Compliance Trestle

4.0.2 verified Sat May 09 auth: no python

Compliance Trestle (v4.0.2) is a tool for managing and automating Python objects representing OSCAL (Open Security Controls Assessment Language) layers and models. It enables validation, transformation, and generation of OSCAL documents (SSP, SAP, SAR, etc.). Release cadence is approximately quarterly. Requires Python >= 3.10.

pip install compliance-trestle

Common errors

error ModuleNotFoundError: No module named 'compliance_trestle' ↓

cause Old import style used with trestle v4.x; the package was renamed.

fix

Use 'import trestle' instead of 'import compliance_trestle'. Update all imports.

error AttributeError: module 'trestle' has no attribute '...' ↓

cause The trestle top-level module does not expose most functionality; you need to import specific submodules like 'trestle.core' or 'trestle.common'.

fix

Check the correct import path in the docs. E.g., 'from trestle.common.const import ...'.

Warnings

breaking In v4.0.0, the Python package structure changed from 'compliance_trestle' (underscore) to 'trestle' (no prefix). Old imports like 'from compliance_trestle import ...' will break. ↓

fix Replace 'compliance_trestle' with 'trestle' in all imports. E.g., 'from trestle.common.file_utils import ...' instead of 'from compliance_trestle.common.file_utils import ...'.

breaking Python 3.8 and 3.9 support dropped in v4.0.0. Only Python >= 3.10 is supported. ↓

fix Upgrade Python to 3.10 or higher.

gotcha The trestle CLI is the primary interface. The Python API is not fully stable; many operations are only exposed via CLI subcommands (e.g., trestle init, trestle create, trestle split). ↓

fix Prefer using CLI commands via subprocess (subprocess.run(['trestle', 'init', ...])) or use the trestle CLI programmatically through 'trestle.cli.run'. See docs for CLI commands.

Imports

Trestle

wrong

from compliance_trestle import Trestle

correct

from trestle.core.trestle import Trestle

The package installs as 'trestle', not 'compliance-trestle'.

CatalogInterface
```
from trestle.oscal.catalog import CatalogInterface
```
OSCAL objects are in trestle.oscal subpackage.

Quickstart

Basic usage: initialize trestle and validate a catalog file. Note: Trestle is primarily CLI-driven; Python API is evolving.

from trestle.core.trestle import Trestle
from trestle.common import const
import os

# Initialize trestle workspace (if not already)
# Trestle workspace is usually initialized via CLI: trestle init
# For programmatic use, ensure environment variables or config are set.
# Example: validate a catalog file
catalog_path = 'catalog.json'
if os.path.exists(catalog_path):
    # Validate via CLI as programmatic validation is in development
    print('Catalog file exists. Use trestle validate -t catalog <file>')
else:
    print('Sample catalog not present. Run trestle init to start.')