{"id":27663,"library":"compliance-trestle","title":"Compliance Trestle","description":"Compliance Trestle (v4.0.2) is a tool for managing and automating Python objects representing OSCAL (Open Security Controls Assessment Language) layers and models. It enables validation, transformation, and generation of OSCAL documents (SSP, SAP, SAR, etc.). Release cadence is approximately quarterly. Requires Python >= 3.10.","status":"active","version":"4.0.2","language":"python","source_language":"en","source_url":"https://github.com/IBM/compliance-trestle","tags":["oscal","security","compliance","automation"],"install":[{"cmd":"pip install compliance-trestle","lang":"bash","label":"Install from PyPI"}],"dependencies":[],"imports":[{"note":"The package installs as 'trestle', not 'compliance-trestle'.","wrong":"from compliance_trestle import Trestle","symbol":"Trestle","correct":"from trestle.core.trestle import Trestle"},{"note":"OSCAL objects are in trestle.oscal subpackage.","wrong":null,"symbol":"CatalogInterface","correct":"from trestle.oscal.catalog import CatalogInterface"}],"quickstart":{"code":"from trestle.core.trestle import Trestle\nfrom trestle.common import const\nimport os\n\n# Initialize trestle workspace (if not already)\n# Trestle workspace is usually initialized via CLI: trestle init\n# For programmatic use, ensure environment variables or config are set.\n# Example: validate a catalog file\ncatalog_path = 'catalog.json'\nif os.path.exists(catalog_path):\n    # Validate via CLI as programmatic validation is in development\n    print('Catalog file exists. Use trestle validate -t catalog <file>')\nelse:\n    print('Sample catalog not present. Run trestle init to start.')","lang":"python","description":"Basic usage: initialize trestle and validate a catalog file. Note: Trestle is primarily CLI-driven; Python API is evolving."},"warnings":[{"fix":"Replace 'compliance_trestle' with 'trestle' in all imports. E.g., 'from trestle.common.file_utils import ...' instead of 'from compliance_trestle.common.file_utils import ...'.","message":"In v4.0.0, the Python package structure changed from 'compliance_trestle' (underscore) to 'trestle' (no prefix). Old imports like 'from compliance_trestle import ...' will break.","severity":"breaking","affected_versions":"3.x -> 4.0.0+"},{"fix":"Upgrade Python to 3.10 or higher.","message":"Python 3.8 and 3.9 support dropped in v4.0.0. Only Python >= 3.10 is supported.","severity":"breaking","affected_versions":"4.0.0+"},{"fix":"Prefer using CLI commands via subprocess (subprocess.run(['trestle', 'init', ...])) or use the trestle CLI programmatically through 'trestle.cli.run'. See docs for CLI commands.","message":"The trestle CLI is the primary interface. The Python API is not fully stable; many operations are only exposed via CLI subcommands (e.g., trestle init, trestle create, trestle split).","severity":"gotcha","affected_versions":"all"}],"env_vars":null,"last_verified":"2026-05-09T00:00:00.000Z","next_check":"2026-08-07T00:00:00.000Z","problems":[{"fix":"Use 'import trestle' instead of 'import compliance_trestle'. Update all imports.","cause":"Old import style used with trestle v4.x; the package was renamed.","error":"ModuleNotFoundError: No module named 'compliance_trestle'"},{"fix":"Check the correct import path in the docs. E.g., 'from trestle.common.const import ...'.","cause":"The trestle top-level module does not expose most functionality; you need to import specific submodules like 'trestle.core' or 'trestle.common'.","error":"AttributeError: module 'trestle' has no attribute '...'"}],"ecosystem":"pypi","meta_description":null,"install_score":null,"install_tag":null,"quickstart_score":null,"quickstart_tag":null}