feat(libs): framework II-901

[StephDu66]

Summary by CodeRabbit

• New Features
  • Added a comprehensive security verification checklist based on the French II-901/SGDSN/ANSSI instruction, covering requirements for systems handling sensitive and classified information.
  • Checklist includes detailed controls for information classification, system isolation, encryption, access control, network security, and incident reporting.

[coderabbitai]

Walkthrough

A new YAML file has been introduced that defines a security verification checklist based on the French interministerial instruction II-901/SGDSN/ANSSI. The file includes metadata, references, and a hierarchical structure of security requirements for information systems handling sensitive or restricted information. Each requirement is uniquely identified and categorized, covering a broad range of organizational and technical security controls. The checklist is structured for use in compliance assessments and risk management.

Changes

File(s)	Change Summary
backend/ii-901.yaml	Added a new YAML file defining the II-901/SGDSN/ANSSI security framework with metadata, scoring system, and detailed hierarchical requirement nodes covering organizational and technical security controls.
backend/library/libraries/ii-901.yaml	Added a new YAML file containing the II-901/SGDSN/ANSSI security verification framework and detailed requirement nodes.

Sequence Diagram(s)

sequenceDiagram
    participant User
    participant ChecklistFramework
    participant RequirementNode

    User->>ChecklistFramework: Load II-901 YAML
    ChecklistFramework->>RequirementNode: Parse and organize requirements
    User->>ChecklistFramework: Query requirements for assessment
    ChecklistFramework->>User: Return structured checklist and requirements

Loading

Possibly related PRs

• feat(lib): add ANSSI standard: recommandations-relatives-ladministration-securisee-des-si #1802: Adds an ANSSI guideline YAML framework focused on secure administration of information systems, related by ANSSI context but covering different control scopes than the II-901 framework.

Poem

A checklist arrives, neat and precise,
With rules for security—orderly and nice.
From France it has traveled, in YAML it stays,
Guiding safe systems through technical maze.
Each node a safeguard, each line a shield—
II-901’s wisdom, in structure revealed!
🐇🔐

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (2)

backend/library/libraries/ii-901.yaml (2)

20-30: Use block scalars for long multi-line text
The name and description fields rely on escape sequences (\u0153, \xB0) and backslash line continuations, which reduce readability and make maintenance error-prone. Consider switching to YAML block literals (|) to express multi-line French text clearly:

name: |
  II n°901/SGDSN/ANSSI Mise en œuvre d'un SI sensible ou DR - Liste de
  vérifications
description: |
  L’instruction interministérielle no 901/SGDSN/ANSSI (II 901) du 28 janvier 2015
  définit les exigences organisationnelles et techniques applicables aux
  systèmes d’information amenés à traiter des informations sensibles...

---

31-453: Review the flat list of requirement nodes for modularity
All requirement_nodes are currently depth 1; verify this aligns with the intended hierarchical model. As the list is very large, consider splitting into thematic sections or separate YAML files (e.g., organizational.yml, technical.yml) or grouping by category to enhance maintainability and ease of navigation.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 24883b3 and d3ffdb0.

⛔ Files ignored due to path filters (1)

• tools/II-901.xlsx is excluded by !**/*.xlsx

📒 Files selected for processing (1)

• backend/library/libraries/ii-901.yaml (1 hunks)

🧰 Additional context used

🪛 YAMLlint (1.35.1)

backend/library/libraries/ii-901.yaml

[error] 1-1: wrong new line character: expected \n

(new-lines)

⏰ Context from checks skipped due to timeout of 90000ms (7)

• GitHub Check: startup-docker-compose-test
• GitHub Check: functional-tests (3.12, chromium)
• GitHub Check: enterprise-startup-docker-compose-test
• GitHub Check: enterprise-startup-functional-test (3.12)
• GitHub Check: enterprise-functional-tests (3.12, chromium)
• GitHub Check: test (3.12)
• GitHub Check: build (3.12)

[coderabbitai]

⚠️ Potential issue

Normalize line endings to Unix style
The static analysis report indicates wrong new line character: expected \n. This file appears to use Windows-style CRLF endings, which can break YAML parsers in CI. Please convert to LF-only line endings.

You can run:

dos2unix backend/library/libraries/ii-901.yaml

or apply this diff:

- \r\n
+ \n

🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 1-1: wrong new line character: expected \n

(new-lines)

[coderabbitai]

Actionable comments posted: 3

🧹 Nitpick comments (2)

backend/ii-901.yaml (2)

4-5: Use a block scalar for the multi-line name.
The name field currently uses escaped line breaks within a quoted string. For better readability and maintainability, switch to a YAML block scalar (| or >):

name: |
  II n°901/SGDSN/ANSSI Mise en œuvre d'un SI sensible ou DR - Liste de vérifications

---

6-14: Simplify description with a block scalar.
The description uses embedded \n and escape sequences across lines. Converting it to a block scalar makes the content clearer:

description: |
  L’instruction interministérielle n°901/SGDSN/ANSSI (II 901) du 28 janvier 2015 définit les exigences...
  (continuer le texte ici sans les séquences d'échappement)

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between d3ffdb0 and b8a649f.

⛔ Files ignored due to path filters (2)

• backend/library/libraries/II-901.xlsx is excluded by !**/*.xlsx
• tools/II-901.xlsx is excluded by !**/*.xlsx

📒 Files selected for processing (1)

• backend/ii-901.yaml (1 hunks)

🧰 Additional context used

🪛 YAMLlint (1.35.1)

backend/ii-901.yaml

[error] 1-1: wrong new line character: expected \n

(new-lines)

⏰ Context from checks skipped due to timeout of 90000ms (3)

• GitHub Check: functional-tests (3.12, chromium)
• GitHub Check: enterprise-functional-tests (3.12, chromium)
• GitHub Check: test (3.12)

[coderabbitai]

⚠️ Potential issue

Align all requirement_nodes URNs with II-901.
Every requirement_nodes entry uses the prefix req_node:igi-901. To maintain consistency, update them to req_node:ii-901 throughout:

#!/bin/bash
# Convert all req_node URNs from igi-901 to ii-901
sed -i 's/req_node:igi-901/req_node:ii-901/g' backend/ii-901.yaml

[coderabbitai]

⚠️ Potential issue

Fix newline character encoding.
YAMLlint reports an invalid newline character; ensure the file uses Unix-style LF (\n) line endings instead of CRLF to pass the linter.

🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 1-1: wrong new line character: expected \n

(new-lines)

[coderabbitai]

⚠️ Potential issue

Correct framework URN and description.
The objects.framework.urn and its following description reference igi-901 and IGI 1300, which appears to be copy-pasted. They must point to the II-901 framework:

-    urn: urn:intuitem:risk:framework:igi-901
+    urn: urn:intuitem:risk:framework:ii-901

Also update the prose to remove IGI 1300 references and align with the II-901 instruction.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	urn: urn:intuitem:risk:framework:igi-901
	ref_id: II-901
	name: "II n\xB0901/SGDSN/ANSSI"
	description: "Ce document reprend les exigences d\xE9finies dans l\u2019instruction\
	\ g\xE9n\xE9rale interminist\xE9rielle n\xB0 1300/SGDSN/PSE/PSD (IGI 1300) publi\xE9\
	e par l\u2019arr\xEAt\xE9 du 9 ao\xFBt 2021 portant approbation de l\u2019instruction\
	\ g\xE9n\xE9rale interminist\xE9rielle n\xB0 1300 sur la protection du secret\
	\ de la d\xE9fense nationale\n\nLe lien du document :\nhttps://cyber.gouv.fr/sites/default/files/2021/09/anssi-guide-recommandations_architectures_systemes_information_sensibles_ou_diffusion_restreinte-liste_verifications-v1.0-1.xlsx"
	urn: urn:intuitem:risk:framework:ii-901
	ref_id: II-901
	name: "II n\xB0901/SGDSN/ANSSI"
	description: "Ce document reprend les exigences d\xE9finies dans l\u2019instruction\
	\ g\xE9n\xE9rale interminist\xE9rielle n\xB0 1300/SGDSN/PSE/PSD (IGI 1300) publi\xE9\
	e par l\u2019arr\xEAt\xE9 du 9 ao\xFBt 2021 portant approbation de l\u2019instruction\
	\ g\xE9n\xE9rale interminist\xE9rielle n\xB0 1300 sur la protection du secret\
	\ de la d\xE9fense nationale\n\nLe lien du document :\nhttps://cyber.gouv.fr/sites/default/files/2021/09/anssi-guide-recommandations_architectures_systemes_information_sensibles_ou_diffusion_restreinte-liste_verifications-v1.0-1.xlsx"

[ab-smith]

merci de nouveau @StephDu66 :

• pas besoin du fichier yaml dans le dossier backend, le mettre dans les libs suffit
• pas besoin du yaml à côté de l'excel