On 05/18/2016 03:56 PM, Fen Labalme wrote: > Hard to believe it's been a year. I was drawn off to other things but > I'm back and I still want waivers ;) > > Ideally, I'd like to have a yaml file (easy for an AO to read) that > contains waivers (rule IDs and explanations) and an additional column on > the results.html so there would be: > > | Group | Severity | Baseline | Result | > > ...where Baseline would be the (ultimately NIST certified) Baseline, and > Result would be (ideally) all Green after application of the waivers. > > Has any additional work or thought gone into this? There are a lot of > good ideas in this thread (Scaptimony, Ruby wrapper, OpenSCAP tailoring > files, ...) -- is anything mature enough that I can use on my RHEL7 > instances now? >
You can create waivers like this https://github.com/OpenSCAP/ruby-openscap/blob/master/test/integration/arf_waiver_test.rb#L26 you just need to write a script that reads your yaml and calls these functions as the upper mentioned test does. Best, ~š. > Thanks, > =Fen > > > On Thu, Apr 9, 2015 at 1:25 PM, Shawn Wells <sh...@redhat.com > <mailto:sh...@redhat.com>> wrote: > > > > On 4/9/15 5:52 AM, Greg Elin wrote: > > You may have convinced me Simon that writings preserve the > discussion better. > > That said, I would like to discuss that I think some live demos > and q&a's preserved on video would speed adoption and understanding. > > There's been some talk of doing a 1-2x/month community call where we > share things like: > > - Show & Tell of latest code sprints (e.g. what's the latest from > SCAPtimony and Workbench?) > - Blockers on any pending SSG content (new profiles being written, > requests for help) > - General discussions (requests for recorded videos, whitepapers, > upcoming conferences) > > Does such a thing make sense? It's easy to host if there's interest. > > > _______________________________________________ > Open-scap-list mailing list > Open-scap-list@redhat.com <mailto:Open-scap-list@redhat.com> > https://www.redhat.com/mailman/listinfo/open-scap-list > > > > > -- > Fen Labalme, CISO at CivicActions.com > Security | Quality | DevOps > mobile: 412-996-4113 > github/skype/twitter: openprivacy > > > _______________________________________________ > Open-scap-list mailing list > Open-scap-list@redhat.com > https://www.redhat.com/mailman/listinfo/open-scap-list > ~š. _______________________________________________ Open-scap-list mailing list Open-scap-list@redhat.com https://www.redhat.com/mailman/listinfo/open-scap-list
