Competency and Skills Service -- Competency Management
Mainline: 1.6.13
High level documentation
Developer documentation
This document is intended to act as a technical guide to the installation of CaSS.
This installation of CaSS will provide several components that operate to provide a working system. It is composed of:
- The CaSS Repository, a Node JS application.
- The CaSS Library, a Javascript library that provides an interoperability layer between web applications and the CaSS Repository.
- CaSS Embeddable Apps, a set of iframeable applications for branded web applications.
- CaSS Adapters, which provide particular functionality, typically standards based (xAPI, CTDL-ASN, etc).
Docker images for standalone instances (based on Elasticsearch's container) and distributed/scalable instances (based on Node, Alpine Linux, and Distroless) can be found at:
https://hub.docker.com/r/cassproject/cass
https://github.com/cassproject/cass-npm
https://www.npmjs.com/package/cassproject
wget https://raw.githubusercontent.com/cassproject/CaSS/master/scripts/cassInstall.sh
chmod +x cassInstall.sh
sudo ./cassInstall.sh
During the installation, you will be asked to select a version to install. Versions are listed at the top of this document.
To support open linked data, it is important that the objects created in CaSS have public, reliable URLs. For this:
- Assign this server a domain name.
- Enable HTTPS.
- (Optional) Use a reverse proxy to control the endpoint closely.
After cloning this repository (ensure you use git clone with --recurse-submodules!), you can run CaSS locally.
Dependencies: Docker (will pull and run elasticsearch on port 9200)
git clone --recurse-submodules -b <branch> https://github.com/cassproject/CASS- Get the code.npm i- Install dependencies.npm run dev- Starts server, restarts server on-save.
npm test- Runs server, cass-npm and cass unit tests, runs them again on-save. Don't run with dev.
Will be deposited in /docs
npm run docs
Use containerized builds, see compose files in the root for examples.
Due to the performance improvements in the 1.5 version of CaSS, we highly recommend using Elasticsearch 9 with it as it's better configured to handle the load than previous versions.
The CaSS release process is automated via GitHub Actions. For detailed instructions on how to trigger a release, see RELEASE.md.
FIPS is supported both client-side and server-side in CaSS. Here is the relevant compatibility table.
Sources: https://openssl-library.org/post/2025-03-11-fips-140-3/
| --> Server --> | < 1.5.35 | >= 1.5.35 with OpenSSL 3.1.2 and --force-fips |
>= 1.5.35 with OpenSSL 3.1.2 and --force-fips and env REJECT_SHA1=true |
|---|---|---|---|
| Client/Library | |||
| < 1.5.35 | SHA-1 (no FIPS) | SHA-1 (Verify only) | Incompatible |
| < 1.5.35 and OpenSSL 3.0.8 and env FIPS=true |
SHA-1 (partial FIPS) | SHA-1 (Verify only) | Incompatible |
| >= 1.5.35 | SHA-1 (no FIPS) | SHA-1 (Verify only*), SHA-256 (FIPS) | SHA-256 (FIPS) |
| >= 1.5.35 and env FIPS=true |
SHA-1 (partial FIPS) | SHA-1 (Verify only*), SHA-256 (FIPS) | SHA-256 (FIPS) |
| >= 1.5.35 and --force-fips |
Incompatible | SHA-256 (FIPS) | SHA-256 (FIPS) |
To get FIPS, it is recommended to use the docker container builds.
Partial FIPS means that we are still violating FIPS by using SHA-1 hashing. All other cryptographic operations are using the FIPS module.
Verify only uses the exception that permits SHA-1 verification but not generation.
Verify only* may fall back to SHA-1 verification if SHA-256 negotiation failed, but typically will not use SHA-1.