CMSgov · ejaronne · Dec 1, 2020
diff --git a/src/assets/data/resources.json b/src/assets/data/resources.json
@@ -1,31 +1,69 @@
 {
   "items": [
     {
-      "name" : "Quick Start Steps",
-      "desc" : "<h4 class=\"mb-2\">Step 1: What are you creating?</h4><p class=\"ml-4\">Which component types are being used to build your system? Consider types of Cloud Services, Virtualization Platforms, Operating Systems, Databases, Application Logic, and Web Servers.</p><h4 class=\"mb-2\"> Step 2: What can be hardened using CMS SAF?</h4><p class=\"ml-4\">See our <a href=\"https://saf.cms.gov/#/implementation\"> CMS SAF Implementation/Hardening page</a> for scripts to automatically harden the system components you identified in Step 1 every time you build or fix them.</p><h4 class=\"mb-2\">Step 3: What can be validated using CMS SAF?</h4><p class=\"ml-4\">See our <a href=\"https://saf.cms.gov/#/validation\" target=\"_blank\">CMS SAF Validation page</a> for scripts to automatically validate the security of your system components identified in Step 1 every time you build or fix them.</p><h4 class=\"mb-2\">Step 4: Decide how to integrate the hardening and validation runners into your specific workflow.</h4><p class=\"ml-4\">Depending on how you develop and operate your system, be it traditional administrative servers or DevOps orchestration pipelines, you can decide where it makes the most sense to stage the hardening (Kitchen, Ansible, Terraform, Puppet, etc) and validation (InSpec) runners for the scripts identified in Steps 2 and 3 (See graphic below on the many ways InSpec can be installed).<p><h4 class=\"mb-2\">Step 5: What Static and Dynamic Code Analysis Tools are you using?</h4><p class=\"ml-4\">See our <a href=\"https://saf.cms.gov/#/faq#tools\" target=\"_blank\">Heimdall_tools page</a> to find code to convert the output from common Static and Dynamic Code Analysis Tools into the CMS ISPG standard Heimdall Data Format (HDF). HDF security validation data can be visualized for analysis using Heimdall Lite or Heimdall Server (more on those in Step 6!).</p><h4 class=\"mb-2\">Step 6: Visualize and start fixing!</h4><p class=\"ml-4\">Use <a href=\"https://heimdall-lite.mitre.org/\" target=\"_blank\">Heimdall Lite</a> or your own <a href=\"https://heimdall.mitre.org/\" target=\"_blank\">Heimdall Server</a> to visualize and identify remediation steps in the output from InSpec (Step 3 Validation) and Heimdall_tools (Step 5). <a href=\"https://heimdall-lite.mitre.org/\" target=\"_blank\">Heimdall Lite</a> is a single-page browser-based solution, while <a href=\"https://heimdall.mitre.org/\" target=\"_blank\">Heimdall Server</a> provides your team with its own back-end database for storing security validation data and more! Both allow the user to ingest security validation data via a GUI, the API, Splunk, or S3!</p><h4 class=\"mb-2\">Step 7: Give us feedback!</h4><p class=\"ml-4\">If you don’t see a hardening script, validation script, or security tool converter you need here, click on the \"Give Us Feedback\" button in the header above and let us know your interest!</p><p class=\"ml-4\">Want more context? The steps above embrace the best practices cited below. We also provide more perspective below on InSpec, the core CMS SAF tool for automated security configuration validation.</p>"
+      "name": "Tutorials",
+      "desc": "See below for video examples of installing and running SAF tools.",
+      "videos": {
+        "goals": [
+          {
+            "name": "Validate",
+            "install_links": [{ "name": "InSpec", "link": "https://saf.cms.gov" }],
+            "run_links": [
+              { "name": "InSpec scan against remote operating systems", "link": "https://saf.cms.gov" },
+              { "name": "InSpec scan against AWS resources", "link": "https://saf.cms.gov" },
+              { "name": "InSpec scan against remote databases (conventional and AWS-based)", "link": "https://saf.cms.gov" },
+              { "name": "InSpec scan against remote application services", "link": "https://saf.cms.gov" },
+              { "name": "InSpec scan against remote web servers", "link": "https://saf.cms.gov" },
+              { "name": "InSpec scan of docker instances", "link": "https://saf.cms.gov" }
+            ]
+          },
+          {
+            "name": "Normalize",
+            "install_links": [{ "name": "Heimdall_Tools", "link": "https://heimdall-tools.mitre.org" }],
+            "run_links": [
+              { "name": "Converting Sonarqube to view in Heimdall Server", "link": "https://saf.cms.gov" },
+              { "name": "Converting Burp Suite to view in Heimdall Server", "link": "https://saf.cms.gov" }
+            ]
+          },
+          {
+            "name": "Visualize",
+            "install_links": [{ "name": "Heimdall Server", "link": "https://heimdall.mitre.org" }],
+            "run_links": [
+              { "name": "Load via GUI", "link": "https://saf.cms.gov" },
+              { "name": "Load via S3", "link": "https://saf.cms.gov" },
+              { "name": "Load via Splunk", "link": "https://saf.cms.gov" },
+              { "name": "Load via API", "link": "https://saf.cms.gov" }
+            ]
+          }
+        ]
+      }
+    },
+    {
+      "name": "Planning Guide",
+      "desc": "<h4 class=\"mb-2\">Step 1: What are you creating?</h4><p class=\"ml-4\">Which component types are being used to build your system? Consider types of Cloud Services, Virtualization Platforms, Operating Systems, Databases, Application Logic, and Web Servers.</p><h4 class=\"mb-2\"> Step 2: What can be hardened using CMS SAF?</h4><p class=\"ml-4\">See our <a href=\"https://saf.cms.gov/#/implementation\"> CMS SAF Implementation/Hardening page</a> for scripts to automatically harden the system components you identified in Step 1 every time you build or fix them.</p><h4 class=\"mb-2\">Step 3: What can be validated using CMS SAF?</h4><p class=\"ml-4\">See our <a href=\"https://saf.cms.gov/#/validation\" target=\"_blank\">CMS SAF Validation page</a> for scripts to automatically validate the security of your system components identified in Step 1 every time you build or fix them.</p><h4 class=\"mb-2\">Step 4: Decide how to integrate the hardening and validation runners into your specific workflow.</h4><p class=\"ml-4\">Depending on how you develop and operate your system, be it traditional administrative servers or DevOps orchestration pipelines, you can decide where it makes the most sense to stage the hardening (Kitchen, Ansible, Terraform, Puppet, etc) and validation (InSpec) runners for the scripts identified in Steps 2 and 3 (See graphic below on the many ways InSpec can be installed).<p><h4 class=\"mb-2\">Step 5: What Static and Dynamic Code Analysis Tools are you using?</h4><p class=\"ml-4\">See our <a href=\"https://saf.cms.gov/#/faq#tools\" target=\"_blank\">Heimdall_tools page</a> to find code to convert the output from common Static and Dynamic Code Analysis Tools into the CMS ISPG standard Heimdall Data Format (HDF). HDF security validation data can be visualized for analysis using Heimdall Lite or Heimdall Server (more on those in Step 6!).</p><h4 class=\"mb-2\">Step 6: Visualize and start fixing!</h4><p class=\"ml-4\">Use <a href=\"https://heimdall-lite.mitre.org/\" target=\"_blank\">Heimdall Lite</a> or your own <a href=\"https://heimdall.mitre.org/\" target=\"_blank\">Heimdall Server</a> to visualize and identify remediation steps in the output from InSpec (Step 3 Validation) and Heimdall_tools (Step 5). <a href=\"https://heimdall-lite.mitre.org/\" target=\"_blank\">Heimdall Lite</a> is a single-page browser-based solution, while <a href=\"https://heimdall.mitre.org/\" target=\"_blank\">Heimdall Server</a> provides your team with its own back-end database for storing security validation data and more! Both allow the user to ingest security validation data via a GUI, the API, Splunk, or S3!</p><h4 class=\"mb-2\">Step 7: Give us feedback!</h4><p class=\"ml-4\">If you don’t see a hardening script, validation script, or security tool converter you need here, click on the \"Give Us Feedback\" button in the header above and let us know your interest!</p><p class=\"ml-4\">Want more context? The steps above embrace the best practices cited below. We also provide more perspective below on InSpec, the core CMS SAF tool for automated security configuration validation.</p>"
     },
     {
       "name": "Mature DevSecOps Best Practices",
       "desc": "DevSecOps is a software development framework that stresses automation and rapid user feedback to deliver quality, secure software quickly. A DevSecOps pipline is a collection of tools and practices that can automate as much of development as possible, from testing to change management to deployment.",
-      "values" : [
+      "values": [
         {
-          "name" : "DevSecOps Checklist",
-          "desc" : "",
-          "download_link" : "DevSecOps-Checklist-07022020.pdf"
+          "name": "DevSecOps Checklist",
+          "desc": "",
+          "download_link": "DevSecOps-Checklist-07022020.pdf"
         },
         {
-          "name" : "DevSecOps Best Practices Guide",
-          "desc" : "",
-          "download_link" : "DRAFT-DevSecOps_Best_Practices_Guide_20190516.pdf"
+          "name": "DevSecOps Best Practices Guide",
+          "desc": "",
+          "download_link": "DRAFT-DevSecOps_Best_Practices_Guide_20190516.pdf"
         },
         {
-          "name" : "InSpec Profile Lifecycle SOP",
-          "desc" : "",
-          "download_link" : "CMS_InSpec_Profile_Lifecycle_SOP_v1.0_20190702.pdf"
+          "name": "InSpec Profile Lifecycle SOP",
+          "desc": "",
+          "download_link": "CMS_InSpec_Profile_Lifecycle_SOP_v1.0_20190702.pdf"
         }
       ]
     },
-    
+
     {
       "name": "InSpec",
       "desc": "InSpec is a free and open-source Chef framework for testing and auditing applications and infrastructure. InSpec is designed to integrate very easily into existing DevSecOps pipelines. CMS has partnered with the open-source community to create a growing number of baseline testing profiles to make it easy for developers to jump right in.",

diff --git a/src/components/gettingstarted/gsInfo.vue b/src/components/gettingstarted/gsInfo.vue
@@ -2,24 +2,123 @@
   <v-container fluid>
     <template v-for="(item, index) in resources.items">
       <div :key="index" class="ms-2">
-        <p class=" mb-2 wrap-list-text">
-          <b>{{item.name}}</b>
+        <p class="mb-2 wrap-list-text">
+          <b>{{ item.name }}</b>
         </p>
         <span v-html="item.desc" />
-        <p flat dense class="ma-2 " v-for="entry in item.values" :key="entry.name">
+        <p
+          flat
+          dense
+          class="ma-2"
+          v-for="entry in item.values"
+          :key="entry.name"
+        >
           <span>
-            <a v-if="entry.link" :href="entry.link" target="_blank">{{entry.name}}</a>
+            <a v-if="entry.link" :href="entry.link" target="_blank">{{
+              entry.name
+            }}</a>
             <a
               v-if="entry.download_link"
               :href="entry.download_link"
               target="_blank"
               download
-            >{{entry.name}}</a>
+              >{{ entry.name }}</a
+            >
             <!-- <span v-show="entry.desc"> -- {{entry.desc}}</span> -->
           </span>
-
         </p>
-        <v-img v-if="item.image" :src="require('@/assets/img/tools/' + item.image)" />
+        <v-img
+          v-if="item.image"
+          :src="require('@/assets/img/tools/' + item.image)"
+        />
+        <v-template v-if="item.videos">
+          <v-row>
+            <v-col cols="2"></v-col>
+            <v-col
+              cols="3"
+              v-for="(goal, index) in item.videos.goals"
+              :key="index"
+              ><p class="table-row-col ma-0">{{ goal.name }}</p></v-col
+            >
+          </v-row>
+          <v-divider class="ma-2" />
+          <v-row>
+            <v-col cols="2" ><p class="table-row-col ma-0">Install</p></v-col>
+            <v-col
+              cols="3"
+              v-for="goal in item.videos.goals"
+              :key="goal"
+              class="pa-0"
+            >
+              <v-row justify="center">
+                <v-col
+                  cols="9"
+                  class="ma-0 pa-0"
+                  alignSelf="center"
+                  justify="center"
+                >
+                  <v-card
+                    v-for="(link, index) in goal.install_links"
+                    :key="index"
+                    :href="link.link"
+                    target="_blank"
+                    class="ma-2"
+                    ><v-card-text>{{ link.name }}</v-card-text></v-card
+                  >
+                </v-col>
+              </v-row>
+            </v-col>
+          </v-row>
+          <v-divider class="ma-2" />
+          <v-row>
+            <v-col cols="2"><p class="table-row-col ma-0">Run</p></v-col>
+            <v-col
+              cols="3"
+              v-for="goal in item.videos.goals"
+              :key="goal"
+              class="pa-0"
+            >
+              <v-row justify="center">
+                <v-col cols="9" class="ma-0 pa-0">
+                  <v-card
+                    v-for="(link, index) in goal.run_links"
+                    :key="index"
+                    :href="link.link"
+                    target="_blank"
+                    class="ma-2"
+                    ><v-card-text>{{ link.name }}</v-card-text></v-card
+                  >
+                </v-col>
+              </v-row>
+            </v-col>
+          </v-row>
+        </v-template>
+        <!-- <v-simple-table dark v-if="item.videos">
+          <template v-slot:default class="ma-2">
+            <thead>
+              <tr />
+              <tr>
+                <th
+                  v-for="goal in item.videos.goals"
+                  :key="goal"
+                  class="text-left"
+                >
+                  {{ goal.name }}
+                </th>
+              </tr>
+            </thead>
+            <tbody>
+              <tr v-for="goal in item.videos.goals" :key="goal">
+                <td>Install</td>
+                <td v-if="goal.labels">
+                  {{ goal.install_links }}
+                </td>
+                <td>Run</td>
+                <td>{{ goal.run_links }}</td>
+              </tr>
+            </tbody>
+          </template>
+        </v-simple-table> -->
       </div>
     </template>
   </v-container>
@@ -41,8 +140,8 @@ export default {
     dialogData: {
       name: "",
       date: "",
-      link: ""
-    }
+      link: "",
+    },
   }),
   computed: {
     color_mode() {
@@ -55,16 +154,16 @@ export default {
       } else {
         return "";
       }
-    }
+    },
   },
   methods: {
     make_linkable(str) {
       return str.replace(/\s+/g, "-").toLowerCase();
     },
     passItemData(item) {
       this.dialogData = item;
-    }
-  }
+    },
+  },
 };
 </script>
 
@@ -76,7 +175,15 @@ export default {
   word-wrap: break-word;
   word-break: normal;
   hyphens: none;
-  font-size:150%;
+  font-size: 150%;
   color: #1a73e8;
+}
+.table-row-col {
+  font-size: 125%;
+  color: #1a73e8;
+  text-align: center;
+}
+.link-card {
+
 }
 </style>