OSIRIS JSON Producers
OSIRIS producers are read-only snapshot tools that connect to infrastructure platforms, collect topology and configuration data, and emit a standards-compliant OSIRIS JSON document. Each producer targets a specific vendor or cloud platform.
What producers do
A producer performs four steps:
-
Discovery
Connect to the target platform and enumerate all resources within scope.
-
Normalization
Map vendor-specific data models into OSIRIS JSON resource types, connections, and groups enriching other details if needed.
-
Redaction and safety guardrails
Strip secrets, credentials, and sensitive configuration values before emission.
-
Emission
Output a valid OSIRIS JSON document to stdout or a file, ready for validation.
Available producers
Producers are released incrementally. Cisco is the first available producer; others are planned and will follow.
router Network vendors
Cisco
APIC, NX-OS, IOS-XE
Arista
EOS
Nokia
SR Linux, EDA
HPE
Apstra
Juniper
Junos
cloud Hyperscalers
Install
Producers are distributed as Go binaries. You need Go 1.25+ installed.
Install everything (core dispatcher + all available vendor producers):
go install go.osirisjson.org/producers/cmd/...@latestOr install only what you need - the core dispatcher and a specific vendor producer:
go install go.osirisjson.org/producers/cmd/osirisjson-producer@latest
go install go.osirisjson.org/producers/cmd/osirisjson-producer-cisco@latestThe table below lists all installable packages:
| Package | Description | Status |
|---|---|---|
cmd/osirisjson-producer | Core CLI dispatcher - routes osirisjson-producer <vendor> ... to vendor binaries | available |
cmd/osirisjson-producer-cisco | Cisco producer (APIC, NX-OS, IOS-XE) | available |
The core dispatcher (osirisjson-producer) discovers vendor binaries on your PATH and routes the command to the right one. Without it, you must invoke the vendor binary directly with its full name (e.g. osirisjson-producer-cisco instead of osirisjson-producer cisco).
Make sure $GOPATH/bin (or $HOME/go/bin) is in your PATH.
Producer CLI shape
All producers share a dispatcher-style CLI:
osirisjson-producer <vendor> [subcommand] [flags]Output is always validated afterward through the OSIRIS JSON CLI for example:
osirisjson-producer <vendor> <subcommand> --host device.example.com > snapshot.json
npx @osirisjson/cli validate --profile strict snapshot.jsonTypical workflow
For solution architects and auditors, the recommended workflow is:
- Run the producer against your target platform with appropriate credentials.
- Validate the output using
@osirisjson/cliwith thestrictprofile. - Review the snapshot as an architecture artifact store it, compare it over time, attach it to audits.
# Generate snapshot
osirisjson-producer cisco apic -h apic.example.com -u admin > snapshot.json
# Validate
npx @osirisjson/cli validate --profile strict snapshot.json
# Compare with previous snapshot
diff <(jq -S . previous.json) <(jq -S . snapshot.json)Security
Producer source code is continuously analyzed by SonarCloud for vulnerabilities, code smells, and security hotspots. Every pull request must pass a quality gate that enforces an A security rating before it can be merged.
Additionally, producers include built-in safety guardrails:
- Secret redaction - the
--safe-failure-modeflag (default:fail-closed) prevents credentials and sensitive values from leaking into the JSON output. - Read-only access - producers never modify device configuration. All API calls and NETCONF RPCs are read-only operations.
- No persistent storage - producers do not cache credentials or store data beyond the emitted JSON file.
What to read next
- Browse the vendor-specific producer pages for details on installation, source systems, authentication, and output scope.
- Read the validation guide to understand how to verify producer output.
- See the IT infrastructure example and OT infrastructure example for a complete OSIRIS JSON document sample.