controls and procedures to protect organizational assets" version: "2.1.0" author: diff --git a/test/test-data/good-risk-catalog.yaml b/test/test-data/good-risk-catalog.yaml index 9cf948e5..146c7426 100644 --- a/test/test-data/good-risk-catalog.yaml +++ b/test/test-data/good-risk-catalog.yaml @@ -1,7 +1,7 @@ metadata: id: EXAMPLE-RISK-CATALOG type: RiskCatalog - gemara-version: "1.0.0" + gemara-version: "1.1.0" version: "1.0.0" description: Example Risk Catalog for cloud-native container environments author: diff --git a/test/test-data/good-security-policy.yml b/test/test-data/good-security-policy.yml index ebeff483..e2881576 100644 --- a/test/test-data/good-security-policy.yml +++ b/test/test-data/good-security-policy.yml @@ -1,7 +1,7 @@ metadata: id: "data-protection-policy-002" type: Policy - gemara-version: "1.0.0" + gemara-version: "1.1.0" description: "Ensure compliance with data protection regulations and safeguard personal information" version: "1.5.0" author: diff --git a/test/test-data/good-threat-catalog.yaml b/test/test-data/good-threat-catalog.yaml index c218c732..79ddc348 100644 --- a/test/test-data/good-threat-catalog.yaml +++ b/test/test-data/good-threat-catalog.yaml @@ -1,7 +1,7 @@ metadata: id: EXAMPLE-THREAT-CATALOG type: ThreatCatalog - gemara-version: "1.0.0" + gemara-version: "1.1.0" version: "1.0.0" description: Example Threat Catalog author: diff --git a/test/test-data/good-vector-owasp-mapping.yaml b/test/test-data/good-vector-owasp-mapping.yaml index 11a9e902..3a7eed8f 100644 --- a/test/test-data/good-vector-owasp-mapping.yaml +++ b/test/test-data/good-vector-owasp-mapping.yaml @@ -4,7 +4,7 @@ metadata: id: AIR-OWASP-MAP-001 version: "0.1.0" type: MappingDocument - gemara-version: "1.0.0" + gemara-version: "1.1.0" description: > Maps AIGF risk vectors to OWASP Top 10 for LLM Applications 2025 entries where a semantic relationship exists. Vectors without a diff --git a/test/test-data/nested-empty.yaml b/test/test-data/nested-empty.yaml index a0f3ba4b..35b04a0e 100644 --- a/test/test-data/nested-empty.yaml +++ b/test/test-data/nested-empty.yaml @@ -1,7 +1,7 @@ metadata: id: "empty-test-catalog" type: ControlCatalog - gemara-version: "1.0.0" + gemara-version: "1.1.0" description: "Minimal test catalog for edge case testing" author: id: test-author diff --git a/test/test-data/nested-good-ccc.yaml b/test/test-data/nested-good-ccc.yaml index b434a95e..f8c0d933 100644 --- a/test/test-data/nested-good-ccc.yaml +++ b/test/test-data/nested-good-ccc.yaml @@ -1,7 +1,7 @@ metadata: id: FINOS-CCC type: ControlCatalog - gemara-version: "1.0.0" + gemara-version: "1.1.0" description: | FINOS CCC is an open standard project that describes consistent controls for compliant public cloud deployments in the financial services sector. diff --git a/test/test-data/pvtr-baseline-scan.yaml b/test/test-data/pvtr-baseline-scan.yaml index efa62021..08459b55 100644 --- a/test/test-data/pvtr-baseline-scan.yaml +++ b/test/test-data/pvtr-baseline-scan.yaml @@ -1,7 +1,7 @@ metadata: id: PVTR-BASELINE-SCAN type: EvaluationLog - gemara-version: "1.0.0" + gemara-version: "1.1.0" version: 1.0.0 description: PVTR baseline scan evaluation results author: