OpenSCAP Scanner

OpenSCAP is a command line utility for working with the Security Content Automation Protocol (SCAP).

Object Representation (YAML)

id: String
name: String
depends: [String]
tags: [String]
condition: String
ignore_errors: Boolean
properties:
  module: String
  operation: String
  credential: Credential
  username: String
  host: String
  port: Number
  profile: String
  results: String
  results_arf: String
  report: String
  resolve_output_file: String
  oval_definitions: String
  syschar_path: String
  name: String
  match: String
  source: String
  target: String
  xccdf_results: String
  oval_results: String
  cvss_vector: String
  report_id: String
  cve_data: String
  cve: String
  submodule: String
  submodule_options: String
  args: String
  path: String

Fields

PropertyDetails
id *

String

A unique identifier for the step.

Can contain hyphens and underscores, but not spaces.

name *

String

A friendly name for the step. This name will appear in the pipeline designer and run output.

depends[]

[String]

A list of dependencies of this step.

This step will not be executed until all steps with ids in this list are finished executing.

tags[]

[String]

Tags are used to group related steps. Steps with the same tag can be retrieved using the findStepsByTag() helper function.

Can contain hyphens and underscores, but not spaces.

condition

String

An expression which is evaluated before the step executes. If it evaluates to false, the step will be skipped. The step.result.status field will be "Skipped".

ignore_errors

Boolean

If true, errors in the step module will not halt pipeline execution, and subsequent steps will still be executed. The step.result.status field will be "Failed" if the step encounters an error.

properties.module *

String

oscap module, such as xccdf or oval.

properties.operation *

String

Module operation, such as eval or generate.

properties.credential *

Credential

The ID of a SSH Key credential for authentication with the remote machine. Required only for eval and collect operations.

properties.username *

String

Remote username. Required only for eval and collect operations.

properties.host *

String

Remote host IP address. Required only for eval and collect operations.

properties.port *

Number

Remote machine SSH port. Required only for eval and collect operations.

properties.profile

String

Particular profile from XCCDF document.

properties.results

String

File to which the OpenSCAP operation result will be written. Required with analyse operation.

properties.results_arf

String

File to which the OpenSCAP operation result will be written in Asset Reporting Format.

properties.report

String

File to which HTML report will be written.

properties.resolve_output_file *

String

File to which the resolve operation result will be written.

properties.oval_definitions

String

OVAL definitions files.

properties.syschar_path *

String

File to which the OVAL system characteristic will be written.

properties.name *

String

Check whether name is in correct CPE format.

properties.match

String

Find an exact match of CPE name in the dictionary.

properties.source *

String

Source datastream or source XCCDF for sds-compose operation.

properties.target *

String

Target datastream or target directory depending on selected oscap operation.

properties.xccdf_results *

String

XCCDF results for result datastream.

properties.oval_results *

String

OVAL results for result datastream.

properties.cvss_vector *

String

Base CVSS vector.

properties.report_id

String

RDS report id.

properties.cve_data *

String

CVE data feed.

properties.cve *

String

CVE to find in data feed.

properties.submodule

String

Operation submodule. Used with generate operation.

properties.submodule_options

String

Submodule options. Used with generate operation.

properties.args

String

Extra command line arguments to pass to oscap.

properties.path *

String

Path to oscap input file.

Result Fields

The following are the step execution result fields available at step.result after a step executes.

KeyDetails
result.status

String

A string indicating the step execution status. Can be Succeeded, Failed, or Skipped.