OpenSCAP Scanner

OpenSCAP is a command line utility for working with the Security Content Automation Protocol (SCAP).

Object Representation (YAML)

id: String
name: String
type: String
depends: [String]
tags: [String]
condition: Boolean
each: Array
verbosity: String
ignore_errors: Boolean
properties:
  module: String
  credential: String
  username: String
  host: String
  port: Number
  operation: String
  profile: String
  results: String
  results_arf: String
  report: String
  resolve_output_file: String
  output: String
  syschar_path: String
  name: String
  match: String
  source: String
  target: String
  xccdf_results: String
  oval_results: String
  cvss_vector: String
  report_id: String
  cve_data: String
  cve: String
  submodule: String
  submodule_options: String
  args: String
  oval_definitions: String
  path: String

Fields

PropertyDetails
id *

String

A unique identifier for the step.

Can contain hyphens and underscores, but not spaces.

name *

String

A friendly name for the step. This name will appear in the pipeline designer and run output.

type *

String

The type of the step. Can be pipeline or a step module type.

depends[]

[String]

A list of dependencies of this step.

This step will not be executed until all steps with ids in this list are finished executing.

tags[]

[String]

Tags are used to group related steps. Steps with the same tag can be retrieved using the findStepsByTag() helper function.

Can contain hyphens and underscores, but not spaces.

condition

Boolean

An expression which is evaluated before the step executes. If it evaluates to false, the step will be skipped. The step.result.status field will be "Skipped".

each

Array

An array of elements to execute the step once for each of them.

verbosity

String

Step event verbosity. Determines how much information about step execution is sent back to the application.

ignore_errors

Boolean

If true, errors in the step module will not halt pipeline execution, and subsequent steps will still be executed. The step.result.status field will be "Failed" if the step encounters an error.

properties.module *

String

oscap module, such as xccdf or oval.

properties.credential

String

The ID of a SSH Key credential for authentication with the remote machine. Required only for eval and collect operations.

properties.username

String

Remote username. Required only for eval and collect operations.

properties.host

String

Remote host IP address. Required only for eval and collect operations.

properties.port

Number

Remote machine SSH port. Required only for eval and collect operations.

properties.operation

String

Module operation, such as eval or generate.

properties.profile

String

Particular profile from XCCDF document.

properties.results

String

File to which the OpenSCAP operation result will be written. Required with analyse operation.

properties.results_arf

String

File to which the OpenSCAP operation result will be written in Asset Reporting Format.

properties.report

String

File to which HTML report will be written.

properties.resolve_output_file

String

File to which the resolve operation result will be written.

properties.output

String

File to which the OpenSCAP operation output (guide/report/custom) will be written instead of standard output.

properties.syschar_path

String

File to which the OVAL system characteristic will be written.

properties.name

String

Check whether name is in correct CPE format.

properties.match

String

Find an exact match of CPE name in the dictionary.

properties.source

String

Source datastream or source XCCDF for sds-compose operation.

properties.target

String

Target datastream or target directory depending on selected oscap operation.

properties.xccdf_results

String

XCCDF results for result datastream.

properties.oval_results

String

OVAL results for result datastream.

properties.cvss_vector

String

Base CVSS vector.

properties.report_id

String

RDS report id.

properties.cve_data

String

CVE data feed.

properties.cve

String

CVE to find in data feed.

properties.submodule

String

Operation submodule. Used with generate operation.

properties.submodule_options

String

Submodule options. Used with generate operation.

properties.args

String

Extra command line arguments to pass to oscap.

properties.oval_definitions

String

OVAL definitions files.

properties.path

String

Path to oscap input file.

Result Fields

The following are the step execution result fields available at steps.<step id>.result after a step executes.

KeyDetails
result.status

String

A string indicating the step execution status. Can be Succeeded, Failed, or Skipped.