Hello everyone, I am new to scap project. I played with OVAL long time ago. I remember OVAL was able to output a list of CVEs with true or false status indicating if there is a vulnerability or not within the target system. However, while I am playing with scap, I can not see such list in the report.html. Instead, I can only see succeed or failed tests against certain properties. And only vectors like CCE, CWE are mentioned in the outcome report. Is there any option I can use to create a CVE only report?
Thanks a lot! -- Su Zhang
-- SCAP Security Guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide https://github.com/OpenSCAP/scap-security-guide/
